wrap up e2e

e2e/docker/docker_test.go

@@ -53,28 +53,20 @@ func runRegistry(t *testing.T) {
 
 	t.Logf("Setting up insecure private registry at %v", address)
 
-	// run the sed job to fixup the auth.json file with correct address
+	// run the sed job to fixup the auth.json file with correct address and make
+	// sure the registry is marked as insecure for docker, otherwise pulls will
+	// fail
 	_, sedCleanup := jobs3.Submit(t,
-		"../docker_registry/registry-auths.hcl",
+		"./input/registry-auths.hcl",
 		jobs3.Var("registry_address", address),
 		jobs3.Var("user", "root"),
 		jobs3.Var("helper_dir", "/usr/local/bin"),
 		jobs3.Var("auth_dir", "/etc"),
+		jobs3.Var("docker_conf_dir", "/etc/docker"),
 		jobs3.WaitComplete("create-files"),
 		jobs3.Timeout(20*time.Second),
 	)
 	t.Cleanup(sedCleanup)
-
-	// make sure the registry is marked as insecure for docker, otherwise pulls will fail
-	_, dockerInsecure := jobs3.Submit(t,
-		"./input/docker_conf.hcl",
-		jobs3.Var("registry_address", address),
-		jobs3.Var("user", "root"),
-		jobs3.Var("docker_conf_dir", "/etc/docker"),
-		jobs3.WaitComplete("create-conf"),
-		jobs3.Timeout(20*time.Second),
-	)
-	t.Cleanup(dockerInsecure)
 }
 
 func testRedis(t *testing.T) {

e2e/docker/input/registry-auths.hcl

@@ -0,0 +1,170 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+# This job runs after the private registry is up and running, when we know
+# address and port provided by the bridge network. It is a sysbatch job
+# that writes these files on every linux client.
+#   - /usr/local/bin/docker-credential-test.sh
+#   - /etc/docker-registry-auth.json
+
+variable "registry_address" {
+  type        = string
+  description = "The HTTP address of the local registry"
+}
+
+variable "auth_dir" {
+  type        = string
+  description = "The destination directory of the auth.json file."
+  default     = "/tmp"
+}
+
+variable "helper_dir" {
+  type        = string
+  description = "The directory in which test.sh will be written."
+  default     = "/tmp"
+}
+
+variable "docker_conf_dir" {
+  type        = string
+  description = "The directory in which daemon.json will be written."
+  default     = "/tmp"
+}
+
+variable "user" {
+  type        = string
+  description = "The user to create files as. Should be root in e2e."
+  # no default because dealing with root files is annoying locally
+  # try -var=user=$USER for local development
+}
+
+job "registry-auths" {
+  type = "sysbatch"
+
+  constraint {
+    attribute = "${attr.kernel.name}"
+    value     = "linux"
+  }
+
+  group "create-files" {
+    reschedule {
+      attempts  = 0
+      unlimited = false
+    }
+
+    # write out the test.sh file into var.helper_dir
+    task "create-helper-file" {
+      driver = "pledge"
+      user   = "${var.user}"
+
+      config {
+        command  = "cp"
+        args     = ["${NOMAD_TASK_DIR}/test.sh", "${var.helper_dir}/docker-credential-test.sh"]
+        promises = "stdio rpath wpath cpath"
+        unveil   = ["r:${NOMAD_TASK_DIR}/test.sh", "rwc:${var.helper_dir}"]
+      }
+
+      template {
+        destination = "local/test.sh"
+        perms       = "755"
+        data        = <<EOH
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+value=$(cat /dev/stdin)
+
+username="auth_helper_user"
+password="auth_helper_pass"
+
+case "${value}" in
+  ${var.registry_address}*)
+    echo "{\"Username\": \"$username\", \"Secret\": \"$password\"}"
+    exit 0
+    ;;
+  *)
+    echo "must use local registry"
+    exit 3
+    ;;
+esac
+EOH
+      }
+      resources {
+        cpu    = 100
+        memory = 32
+      }
+    }
+
+    # write out the auth.json file into var.auth_dir
+    task "create-auth-file" {
+      driver = "pledge"
+      user   = "${var.user}"
+
+      config {
+        command  = "cp"
+        args     = ["${NOMAD_TASK_DIR}/auth.json", "${var.auth_dir}/auth.json"]
+        promises = "stdio rpath wpath cpath"
+        unveil   = ["r:${NOMAD_TASK_DIR}/auth.json", "rwc:${var.auth_dir}"]
+      }
+      template {
+        perms       = "644"
+        destination = "local/auth.json"
+        data        = <<EOH
+{
+  "auths": {
+    "${var.registry_address}:/docker.io/library/bash_auth_static": {
+      "auth": "YXV0aF9zdGF0aWNfdXNlcjphdXRoX3N0YXRpY19wYXNz"
+    }
+  }
+}
+EOH
+      }
+      resources {
+        cpu    = 100
+        memory = 32
+      }
+    }
+  }
+
+  group "create-conf" {
+    task "create-daemon-file" {
+      driver = "pledge"
+      user   = "${var.user}"
+
+      config {
+        command  = "cp"
+        args     = ["${NOMAD_TASK_DIR}/daemon.json", "${var.docker_conf_dir}/daemon.json"]
+        promises = "stdio rpath wpath cpath"
+        unveil   = ["r:${NOMAD_TASK_DIR}/daemon.json", "rwc:${var.docker_conf_dir}"]
+      }
+
+      template {
+        destination = "local/daemon.json"
+        perms       = "644"
+        data        = <<EOH
+{
+   "insecure-registries": [
+      "${var.registry_address}"
+   ]
+}
+EOH
+      }
+      resources {
+        cpu    = 100
+        memory = 32
+      }
+    }
+
+    task "restart-docker" {
+      driver = "raw_exec" # TODO: see if this could be done with pledge?
+
+      config {
+        command = "service"
+        args    = ["docker", "restart"]
+      }
+      resources {
+        cpu    = 100
+        memory = 32
+      }
+    }
+  }
+}

e2e/podman/podman_test.go

@@ -53,7 +53,7 @@ func runRegistry(t *testing.T) {
 
 	// run the sed job to fixup the auth.json file with correct address
 	_, sedCleanup := jobs3.Submit(t,
-		"../docker_registry/registry-auths.hcl",
+		"./input/registry-auths.hcl",
 		jobs3.Var("registry_address", address),
 		jobs3.Var("user", "root"),
 		jobs3.Var("helper_dir", "/usr/local/bin"),