Kyle Isom
dddc66f31b
Phase 5 (OCI pull): internal/oci/ package with manifest GET/HEAD by tag/digest, blob GET/HEAD with repo membership check, tag listing with OCI pagination, catalog listing. Multi-segment repo names via parseOCIPath() right-split routing. DB query layer in internal/db/repository.go. Phase 6 (OCI push): blob uploads (monolithic and chunked) with uploadManager tracking in-progress BlobWriters, manifest push implementing full ARCHITECTURE.md §5 flow in a single SQLite transaction (create repo, upsert manifest, populate manifest_blobs, atomic tag move). Digest verification on both blob commit and manifest push-by-digest. Phase 8 (admin REST): /v1 endpoints for auth (login/logout/health), repository management (list/detail/delete), policy CRUD with engine reload, audit log listing with filters, GC trigger/status stubs. RequireAdmin middleware, platform-standard error format. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
145 lines
3.9 KiB
Go
145 lines
3.9 KiB
Go
package oci
|
|
|
|
import (
|
|
"encoding/json"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
)
|
|
|
|
func TestBlobGet(t *testing.T) {
|
|
fdb := newFakeDB()
|
|
fdb.addRepo("myrepo", 1)
|
|
fdb.addBlob(1, "sha256:layerdigest")
|
|
|
|
blobs := newFakeBlobs()
|
|
blobs.data["sha256:layerdigest"] = []byte("layer-content-bytes")
|
|
|
|
h := NewHandler(fdb, blobs, allowAll(), nil)
|
|
router := testRouter(h)
|
|
|
|
req := authedRequest("GET", "/v2/myrepo/blobs/sha256:layerdigest", nil)
|
|
rr := httptest.NewRecorder()
|
|
router.ServeHTTP(rr, req)
|
|
|
|
if rr.Code != http.StatusOK {
|
|
t.Fatalf("status: got %d, want %d", rr.Code, http.StatusOK)
|
|
}
|
|
if ct := rr.Header().Get("Content-Type"); ct != "application/octet-stream" {
|
|
t.Fatalf("Content-Type: got %q", ct)
|
|
}
|
|
if dcd := rr.Header().Get("Docker-Content-Digest"); dcd != "sha256:layerdigest" {
|
|
t.Fatalf("Docker-Content-Digest: got %q", dcd)
|
|
}
|
|
if cl := rr.Header().Get("Content-Length"); cl != "19" {
|
|
t.Fatalf("Content-Length: got %q, want %q", cl, "19")
|
|
}
|
|
if rr.Body.String() != "layer-content-bytes" {
|
|
t.Fatalf("body: got %q", rr.Body.String())
|
|
}
|
|
}
|
|
|
|
func TestBlobHead(t *testing.T) {
|
|
fdb := newFakeDB()
|
|
fdb.addRepo("myrepo", 1)
|
|
fdb.addBlob(1, "sha256:layerdigest")
|
|
|
|
blobs := newFakeBlobs()
|
|
blobs.data["sha256:layerdigest"] = []byte("layer-content-bytes")
|
|
|
|
h := NewHandler(fdb, blobs, allowAll(), nil)
|
|
router := testRouter(h)
|
|
|
|
req := authedRequest("HEAD", "/v2/myrepo/blobs/sha256:layerdigest", nil)
|
|
rr := httptest.NewRecorder()
|
|
router.ServeHTTP(rr, req)
|
|
|
|
if rr.Code != http.StatusOK {
|
|
t.Fatalf("status: got %d, want %d", rr.Code, http.StatusOK)
|
|
}
|
|
if ct := rr.Header().Get("Content-Type"); ct != "application/octet-stream" {
|
|
t.Fatalf("Content-Type: got %q", ct)
|
|
}
|
|
if dcd := rr.Header().Get("Docker-Content-Digest"); dcd != "sha256:layerdigest" {
|
|
t.Fatalf("Docker-Content-Digest: got %q", dcd)
|
|
}
|
|
if cl := rr.Header().Get("Content-Length"); cl != "19" {
|
|
t.Fatalf("Content-Length: got %q, want %q", cl, "19")
|
|
}
|
|
if rr.Body.Len() != 0 {
|
|
t.Fatalf("HEAD body should be empty, got %d bytes", rr.Body.Len())
|
|
}
|
|
}
|
|
|
|
func TestBlobGetNotInRepo(t *testing.T) {
|
|
fdb := newFakeDB()
|
|
fdb.addRepo("myrepo", 1)
|
|
// Blob NOT added to the repo.
|
|
|
|
blobs := newFakeBlobs()
|
|
blobs.data["sha256:orphan"] = []byte("data")
|
|
|
|
h := NewHandler(fdb, blobs, allowAll(), nil)
|
|
router := testRouter(h)
|
|
|
|
req := authedRequest("GET", "/v2/myrepo/blobs/sha256:orphan", nil)
|
|
rr := httptest.NewRecorder()
|
|
router.ServeHTTP(rr, req)
|
|
|
|
if rr.Code != http.StatusNotFound {
|
|
t.Fatalf("status: got %d, want %d", rr.Code, http.StatusNotFound)
|
|
}
|
|
|
|
var body ociErrorResponse
|
|
if err := json.NewDecoder(rr.Body).Decode(&body); err != nil {
|
|
t.Fatalf("decode error body: %v", err)
|
|
}
|
|
if len(body.Errors) != 1 || body.Errors[0].Code != "BLOB_UNKNOWN" {
|
|
t.Fatalf("error code: got %+v, want BLOB_UNKNOWN", body.Errors)
|
|
}
|
|
}
|
|
|
|
func TestBlobGetRepoNotFound(t *testing.T) {
|
|
fdb := newFakeDB()
|
|
// No repos.
|
|
|
|
h := NewHandler(fdb, newFakeBlobs(), allowAll(), nil)
|
|
router := testRouter(h)
|
|
|
|
req := authedRequest("GET", "/v2/nosuchrepo/blobs/sha256:abc", nil)
|
|
rr := httptest.NewRecorder()
|
|
router.ServeHTTP(rr, req)
|
|
|
|
if rr.Code != http.StatusNotFound {
|
|
t.Fatalf("status: got %d, want %d", rr.Code, http.StatusNotFound)
|
|
}
|
|
|
|
var body ociErrorResponse
|
|
if err := json.NewDecoder(rr.Body).Decode(&body); err != nil {
|
|
t.Fatalf("decode error body: %v", err)
|
|
}
|
|
if len(body.Errors) != 1 || body.Errors[0].Code != "NAME_UNKNOWN" {
|
|
t.Fatalf("error code: got %+v, want NAME_UNKNOWN", body.Errors)
|
|
}
|
|
}
|
|
|
|
func TestBlobGetMultiSegmentRepo(t *testing.T) {
|
|
fdb := newFakeDB()
|
|
fdb.addRepo("org/team/app", 1)
|
|
fdb.addBlob(1, "sha256:layerdigest")
|
|
|
|
blobs := newFakeBlobs()
|
|
blobs.data["sha256:layerdigest"] = []byte("data")
|
|
|
|
h := NewHandler(fdb, blobs, allowAll(), nil)
|
|
router := testRouter(h)
|
|
|
|
req := authedRequest("GET", "/v2/org/team/app/blobs/sha256:layerdigest", nil)
|
|
rr := httptest.NewRecorder()
|
|
router.ServeHTTP(rr, req)
|
|
|
|
if rr.Code != http.StatusOK {
|
|
t.Fatalf("status: got %d, want %d", rr.Code, http.StatusOK)
|
|
}
|
|
}
|