def test_hit_no_log(emitter, responses):
"""Simple request but avoiding log."""
# set the Registry with an initial token
ocireg = OCIRegistry("https://fakereg.com", "test-image")
ocireg.auth_token = "some auth token"
# fake a 200 response
responses.add(responses.PUT, "https://fakereg.com/api/stuff")
# try it
ocireg._hit("PUT", "https://fakereg.com/api/stuff", log=False)
# nothing shown!
emitter.assert_interactions(None)
def test_hit_no_log(caplog, responses):
"""Simple request but avoiding log."""
caplog.set_level(logging.DEBUG, logger="charmcraft")
# set the Registry with an initial token
ocireg = OCIRegistry("https://fakereg.com", "test-image")
ocireg.auth_token = "some auth token"
# fake a 200 response
responses.add(responses.PUT, "https://fakereg.com/api/stuff")
# try it
ocireg._hit("PUT", "https://fakereg.com/api/stuff", log=False)
# no logs!
assert not caplog.records
def test_hit_simple_re_auth_problems(responses):
"""Bad response from the re-authentication process."""
ocireg = OCIRegistry("https://fakereg.com", "test-image")
# set only one response, a 401 which is broken and all will end there
headers = {"Www-Authenticate": "broken header"}
responses.add(responses.GET,
"https://fakereg.com/api/stuff",
headers=headers,
status=401)
# try it, isolating the re-authentication (tested separatedly above)
expected = ("Bad 401 response: Bearer not found; "
"headers: {.*'Www-Authenticate': 'broken header'.*}")
with pytest.raises(CommandError, match=expected):
ocireg._hit("GET", "https://fakereg.com/api/stuff")
def test_hit_different_method(responses):
"""Simple request using something else than GET."""
# set the Registry with an initial token
ocireg = OCIRegistry("https://fakereg.com", "test-image")
ocireg.auth_token = "some auth token"
# fake a 200 response
responses.add(responses.POST, "https://fakereg.com/api/stuff")
# try it
response = ocireg._hit("POST", "https://fakereg.com/api/stuff")
assert response == responses.calls[0].response
def test_hit_extra_parameters(responses):
"""The request can include extra parameters."""
ocireg = OCIRegistry("https://fakereg.com", "test-image")
# fake a 200 response
responses.add(responses.PUT, "https://fakereg.com/api/stuff")
# try it
response = ocireg._hit("PUT",
"https://fakereg.com/api/stuff",
data=b"test-payload")
assert response == responses.calls[0].response
assert responses.calls[0].request.body == b"test-payload"
def test_hit_including_headers(responses):
"""A request including more headers."""
# set the Registry with an initial token
ocireg = OCIRegistry("https://fakereg.com", "test-image")
ocireg.auth_token = "some auth token"
# fake a 200 response
responses.add(responses.POST, "https://fakereg.com/api/stuff")
# try it
response = ocireg._hit("POST",
"https://fakereg.com/api/stuff",
headers={"FOO": "bar"})
assert response == responses.calls[0].response
# check that it sent the requested header AND the automatic auth one
sent_headers = responses.calls[0].request.headers
assert sent_headers.get("FOO") == "bar"
assert sent_headers.get("Authorization") == "Bearer some auth token"
def test_hit_simple_initial_auth_ok(emitter, responses):
"""Simple GET with auth working at once."""
# set the Registry with an initial token
ocireg = OCIRegistry("https://fakereg.com", "test-image")
ocireg.auth_token = "some auth token"
# fake a 200 response
responses.add(responses.GET, "https://fakereg.com/api/stuff")
# try it
response = ocireg._hit("GET", "https://fakereg.com/api/stuff")
assert response == responses.calls[0].response
# verify it authed ok
sent_auth_header = responses.calls[0].request.headers.get("Authorization")
assert sent_auth_header == "Bearer some auth token"
# logged what it did
expected = "Hitting the registry: GET https://fakereg.com/api/stuff"
emitter.assert_trace(expected)
def test_hit_simple_initial_auth_ok(caplog, responses):
"""Simple GET with auth working at once."""
caplog.set_level(logging.DEBUG, logger="charmcraft")
# set the Registry with an initial token
ocireg = OCIRegistry("https://fakereg.com", "test-image")
ocireg.auth_token = "some auth token"
# fake a 200 response
responses.add(responses.GET, "https://fakereg.com/api/stuff")
# try it
response = ocireg._hit("GET", "https://fakereg.com/api/stuff")
assert response == responses.calls[0].response
# verify it authed ok
sent_auth_header = responses.calls[0].request.headers.get("Authorization")
assert sent_auth_header == "Bearer some auth token"
# logged what it did
expected = "Hitting the registry: GET https://fakereg.com/api/stuff"
assert [expected] == [rec.message for rec in caplog.records]
def test_hit_simple_re_auth_ok(responses):
"""Simple GET but needing to re-authenticate."""
# set the Registry
ocireg = OCIRegistry("https://fakereg.com", "test-image")
ocireg.auth_token = "some auth token"
# need to set up two responses!
# - the 401 response with the proper info to re-auth
# - the request that actually works
headers = {
"Www-Authenticate":
('Bearer realm="https://auth.fakereg.com/token",'
'service="https://fakereg.com",scope="repository:library/stuff:pull"')
}
responses.add(responses.GET,
"https://fakereg.com/api/stuff",
headers=headers,
status=401)
responses.add(responses.GET, "https://fakereg.com/api/stuff")
# try it, isolating the re-authentication (tested separatedly above)
with patch.object(ocireg, "_authenticate") as mock_auth:
mock_auth.return_value = "new auth token"
response = ocireg._hit("GET", "https://fakereg.com/api/stuff")
assert response == responses.calls[1].response
mock_auth.assert_called_with({
"realm": "https://auth.fakereg.com/token",
"scope": "repository:library/stuff:pull",
"service": "https://fakereg.com",
})
# verify it authed ok both times, with corresponding tokens, and that it stored the new one
sent_auth_header = responses.calls[0].request.headers.get("Authorization")
assert sent_auth_header == "Bearer some auth token"
sent_auth_header = responses.calls[1].request.headers.get("Authorization")
assert sent_auth_header == "Bearer new auth token"
assert ocireg.auth_token == "new auth token"