test: exercise podman-login + skopeo

[vrothberg]

We've recently had a silent regression where podman-login used another path for storing the auth file than the defaults of c/image do. This broke Skopeo CI which is using podman-login. To prevent us from running into similar regressions in the future, we could extend our e2e tests to perform a podman-login, followed by, for instance, a skopeo-copy.

[github-actions[bot]]

This issue had no activity for 30 days. In the absence of activity or the "do-not-close" label, the issue will be automatically closed within 7 days.

[rhatdan]

@edsantiago were you every able to generate a tests for this?

[edsantiago]

Oops, no - I dropped the ball on this. In fact there aren't currently any login tests in the podman system test suite; I've never been sure how to fit those in. I'll look into it today.

[rhatdan]

Excellent.

[edsantiago]

I'm very close to having decent tests but have run into a snag: it seems impossible to know the path podman will use to an auth file. I'm seeing all sorts of variations like:

/run/containers/0/auth.json
/run/user/0/containers/auth.json
/run/user/1000/containers/auth.json
/var/tmp/run-1000/containers/auth.json

If I grok the code correctly, it's vendor/github.com/containers/image/v5/pkg/docker/config/config.go:getPathToAuth() which tries all sorts of variations depending on whether $XDG_RUNTIME_DIR is set or not, whether it's writable or not, and the phase of the moon.

I need to have the path to the auth file, because I need to test what podman does with missing/corrupt files and with invalid credentials. I do not want to recreate the complicated logic in the above module. I would love to add a podman info field to show this path, but getPathToAuth() is not exported.

Is there something simple I'm missing?

[rhatdan]

man podman login
...
       Note:  You  can  also override the default path of the authentication file by setting the REGISTRY_AUTH_FILE
       environment variable. export REGISTRY_AUTH_FILE=path

You can hard code it to the specific file you want.

[edsantiago]

I know that - I deliberately didn't test that (yet) because it wouldn't really help with the desired skopeo case. I want to test that podman's default path works with skopeo by default. Sorry for not being clear.

[edsantiago]

...but that's a good idea: the skopeo-podman-default tests don't actually need to know the auth file path; and the tests that do, can simply set it explicitly. I'll try that tomorrow if there are no other suggestions. Thanks.

[edsantiago]

Skopeo is currently not compatible with podman auth file path; see https://github.com/containers/skopeo/issues/823 and https://github.com/containers/skopeo/issues/822