Add some tests to make sure our docker API is properly respecting auth.

test/specs.py

@@ -3,10 +3,10 @@ import json
 from flask import url_for
 from collections import OrderedDict
 from uuid import uuid4
+from base64 import b64encode
 
-
+NO_REPO = None
 PUBLIC_REPO = 'public/publicrepo'
-
 PRIVATE_REPO = 'devtable/shared'
 
 ORG = 'devtableorg'
@@ -383,3 +383,162 @@ def build_specs():
 
     TestSpec(url_for('get_org_subscription', orgname=ORG)),
   ]
+
+
+class IndexTestSpec(object):
+  def __init__(self, url, sess_repo=None, anon_code=403, no_access_code=403,
+               read_code=200, admin_code=200):
+    self._url = url
+    self._method = 'GET'
+    self._data = None
+
+    self.sess_repo = sess_repo
+
+    self.anon_code = anon_code
+    self.no_access_code = no_access_code
+    self.read_code = read_code
+    self.admin_code = admin_code
+
+  def gen_basic_auth(self, username, password):
+    encoded = b64encode('%s:%s' % (username, password))
+    return 'basic %s' % encoded
+
+  def set_data_from_obj(self, json_serializable):
+    self._data = json.dumps(json_serializable)
+    return self
+
+  def set_method(self, method):
+    self._method = method
+    return self
+
+  def get_client_args(self):
+    kwargs = {
+      'method': self._method
+    }
+
+    if self._data or self._method == 'POST' or self._method == 'PUT':
+      kwargs['data'] = self._data if self._data else '{}'
+      kwargs['content_type'] = 'application/json'
+
+    return self._url, kwargs
+
+
+def build_index_specs():
+  return [
+    IndexTestSpec(url_for('get_image_layer', image_id=FAKE_IMAGE_ID),
+                  PUBLIC_REPO, 200, 200, 200, 200),
+    IndexTestSpec(url_for('get_image_layer', image_id=FAKE_IMAGE_ID),
+                  PRIVATE_REPO),
+    IndexTestSpec(url_for('get_image_layer', image_id=FAKE_IMAGE_ID),
+                  ORG_REPO),
+
+    IndexTestSpec(url_for('put_image_layer', image_id=FAKE_IMAGE_ID),
+                  PUBLIC_REPO, 403, 403, 403, 403).set_method('PUT'),
+    IndexTestSpec(url_for('put_image_layer', image_id=FAKE_IMAGE_ID),
+                  PRIVATE_REPO, 403, 403, 403, 404).set_method('PUT'),
+    IndexTestSpec(url_for('put_image_layer', image_id=FAKE_IMAGE_ID),
+                  ORG_REPO, 403, 403, 403, 404).set_method('PUT'),
+
+    IndexTestSpec(url_for('put_image_checksum', image_id=FAKE_IMAGE_ID),
+                  PUBLIC_REPO, 403, 403, 403, 403).set_method('PUT'),
+    IndexTestSpec(url_for('put_image_checksum', image_id=FAKE_IMAGE_ID),
+                  PRIVATE_REPO, 403, 403, 403, 400).set_method('PUT'),
+    IndexTestSpec(url_for('put_image_checksum', image_id=FAKE_IMAGE_ID),
+                  ORG_REPO, 403, 403, 403, 400).set_method('PUT'),
+
+    IndexTestSpec(url_for('get_image_json', image_id=FAKE_IMAGE_ID),
+                  PUBLIC_REPO, 404, 404, 404, 404),
+    IndexTestSpec(url_for('get_image_json', image_id=FAKE_IMAGE_ID),
+                  PRIVATE_REPO, 403, 403, 404, 404),
+    IndexTestSpec(url_for('get_image_json', image_id=FAKE_IMAGE_ID),
+                  ORG_REPO, 403, 403, 404, 404),
+
+    IndexTestSpec(url_for('get_image_ancestry', image_id=FAKE_IMAGE_ID),
+                  PUBLIC_REPO, 404, 404, 404, 404),
+    IndexTestSpec(url_for('get_image_ancestry', image_id=FAKE_IMAGE_ID),
+                  PRIVATE_REPO, 403, 403, 404, 404),
+    IndexTestSpec(url_for('get_image_ancestry', image_id=FAKE_IMAGE_ID),
+                  ORG_REPO, 403, 403, 404, 404),
+
+    IndexTestSpec(url_for('put_image_json', image_id=FAKE_IMAGE_ID),
+                  PUBLIC_REPO, 403, 403, 403, 403).set_method('PUT'),
+    IndexTestSpec(url_for('put_image_json', image_id=FAKE_IMAGE_ID),
+                  PRIVATE_REPO, 403, 403, 403, 400).set_method('PUT'),
+    IndexTestSpec(url_for('put_image_json', image_id=FAKE_IMAGE_ID),
+                  ORG_REPO, 403, 403, 403, 400).set_method('PUT'),
+
+    IndexTestSpec(url_for('create_user'), NO_REPO, 201, 201, 201,
+                  201).set_method('POST').set_data_from_obj(NEW_USER_DETAILS),
+
+    IndexTestSpec(url_for('get_user'), NO_REPO, 404, 200, 200, 200),
+
+    IndexTestSpec(url_for('update_user', username=FAKE_USERNAME),
+                  NO_REPO, 403, 403, 403, 403).set_method('PUT'),
+
+    IndexTestSpec(url_for('create_repository', repository=PUBLIC_REPO),
+                  NO_REPO, 403, 403, 403, 403).set_method('PUT'),
+    IndexTestSpec(url_for('create_repository', repository=PRIVATE_REPO),
+                  NO_REPO, 403, 403, 403, 201).set_method('PUT'),
+    IndexTestSpec(url_for('create_repository', repository=ORG_REPO),
+                  NO_REPO, 403, 403, 403, 201).set_method('PUT'),
+
+    IndexTestSpec(url_for('update_images', repository=PUBLIC_REPO), NO_REPO,
+                  403, 403, 403, 403).set_method('PUT'),
+    IndexTestSpec(url_for('update_images', repository=PRIVATE_REPO), NO_REPO,
+                  403, 403, 403, 204).set_method('PUT'),
+    IndexTestSpec(url_for('update_images', repository=ORG_REPO), NO_REPO,
+                  403, 403, 403, 204).set_method('PUT'),
+
+    IndexTestSpec(url_for('get_repository_images', repository=PUBLIC_REPO),
+                  NO_REPO, 200, 200, 200, 200),
+    IndexTestSpec(url_for('get_repository_images', repository=PRIVATE_REPO)),
+    IndexTestSpec(url_for('get_repository_images', repository=ORG_REPO)),
+
+    IndexTestSpec(url_for('delete_repository_images', repository=PUBLIC_REPO),
+                  NO_REPO, 501, 501, 501, 501).set_method('DELETE'),
+
+    IndexTestSpec(url_for('put_repository_auth', repository=PUBLIC_REPO),
+                  NO_REPO, 501, 501, 501, 501).set_method('PUT'),
+
+    IndexTestSpec(url_for('get_search'), NO_REPO, 501, 501, 501, 501),
+
+    IndexTestSpec(url_for('ping'), NO_REPO, 200, 200, 200, 200),
+
+    IndexTestSpec(url_for('get_tags', repository=PUBLIC_REPO), NO_REPO,
+                  200, 200, 200, 200),
+    IndexTestSpec(url_for('get_tags', repository=PRIVATE_REPO)),
+    IndexTestSpec(url_for('get_tags', repository=ORG_REPO)),
+
+    IndexTestSpec(url_for('get_tag', repository=PUBLIC_REPO,
+                          tag=FAKE_TAG_NAME), NO_REPO, 400, 400, 400, 400),
+    IndexTestSpec(url_for('get_tag', repository=PRIVATE_REPO,
+                          tag=FAKE_TAG_NAME), NO_REPO, 403, 403, 400, 400),
+    IndexTestSpec(url_for('get_tag', repository=ORG_REPO,
+                          tag=FAKE_TAG_NAME), NO_REPO, 403, 403, 400, 400),
+
+    IndexTestSpec(url_for('put_tag', repository=PUBLIC_REPO,
+                          tag=FAKE_TAG_NAME),
+                  NO_REPO, 403, 403, 403, 403).set_method('PUT'),
+    IndexTestSpec(url_for('put_tag', repository=PRIVATE_REPO,
+                          tag=FAKE_TAG_NAME),
+                  NO_REPO, 403, 403, 403, 400).set_method('PUT'),
+    IndexTestSpec(url_for('put_tag', repository=ORG_REPO, tag=FAKE_TAG_NAME),
+                  NO_REPO, 403, 403, 403, 400).set_method('PUT'),
+
+    IndexTestSpec(url_for('delete_tag', repository=PUBLIC_REPO,
+                          tag=FAKE_TAG_NAME),
+                  NO_REPO, 403, 403, 403, 403).set_method('DELETE'),
+    IndexTestSpec(url_for('delete_tag', repository=PRIVATE_REPO,
+                          tag=FAKE_TAG_NAME),
+                  NO_REPO, 403, 403, 403, 400).set_method('DELETE'),
+    IndexTestSpec(url_for('delete_tag', repository=ORG_REPO,
+                          tag=FAKE_TAG_NAME),
+                  NO_REPO, 403, 403, 403, 400).set_method('DELETE'),
+
+    IndexTestSpec(url_for('delete_repository_tags', repository=PUBLIC_REPO),
+                  NO_REPO, 403, 403, 403, 403).set_method('DELETE'),
+    IndexTestSpec(url_for('delete_repository_tags', repository=PRIVATE_REPO),
+                  NO_REPO, 403, 403, 403, 204).set_method('DELETE'),
+    IndexTestSpec(url_for('delete_repository_tags', repository=ORG_REPO),
+                  NO_REPO, 403, 403, 403, 204).set_method('DELETE'),
+  ]