storage: add ut for anonymous authorization

Signed-off-by: Yan Song <[email protected]>

storage/src/backend/registry.rs

@@ -286,32 +286,33 @@ struct RegistryReader {
 }
 
 impl RegistryReader {
-    /// Request registry server with `authorization` header
+    /// Request registry server with authorization workflow, it has two authentication modes:
     ///
-    /// Bearer token authenticate workflow:
+    /// # Bearer token authenticate workflow:
     ///
-    /// Request:  POST https://my-registry.com/test/repo/blobs/uploads
+    /// Request:  GET https://my-registry.com/namespace/repo/blobs/sha256:<blob_id>
     /// Response: status: 401 Unauthorized
-    ///           header: www-authenticate: Bearer realm="https://auth.my-registry.com/token",service="my-registry.com",scope="repository:test/repo:pull,push"
+    ///           header: www-authenticate: Bearer realm="https://auth.my-registry.com/token",service="my-registry.com",scope="repository:namespace/repo:pull,push"
     ///
     /// Request:  POST https://auth.my-registry.com/token
-    ///           body: "service=my-registry.com&scope=repository:test/repo:pull,push&grant_type=password&username=x&password=x&client_id=nydus-registry-client"
+    ///           body: "service=my-registry.com&scope=repository:namespace/repo:pull,push&grant_type=password&username=x&password=x&client_id=nydus-registry-client"
     /// Response: status: 200 Ok
     ///           body: { "token": "<token>" }
     ///
-    /// Request:  POST https://my-registry.com/test/repo/blobs/uploads
+    /// Request:  GET https://my-registry.com/namespace/repo/blobs/sha256:<blob_id>
     ///           header: authorization: Bearer <token>
-    /// Response: status: 200 Ok
+    /// Response: status: 200/301/307
+    ///
     ///
-    /// Basic authenticate workflow:
+    /// # Basic authenticate workflow:
     ///
-    /// Request:  POST https://my-registry.com/test/repo/blobs/uploads
+    /// Request:  GET https://my-registry.com/namespace/repo/blobs/sha256:<blob_id>
     /// Response: status: 401 Unauthorized
     ///           header: www-authenticate: Basic
     ///
-    /// Request:  POST https://my-registry.com/test/repo/blobs/uploads
+    /// Request:  GET https://my-registry.com/namespace/repo/blobs/sha256:<blob_id>
     ///           header: authorization: Basic base64(<username:password>)
-    /// Response: status: 200 Ok
+    /// Response: status: 200/301/307
     fn request<R: Read + Send + 'static>(
         &self,
         method: Method,
@@ -377,17 +378,16 @@ impl RegistryReader {
         respond(resp, catch_status).map_err(RegistryError::Request)
     }
 
-    /// Read data from registry server
-    ///
-    /// Step:
+    /// Read data from registry server, steps:
     ///
     /// Request:  GET /blobs/sha256:<blob_id>
-    /// Response: status: 307 Temporary Redirect
+    /// Response: status: 301/307
     ///           header: location: https://raw-blob-storage-host.com/signature=x
     ///
     /// Request:  GET https://raw-blob-storage-host.com/signature=x
-    /// Response: status: 200 Ok / 403 Forbidden
-    /// If responding 403, we need to repeat step one
+    /// Response: status: 200/403
+    ///
+    /// If responding with 403, we need to go authorization workflow
     fn _try_read(
         &self,
         mut buf: &mut [u8],
@@ -748,4 +748,16 @@ mod tests {
         assert_eq!(trim(Some("  te st  ".to_owned())), Some("te st".to_owned()));
         assert_eq!(trim(Some("te st".to_owned())), Some("te st".to_owned()));
     }
+
+    #[test]
+    fn test_ghcr() {
+        let config =
+            serde_json::json!({"scheme":"https","host":"ghcr.io","repo":"changweige/python"});
+        let registry = Registry::new(config, Some("registry")).unwrap();
+
+        let reader = registry
+            .get_reader("b91a341ac9a53528c4d96806e1c07c3307a95ede5841f2a13ac4972c7699b067")
+            .unwrap();
+        let _ = reader.blob_size().unwrap();
+    }
 }