Move docker keyring lookup test to pkg/credentailprovider

Also remove unused image tests in docker_test.go

pkg/credentialprovider/keyring_test.go

@@ -19,7 +19,10 @@ package credentialprovider
 import (
 	"encoding/base64"
 	"fmt"
+	"reflect"
 	"testing"
+
+	dockertypes "github.com/docker/engine-api/types"
 )
 
 func TestUrlsMatch(t *testing.T) {
@@ -499,3 +502,117 @@ func TestLazyKeyring(t *testing.T) {
 		t.Errorf("Unexpected number of Provide calls: %v", provider.Count)
 	}
 }
+
+func TestDockerKeyringLookup(t *testing.T) {
+	ada := LazyAuthConfiguration{
+		AuthConfig: dockertypes.AuthConfig{
+			Username: "ada",
+			Password: "smash",
+			Email:    "ada@example.com",
+		},
+	}
+
+	grace := LazyAuthConfiguration{
+		AuthConfig: dockertypes.AuthConfig{
+			Username: "grace",
+			Password: "squash",
+			Email:    "grace@example.com",
+		},
+	}
+
+	dk := &BasicDockerKeyring{}
+	dk.Add(DockerConfig{
+		"bar.example.com/pong": DockerConfigEntry{
+			Username: grace.Username,
+			Password: grace.Password,
+			Email:    grace.Email,
+		},
+		"bar.example.com": DockerConfigEntry{
+			Username: ada.Username,
+			Password: ada.Password,
+			Email:    ada.Email,
+		},
+	})
+
+	tests := []struct {
+		image string
+		match []LazyAuthConfiguration
+		ok    bool
+	}{
+		// direct match
+		{"bar.example.com", []LazyAuthConfiguration{ada}, true},
+
+		// direct match deeper than other possible matches
+		{"bar.example.com/pong", []LazyAuthConfiguration{grace, ada}, true},
+
+		// no direct match, deeper path ignored
+		{"bar.example.com/ping", []LazyAuthConfiguration{ada}, true},
+
+		// match first part of path token
+		{"bar.example.com/pongz", []LazyAuthConfiguration{grace, ada}, true},
+
+		// match regardless of sub-path
+		{"bar.example.com/pong/pang", []LazyAuthConfiguration{grace, ada}, true},
+
+		// no host match
+		{"example.com", []LazyAuthConfiguration{}, false},
+		{"foo.example.com", []LazyAuthConfiguration{}, false},
+	}
+
+	for i, tt := range tests {
+		match, ok := dk.Lookup(tt.image)
+		if tt.ok != ok {
+			t.Errorf("case %d: expected ok=%t, got %t", i, tt.ok, ok)
+		}
+
+		if !reflect.DeepEqual(tt.match, match) {
+			t.Errorf("case %d: expected match=%#v, got %#v", i, tt.match, match)
+		}
+	}
+}
+
+// This validates that dockercfg entries with a scheme and url path are properly matched
+// by images that only match the hostname.
+// NOTE: the above covers the case of a more specific match trumping just hostname.
+func TestIssue3797(t *testing.T) {
+	rex := LazyAuthConfiguration{
+		AuthConfig: dockertypes.AuthConfig{
+			Username: "rex",
+			Password: "tiny arms",
+			Email:    "rex@example.com",
+		},
+	}
+
+	dk := &BasicDockerKeyring{}
+	dk.Add(DockerConfig{
+		"https://quay.io/v1/": DockerConfigEntry{
+			Username: rex.Username,
+			Password: rex.Password,
+			Email:    rex.Email,
+		},
+	})
+
+	tests := []struct {
+		image string
+		match []LazyAuthConfiguration
+		ok    bool
+	}{
+		// direct match
+		{"quay.io", []LazyAuthConfiguration{rex}, true},
+
+		// partial matches
+		{"quay.io/foo", []LazyAuthConfiguration{rex}, true},
+		{"quay.io/foo/bar", []LazyAuthConfiguration{rex}, true},
+	}
+
+	for i, tt := range tests {
+		match, ok := dk.Lookup(tt.image)
+		if tt.ok != ok {
+			t.Errorf("case %d: expected ok=%t, got %t", i, tt.ok, ok)
+		}
+
+		if !reflect.DeepEqual(tt.match, match) {
+			t.Errorf("case %d: expected match=%#v, got %#v", i, tt.match, match)
+		}
+	}
+}

pkg/kubelet/dockertools/docker_test.go

@@ -544,168 +544,6 @@ func TestPullWithSecrets(t *testing.T) {
 	}
 }
 
-func TestDockerKeyringLookupFails(t *testing.T) {
-	fakeKeyring := &credentialprovider.FakeKeyring{}
-	fakeClient := NewFakeDockerClient()
-	fakeClient.InjectError("pull", fmt.Errorf("test error"))
-
-	dp := dockerPuller{
-		client:  fakeClient,
-		keyring: fakeKeyring,
-	}
-
-	err := dp.Pull("host/repository/image:version", []v1.Secret{})
-	if err == nil {
-		t.Errorf("unexpected non-error")
-	}
-	msg := "image pull failed for host/repository/image:version, this may be because there are no credentials on this request.  details: (test error)"
-	if err.Error() != msg {
-		t.Errorf("expected: %s, saw: %s", msg, err.Error())
-	}
-}
-
-func TestDockerKeyringLookup(t *testing.T) {
-	ada := credentialprovider.LazyAuthConfiguration{
-		AuthConfig: dockertypes.AuthConfig{
-			Username: "ada",
-			Password: "smash",
-			Email:    "ada@example.com",
-		},
-	}
-
-	grace := credentialprovider.LazyAuthConfiguration{
-		AuthConfig: dockertypes.AuthConfig{
-			Username: "grace",
-			Password: "squash",
-			Email:    "grace@example.com",
-		},
-	}
-
-	dk := &credentialprovider.BasicDockerKeyring{}
-	dk.Add(credentialprovider.DockerConfig{
-		"bar.example.com/pong": credentialprovider.DockerConfigEntry{
-			Username: grace.Username,
-			Password: grace.Password,
-			Email:    grace.Email,
-		},
-		"bar.example.com": credentialprovider.DockerConfigEntry{
-			Username: ada.Username,
-			Password: ada.Password,
-			Email:    ada.Email,
-		},
-	})
-
-	tests := []struct {
-		image string
-		match []credentialprovider.LazyAuthConfiguration
-		ok    bool
-	}{
-		// direct match
-		{"bar.example.com", []credentialprovider.LazyAuthConfiguration{ada}, true},
-
-		// direct match deeper than other possible matches
-		{"bar.example.com/pong", []credentialprovider.LazyAuthConfiguration{grace, ada}, true},
-
-		// no direct match, deeper path ignored
-		{"bar.example.com/ping", []credentialprovider.LazyAuthConfiguration{ada}, true},
-
-		// match first part of path token
-		{"bar.example.com/pongz", []credentialprovider.LazyAuthConfiguration{grace, ada}, true},
-
-		// match regardless of sub-path
-		{"bar.example.com/pong/pang", []credentialprovider.LazyAuthConfiguration{grace, ada}, true},
-
-		// no host match
-		{"example.com", []credentialprovider.LazyAuthConfiguration{}, false},
-		{"foo.example.com", []credentialprovider.LazyAuthConfiguration{}, false},
-	}
-
-	for i, tt := range tests {
-		match, ok := dk.Lookup(tt.image)
-		if tt.ok != ok {
-			t.Errorf("case %d: expected ok=%t, got %t", i, tt.ok, ok)
-		}
-
-		if !reflect.DeepEqual(tt.match, match) {
-			t.Errorf("case %d: expected match=%#v, got %#v", i, tt.match, match)
-		}
-	}
-}
-
-// This validates that dockercfg entries with a scheme and url path are properly matched
-// by images that only match the hostname.
-// NOTE: the above covers the case of a more specific match trumping just hostname.
-func TestIssue3797(t *testing.T) {
-	rex := credentialprovider.LazyAuthConfiguration{
-		AuthConfig: dockertypes.AuthConfig{
-			Username: "rex",
-			Password: "tiny arms",
-			Email:    "rex@example.com",
-		},
-	}
-
-	dk := &credentialprovider.BasicDockerKeyring{}
-	dk.Add(credentialprovider.DockerConfig{
-		"https://quay.io/v1/": credentialprovider.DockerConfigEntry{
-			Username: rex.Username,
-			Password: rex.Password,
-			Email:    rex.Email,
-		},
-	})
-
-	tests := []struct {
-		image string
-		match []credentialprovider.LazyAuthConfiguration
-		ok    bool
-	}{
-		// direct match
-		{"quay.io", []credentialprovider.LazyAuthConfiguration{rex}, true},
-
-		// partial matches
-		{"quay.io/foo", []credentialprovider.LazyAuthConfiguration{rex}, true},
-		{"quay.io/foo/bar", []credentialprovider.LazyAuthConfiguration{rex}, true},
-	}
-
-	for i, tt := range tests {
-		match, ok := dk.Lookup(tt.image)
-		if tt.ok != ok {
-			t.Errorf("case %d: expected ok=%t, got %t", i, tt.ok, ok)
-		}
-
-		if !reflect.DeepEqual(tt.match, match) {
-			t.Errorf("case %d: expected match=%#v, got %#v", i, tt.match, match)
-		}
-	}
-}
-
-type imageTrackingDockerClient struct {
-	*FakeDockerClient
-	imageName string
-}
-
-func (f *imageTrackingDockerClient) InspectImageByID(name string) (image *dockertypes.ImageInspect, err error) {
-	image, err = f.FakeDockerClient.InspectImageByID(name)
-	f.imageName = name
-	return
-}
-
-func (f *imageTrackingDockerClient) InspectImageByRef(name string) (image *dockertypes.ImageInspect, err error) {
-	image, err = f.FakeDockerClient.InspectImageByRef(name)
-	f.imageName = name
-	return
-}
-
-func TestGetImageRef(t *testing.T) {
-	cl := &imageTrackingDockerClient{NewFakeDockerClient(), ""}
-	puller := &dockerPuller{
-		client: cl,
-	}
-	_, _ = puller.GetImageRef("abc:123")
-	if cl.imageName != "abc:123" {
-		t.Errorf("expected inspection of image abc:123, instead inspected image %v", cl.imageName)
-	}
-}
-
 const letterBytes = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
 
 func randStringBytes(n int) string {