Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
cmd/cue: add testscript for registry auth via logins.json
We had testscripts like registry_auth.txtar which authorized via $DOCKER_CONFIG/config.json, and we had the internal/e2e tests which used $CUE_CONFIG_DIR/logins.json to publish and fetch from registry.cue.works. However, we did not have any local testscript which used logins.json. In particular, that code path had a concurrent map write data race fixed by https://cuelang.org/cl/1176581, which we hadn't spotted earlier due to the lack of such a local test that we would run with -race. Add it, making it fetch three modules from the local registry. While the race doesn't always show itself via `go test` without the fix, it does appear with `go test -race` almost every single time. Note that this required teaching registrytest to use bearer tokens, as up until now it only knew how to require basic auth. Signed-off-by: Daniel Martí <mvdan@mvdan.cc> Change-Id: I3d0b720301fb0505f1323a0a77a46aa2f8a91eab Reviewed-on: https://review.gerrithub.io/c/cue-lang/cue/+/1176656 TryBot-Result: CUEcueckoo <cueckoo@gmail.com> Unity-Result: CUE porcuepine <cue.porcuepine@gmail.com> Reviewed-by: Paul Jolly <paul@myitcv.io>
- Loading branch information
Showing
2 changed files
with
99 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
# Test that we can authenticate to a registry with bearer token auth via logins.json. | ||
# We use multiple dependencies to test concurrent fetches as well, to catch races. | ||
|
||
env CUE_CONFIG_DIR=$WORK/cueconfig | ||
env-fill $CUE_CONFIG_DIR/logins.json | ||
exec cue export . | ||
cmp stdout expect-stdout | ||
|
||
# Sanity-check that we get an error when using the wrong token. | ||
env CUE_MODCACHE=$WORK/.tmp/different-cache | ||
env-fill cueconfig/badtoken.json | ||
cp cueconfig/badtoken.json cueconfig/logins.json | ||
! exec cue export . | ||
stderr 'import failed: cannot find package .* 401 Unauthorized; body: "invalid credentials' | ||
-- cueconfig/logins.json -- | ||
{ | ||
"registries": { | ||
"${DEBUG_REGISTRY_HOST}": { | ||
"access_token": "goodtoken" | ||
} | ||
} | ||
} | ||
-- cueconfig/badtoken.json -- | ||
{ | ||
"registries": { | ||
"${DEBUG_REGISTRY_HOST}": { | ||
"access_token": "badtoken" | ||
} | ||
} | ||
} | ||
-- expect-stdout -- | ||
[ | ||
"ok1", | ||
"ok2", | ||
"ok3" | ||
] | ||
-- main.cue -- | ||
package main | ||
import "example.com/e1" | ||
import "example.com/e2" | ||
import "example.com/e3" | ||
|
||
[e1.foo, e2.foo, e3.foo] | ||
|
||
-- cue.mod/module.cue -- | ||
module: "test.org" | ||
deps: "example.com/e1": v: "v0.0.1" | ||
deps: "example.com/e2": v: "v0.0.1" | ||
deps: "example.com/e3": v: "v0.0.1" | ||
-- _registry/auth.json -- | ||
{"bearerToken": "goodtoken"} | ||
-- _registry_prefix -- | ||
somewhere/other | ||
-- _registry/example.com_e1_v0.0.1/cue.mod/module.cue -- | ||
module: "example.com/e1@v0" | ||
|
||
-- _registry/example.com_e1_v0.0.1/main.cue -- | ||
package e1 | ||
|
||
foo: "ok1" | ||
-- _registry/example.com_e2_v0.0.1/cue.mod/module.cue -- | ||
module: "example.com/e2@v0" | ||
|
||
-- _registry/example.com_e2_v0.0.1/main.cue -- | ||
package e2 | ||
|
||
foo: "ok2" | ||
-- _registry/example.com_e3_v0.0.1/cue.mod/module.cue -- | ||
module: "example.com/e3@v0" | ||
|
||
-- _registry/example.com_e3_v0.0.1/main.cue -- | ||
package e3 | ||
|
||
foo: "ok3" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters