mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-29 06:27:05 +00:00
Move docker keyring lookup test to pkg/credentailprovider
Also remove unused image tests in docker_test.go
This commit is contained in:
Yu-Ju Hong
parent
5644587e07
commit
607bdd574d
@ -19,7 +19,10 @@ package credentialprovider
|
||||
import (
|
||||
"encoding/base64"
|
||||
"fmt"
|
||||
"reflect"
|
||||
"testing"
|
||||
|
||||
dockertypes "github.com/docker/engine-api/types"
|
||||
)
|
||||
|
||||
func TestUrlsMatch(t *testing.T) {
|
||||
@ -499,3 +502,117 @@ func TestLazyKeyring(t *testing.T) {
|
||||
t.Errorf("Unexpected number of Provide calls: %v", provider.Count)
|
||||
}
|
||||
}
|
||||
|
||||
func TestDockerKeyringLookup(t *testing.T) {
|
||||
ada := LazyAuthConfiguration{
|
||||
AuthConfig: dockertypes.AuthConfig{
|
||||
Username: "ada",
|
||||
Password: "smash",
|
||||
Email: "ada@example.com",
|
||||
},
|
||||
}
|
||||
|
||||
grace := LazyAuthConfiguration{
|
||||
AuthConfig: dockertypes.AuthConfig{
|
||||
Username: "grace",
|
||||
Password: "squash",
|
||||
Email: "grace@example.com",
|
||||
},
|
||||
}
|
||||
|
||||
dk := &BasicDockerKeyring{}
|
||||
dk.Add(DockerConfig{
|
||||
"bar.example.com/pong": DockerConfigEntry{
|
||||
Username: grace.Username,
|
||||
Password: grace.Password,
|
||||
Email: grace.Email,
|
||||
},
|
||||
"bar.example.com": DockerConfigEntry{
|
||||
Username: ada.Username,
|
||||
Password: ada.Password,
|
||||
Email: ada.Email,
|
||||
},
|
||||
})
|
||||
|
||||
tests := []struct {
|
||||
image string
|
||||
match []LazyAuthConfiguration
|
||||
ok bool
|
||||
}{
|
||||
// direct match
|
||||
{"bar.example.com", []LazyAuthConfiguration{ada}, true},
|
||||
|
||||
// direct match deeper than other possible matches
|
||||
{"bar.example.com/pong", []LazyAuthConfiguration{grace, ada}, true},
|
||||
|
||||
// no direct match, deeper path ignored
|
||||
{"bar.example.com/ping", []LazyAuthConfiguration{ada}, true},
|
||||
|
||||
// match first part of path token
|
||||
{"bar.example.com/pongz", []LazyAuthConfiguration{grace, ada}, true},
|
||||
|
||||
// match regardless of sub-path
|
||||
{"bar.example.com/pong/pang", []LazyAuthConfiguration{grace, ada}, true},
|
||||
|
||||
// no host match
|
||||
{"example.com", []LazyAuthConfiguration{}, false},
|
||||
{"foo.example.com", []LazyAuthConfiguration{}, false},
|
||||
}
|
||||
|
||||
for i, tt := range tests {
|
||||
match, ok := dk.Lookup(tt.image)
|
||||
if tt.ok != ok {
|
||||
t.Errorf("case %d: expected ok=%t, got %t", i, tt.ok, ok)
|
||||
}
|
||||
|
||||
if !reflect.DeepEqual(tt.match, match) {
|
||||
t.Errorf("case %d: expected match=%#v, got %#v", i, tt.match, match)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// This validates that dockercfg entries with a scheme and url path are properly matched
|
||||
// by images that only match the hostname.
|
||||
// NOTE: the above covers the case of a more specific match trumping just hostname.
|
||||
func TestIssue3797(t *testing.T) {
|
||||
rex := LazyAuthConfiguration{
|
||||
AuthConfig: dockertypes.AuthConfig{
|
||||
Username: "rex",
|
||||
Password: "tiny arms",
|
||||
Email: "rex@example.com",
|
||||
},
|
||||
}
|
||||
|
||||
dk := &BasicDockerKeyring{}
|
||||
dk.Add(DockerConfig{
|
||||
"https://quay.io/v1/": DockerConfigEntry{
|
||||
Username: rex.Username,
|
||||
Password: rex.Password,
|
||||
Email: rex.Email,
|
||||
},
|
||||
})
|
||||
|
||||
tests := []struct {
|
||||
image string
|
||||
match []LazyAuthConfiguration
|
||||
ok bool
|
||||
}{
|
||||
// direct match
|
||||
{"quay.io", []LazyAuthConfiguration{rex}, true},
|
||||
|
||||
// partial matches
|
||||
{"quay.io/foo", []LazyAuthConfiguration{rex}, true},
|
||||
{"quay.io/foo/bar", []LazyAuthConfiguration{rex}, true},
|
||||
}
|
||||
|
||||
for i, tt := range tests {
|
||||
match, ok := dk.Lookup(tt.image)
|
||||
if tt.ok != ok {
|
||||
t.Errorf("case %d: expected ok=%t, got %t", i, tt.ok, ok)
|
||||
}
|
||||
|
||||
if !reflect.DeepEqual(tt.match, match) {
|
||||
t.Errorf("case %d: expected match=%#v, got %#v", i, tt.match, match)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -544,168 +544,6 @@ func TestPullWithSecrets(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestDockerKeyringLookupFails(t *testing.T) {
|
||||
fakeKeyring := &credentialprovider.FakeKeyring{}
|
||||
fakeClient := NewFakeDockerClient()
|
||||
fakeClient.InjectError("pull", fmt.Errorf("test error"))
|
||||
|
||||
dp := dockerPuller{
|
||||
client: fakeClient,
|
||||
keyring: fakeKeyring,
|
||||
}
|
||||
|
||||
err := dp.Pull("host/repository/image:version", []v1.Secret{})
|
||||
if err == nil {
|
||||
t.Errorf("unexpected non-error")
|
||||
}
|
||||
msg := "image pull failed for host/repository/image:version, this may be because there are no credentials on this request. details: (test error)"
|
||||
if err.Error() != msg {
|
||||
t.Errorf("expected: %s, saw: %s", msg, err.Error())
|
||||
}
|
||||
}
|
||||
|
||||
func TestDockerKeyringLookup(t *testing.T) {
|
||||
ada := credentialprovider.LazyAuthConfiguration{
|
||||
AuthConfig: dockertypes.AuthConfig{
|
||||
Username: "ada",
|
||||
Password: "smash",
|
||||
Email: "ada@example.com",
|
||||
},
|
||||
}
|
||||
|
||||
grace := credentialprovider.LazyAuthConfiguration{
|
||||
AuthConfig: dockertypes.AuthConfig{
|
||||
Username: "grace",
|
||||
Password: "squash",
|
||||
Email: "grace@example.com",
|
||||
},
|
||||
}
|
||||
|
||||
dk := &credentialprovider.BasicDockerKeyring{}
|
||||
dk.Add(credentialprovider.DockerConfig{
|
||||
"bar.example.com/pong": credentialprovider.DockerConfigEntry{
|
||||
Username: grace.Username,
|
||||
Password: grace.Password,
|
||||
Email: grace.Email,
|
||||
},
|
||||
"bar.example.com": credentialprovider.DockerConfigEntry{
|
||||
Username: ada.Username,
|
||||
Password: ada.Password,
|
||||
Email: ada.Email,
|
||||
},
|
||||
})
|
||||
|
||||
tests := []struct {
|
||||
image string
|
||||
match []credentialprovider.LazyAuthConfiguration
|
||||
ok bool
|
||||
}{
|
||||
// direct match
|
||||
{"bar.example.com", []credentialprovider.LazyAuthConfiguration{ada}, true},
|
||||
|
||||
// direct match deeper than other possible matches
|
||||
{"bar.example.com/pong", []credentialprovider.LazyAuthConfiguration{grace, ada}, true},
|
||||
|
||||
// no direct match, deeper path ignored
|
||||
{"bar.example.com/ping", []credentialprovider.LazyAuthConfiguration{ada}, true},
|
||||
|
||||
// match first part of path token
|
||||
{"bar.example.com/pongz", []credentialprovider.LazyAuthConfiguration{grace, ada}, true},
|
||||
|
||||
// match regardless of sub-path
|
||||
{"bar.example.com/pong/pang", []credentialprovider.LazyAuthConfiguration{grace, ada}, true},
|
||||
|
||||
// no host match
|
||||
{"example.com", []credentialprovider.LazyAuthConfiguration{}, false},
|
||||
{"foo.example.com", []credentialprovider.LazyAuthConfiguration{}, false},
|
||||
}
|
||||
|
||||
for i, tt := range tests {
|
||||
match, ok := dk.Lookup(tt.image)
|
||||
if tt.ok != ok {
|
||||
t.Errorf("case %d: expected ok=%t, got %t", i, tt.ok, ok)
|
||||
}
|
||||
|
||||
if !reflect.DeepEqual(tt.match, match) {
|
||||
t.Errorf("case %d: expected match=%#v, got %#v", i, tt.match, match)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// This validates that dockercfg entries with a scheme and url path are properly matched
|
||||
// by images that only match the hostname.
|
||||
// NOTE: the above covers the case of a more specific match trumping just hostname.
|
||||
func TestIssue3797(t *testing.T) {
|
||||
rex := credentialprovider.LazyAuthConfiguration{
|
||||
AuthConfig: dockertypes.AuthConfig{
|
||||
Username: "rex",
|
||||
Password: "tiny arms",
|
||||
Email: "rex@example.com",
|
||||
},
|
||||
}
|
||||
|
||||
dk := &credentialprovider.BasicDockerKeyring{}
|
||||
dk.Add(credentialprovider.DockerConfig{
|
||||
"https://quay.io/v1/": credentialprovider.DockerConfigEntry{
|
||||
Username: rex.Username,
|
||||
Password: rex.Password,
|
||||
Email: rex.Email,
|
||||
},
|
||||
})
|
||||
|
||||
tests := []struct {
|
||||
image string
|
||||
match []credentialprovider.LazyAuthConfiguration
|
||||
ok bool
|
||||
}{
|
||||
// direct match
|
||||
{"quay.io", []credentialprovider.LazyAuthConfiguration{rex}, true},
|
||||
|
||||
// partial matches
|
||||
{"quay.io/foo", []credentialprovider.LazyAuthConfiguration{rex}, true},
|
||||
{"quay.io/foo/bar", []credentialprovider.LazyAuthConfiguration{rex}, true},
|
||||
}
|
||||
|
||||
for i, tt := range tests {
|
||||
match, ok := dk.Lookup(tt.image)
|
||||
if tt.ok != ok {
|
||||
t.Errorf("case %d: expected ok=%t, got %t", i, tt.ok, ok)
|
||||
}
|
||||
|
||||
if !reflect.DeepEqual(tt.match, match) {
|
||||
t.Errorf("case %d: expected match=%#v, got %#v", i, tt.match, match)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
type imageTrackingDockerClient struct {
|
||||
*FakeDockerClient
|
||||
imageName string
|
||||
}
|
||||
|
||||
func (f *imageTrackingDockerClient) InspectImageByID(name string) (image *dockertypes.ImageInspect, err error) {
|
||||
image, err = f.FakeDockerClient.InspectImageByID(name)
|
||||
f.imageName = name
|
||||
return
|
||||
}
|
||||
|
||||
func (f *imageTrackingDockerClient) InspectImageByRef(name string) (image *dockertypes.ImageInspect, err error) {
|
||||
image, err = f.FakeDockerClient.InspectImageByRef(name)
|
||||
f.imageName = name
|
||||
return
|
||||
}
|
||||
|
||||
func TestGetImageRef(t *testing.T) {
|
||||
cl := &imageTrackingDockerClient{NewFakeDockerClient(), ""}
|
||||
puller := &dockerPuller{
|
||||
client: cl,
|
||||
}
|
||||
_, _ = puller.GetImageRef("abc:123")
|
||||
if cl.imageName != "abc:123" {
|
||||
t.Errorf("expected inspection of image abc:123, instead inspected image %v", cl.imageName)
|
||||
}
|
||||
}
|
||||
|
||||
const letterBytes = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
|
||||
|
||||
func randStringBytes(n int) string {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user