diff options
| author | Stan Hu <stanhu@gmail.com> | 2017-05-17 08:51:56 +0300 |
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2017-05-17 17:04:34 +0300 |
| commit | 831d6f5f777370e4ad424211df24e2f5bd380445 (patch) | |
| tree | dcce3f530fb243875c5091c10e15dc77568b5ebc /spec/lib/container_registry | |
| parent | 39baadbd017a1e36cf95b0ad1a503015bd5e562f (diff) | |
Properly handle container registry redirects to fix metadata stored on a S3 backend
The previous behavior would include the Authorization header, which would
make fetching an S3 blob fail quietly.
Closes #22403
Update sh-fix-container-registry-s3-redirects.yml
Diffstat (limited to 'spec/lib/container_registry')
| -rw-r--r-- | spec/lib/container_registry/blob_spec.rb | 2 | ||||
| -rw-r--r-- | spec/lib/container_registry/client_spec.rb | 39 |
2 files changed, 40 insertions, 1 deletions
diff --git a/spec/lib/container_registry/blob_spec.rb b/spec/lib/container_registry/blob_spec.rb index f06e5fd54a2..ab010c6dfeb 100644 --- a/spec/lib/container_registry/blob_spec.rb +++ b/spec/lib/container_registry/blob_spec.rb @@ -98,7 +98,7 @@ describe ContainerRegistry::Blob do context 'for a valid address' do before do stub_request(:get, location). - with(headers: { 'Authorization' => nil }). + with { |request| !request.headers.include?('Authorization') }. to_return( status: 200, headers: { 'Content-Type' => 'application/json' }, diff --git a/spec/lib/container_registry/client_spec.rb b/spec/lib/container_registry/client_spec.rb new file mode 100644 index 00000000000..ec03b533383 --- /dev/null +++ b/spec/lib/container_registry/client_spec.rb @@ -0,0 +1,39 @@ +# coding: utf-8 +require 'spec_helper' + +describe ContainerRegistry::Client do + let(:token) { '12345' } + let(:options) { { token: token } } + let(:client) { described_class.new("http://container-registry", options) } + + describe '#blob' do + it 'GET /v2/:name/blobs/:digest' do + stub_request(:get, "http://container-registry/v2/group/test/blobs/sha256:0123456789012345"). + with(headers: { + 'Accept' => 'application/octet-stream', + 'Authorization' => "bearer #{token}" + }). + to_return(status: 200, body: "Blob") + + expect(client.blob('group/test', 'sha256:0123456789012345')).to eq('Blob') + end + + it 'follows 307 redirect for GET /v2/:name/blobs/:digest' do + stub_request(:get, "http://container-registry/v2/group/test/blobs/sha256:0123456789012345"). + with(headers: { + 'Accept' => 'application/octet-stream', + 'Authorization' => "bearer #{token}" + }). + to_return(status: 307, body: "", headers: { Location: 'http://redirected' }) + # We should probably use hash_excluding here, but that requires an update to WebMock: + # https://github.com/bblimke/webmock/blob/master/lib/webmock/matchers/hash_excluding_matcher.rb + stub_request(:get, "http://redirected/"). + with { |request| !request.headers.include?('Authorization') }. + to_return(status: 200, body: "Successfully redirected") + + response = client.blob('group/test', 'sha256:0123456789012345') + + expect(response).to eq('Successfully redirected') + end + end +end |