From 508fadaf97a68cdda03be9a70ee528d24df41246 Mon Sep 17 00:00:00 2001
From: saadi <saadi@mbd.rwth-aachen.de>
Date: Mon, 24 Mar 2025 09:48:31 +0100
Subject: [PATCH] Add Docker Authentication Testing and Results documentation

---
 docker_authentication.md | 83 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 83 insertions(+)
 create mode 100644 docker_authentication.md

diff --git a/docker_authentication.md b/docker_authentication.md
new file mode 100644
index 0000000..04b88a5
--- /dev/null
+++ b/docker_authentication.md
@@ -0,0 +1,83 @@
+This document outlines the process and results of configuring Docker authentication for GitLab CI/CD runners. The objective was to test various authentication scenarios across multiple groups, subgroups, and GitLab instances to ensure smooth authentication and pipeline execution.
+
+Initial Configuration
+The following setup was implemented on the kistembd VM for GitLab runners:
+
+Docker authentication was set up within the [[runners]] configuration using the DOCKER_AUTH_CONFIG environment variable:
+
+This configuration allowed the runner to authenticate and push/pull from Docker Hub using stored credentials.
+
+Test Cases and Results
+Test Case 1: Single Group Authentication
+
+Objective: Verify that a runner configured with a group token can push and pull images from multiple repositories within the same group.
+
+Setup:
+
+A runner was configured with a group token for mbd_outreach.
+
+Pipelines were triggered for presentation-platform and presentation-platform-1.
+
+Result: ✅ Passed. Both repositories successfully pushed and pulled images using the same runner and token.
+
+Test Case 2: Cross-Group Authentication
+
+Objective: Test authentication failure when using a token from Group 1 in a runner for Group 2.
+
+Setup:
+
+Group 1: mbd_outreach
+
+Group 2: gitlab_credential_test
+
+A token from mbd_outreach was added to the runner for gitlab_credential_test.
+
+A pipeline was triggered in gitlab_credential_test.
+
+Result: ❌ Failed. Authentication failed as expected since a token from mbd_outreach cannot authenticate in gitlab_credential_test.
+
+Test Case 3: Subgroup Authentication Hierarchy
+
+Objective: Validate the inheritance and limitations of authentication tokens across subgroups.
+
+Setup:
+
+Group 1: mbd_outreach
+
+Subgroup 1: outreach_1 (Runner configured with token_outreach_1)
+
+Subgroup 2: outreach_2 (Runner only inherits the group runner if active)
+
+Results:
+
+✅ outreach_1 pipelines always succeeded.
+
+✅ outreach_2 pipelines succeeded only when the group runner for mbd_outreach was active.
+
+❌ If no active runner was present in mbd_outreach, outreach_2 pipeline failed.
+
+Test Case 4: Shared Runner Authentication
+
+Objective: Verify if two subgroups using the same runner and token can execute pipelines successfully.
+
+Setup:
+
+Both outreach_1 and outreach_2 inherited Runner 1, which was registered with token_outreach_1.
+
+Result: ✅ Passed. Both subgroups successfully executed pipelines using the shared runner and token.
+
+Test Case 5: Multi-GitLab Instance Authentication
+
+Objective: Ensure runners on the same VM can authenticate to separate GitLab instances simultaneously.
+
+Setup:
+
+Two GitLab instances: git and git-ce
+
+Group 1 (git): gitlab-credential-test, Runner1 with Group1 credentials
+
+Group 2 (git-ce): gitlab-credential-ce, Runner2 with Group2 credentials
+
+Pipelines triggered simultaneously in presentation (Repo1) and presentation-ce (Repo2)
+
+Result:✅Passed. Both pipelines executed successfully without authentication conflicts.
\ No newline at end of file
-- 
GitLab