github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-31 15:25:57 +00:00
Code Issues Projects Releases Wiki Activity

Fix golint failures in pkg/credentialprovider (#88860)

Browse Source 
* Fix golint failures in pkg/credentialprovider

* improve Comment

* test
This commit is contained in:
zzde 2020-03-19 11:10:43 +08:00 committed by GitHub
parent 42972f2a37
commit a95d04993a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 163 additions and 150 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hack/.golint_failures
View File

@ -95,7 +95,6 @@ pkg/controller/volume/events
pkg/controller/volume/expand
pkg/controller/volume/persistentvolume
pkg/controller/volume/persistentvolume/config/v1alpha1
pkg/credentialprovider
pkg/features
pkg/kubeapiserver
pkg/kubeapiserver/options

70
pkg/credentialprovider/config.go
View File

@ -36,12 +36,12 @@ const (
maxReadLength = 10 * 1 << 20 // 10MB
)
// DockerConfigJson represents ~/.docker/config.json file info
// DockerConfigJSON represents ~/.docker/config.json file info
// see https://github.com/docker/docker/pull/12009
type DockerConfigJson struct {
type DockerConfigJSON struct {
Auths DockerConfig `json:"auths"`
// +optional
HttpHeaders map[string]string `json:"HttpHeaders,omitempty"`
HTTPHeaders map[string]string `json:"HttpHeaders,omitempty"`
}
// DockerConfig represents the config file used by the docker CLI.
@ -49,6 +49,7 @@ type DockerConfigJson struct {
// when pulling images from specific image repositories.
type DockerConfig map[string]DockerConfigEntry
// DockerConfigEntry wraps a docker config as a entry
type DockerConfigEntry struct {
Username string
Password string
@ -62,19 +63,21 @@ var (
workingDirPath = ""
homeDirPath, _ = os.UserHomeDir()
rootDirPath = "/"
homeJsonDirPath = filepath.Join(homeDirPath, ".docker")
rootJsonDirPath = filepath.Join(rootDirPath, ".docker")
homeJSONDirPath = filepath.Join(homeDirPath, ".docker")
rootJSONDirPath = filepath.Join(rootDirPath, ".docker")
configFileName = ".dockercfg"
configJsonFileName = "config.json"
configJSONFileName = "config.json"
)
// SetPreferredDockercfgPath set preferred docker config path
func SetPreferredDockercfgPath(path string) {
preferredPathLock.Lock()
defer preferredPathLock.Unlock()
preferredPath = path
}
// GetPreferredDockercfgPath get preferred docker config path
func GetPreferredDockercfgPath() string {
preferredPathLock.Lock()
defer preferredPathLock.Unlock()
@ -88,7 +91,7 @@ func DefaultDockercfgPaths() []string {
//DefaultDockerConfigJSONPaths returns default search paths of .docker/config.json
func DefaultDockerConfigJSONPaths() []string {
return []string{GetPreferredDockercfgPath(), workingDirPath, homeJsonDirPath, rootJsonDirPath}
return []string{GetPreferredDockercfgPath(), workingDirPath, homeJSONDirPath, rootJSONDirPath}
}
// ReadDockercfgFile attempts to read a legacy dockercfg file from the given paths.
@ -129,36 +132,37 @@ func ReadDockerConfigJSONFile(searchPaths []string) (cfg DockerConfig, err error
searchPaths = DefaultDockerConfigJSONPaths()
}
for _, configPath := range searchPaths {
absDockerConfigFileLocation, err := filepath.Abs(filepath.Join(configPath, configJsonFileName))
absDockerConfigFileLocation, err := filepath.Abs(filepath.Join(configPath, configJSONFileName))
if err != nil {
klog.Errorf("while trying to canonicalize %s: %v", configPath, err)
continue
}
klog.V(4).Infof("looking for %s at %s", configJsonFileName, absDockerConfigFileLocation)
cfg, err = ReadSpecificDockerConfigJsonFile(absDockerConfigFileLocation)
klog.V(4).Infof("looking for %s at %s", configJSONFileName, absDockerConfigFileLocation)
cfg, err = ReadSpecificDockerConfigJSONFile(absDockerConfigFileLocation)
if err != nil {
if !os.IsNotExist(err) {
klog.V(4).Infof("while trying to read %s: %v", absDockerConfigFileLocation, err)
}
continue
}
klog.V(4).Infof("found valid %s at %s", configJsonFileName, absDockerConfigFileLocation)
klog.V(4).Infof("found valid %s at %s", configJSONFileName, absDockerConfigFileLocation)
return cfg, nil
}
return nil, fmt.Errorf("couldn't find valid %s after checking in %v", configJsonFileName, searchPaths)
return nil, fmt.Errorf("couldn't find valid %s after checking in %v", configJSONFileName, searchPaths)
}
//ReadSpecificDockerConfigJsonFile attempts to read docker configJSON from a given file path.
func ReadSpecificDockerConfigJsonFile(filePath string) (cfg DockerConfig, err error) {
//ReadSpecificDockerConfigJSONFile attempts to read docker configJSON from a given file path.
func ReadSpecificDockerConfigJSONFile(filePath string) (cfg DockerConfig, err error) {
var contents []byte
if contents, err = ioutil.ReadFile(filePath); err != nil {
return nil, err
}
return readDockerConfigJsonFileFromBytes(contents)
return readDockerConfigJSONFileFromBytes(contents)
}
// ReadDockerConfigFile read a docker config file from default path
func ReadDockerConfigFile() (cfg DockerConfig, err error) {
if cfg, err := ReadDockerConfigJSONFile(nil); err == nil {
return cfg, nil
@ -167,19 +171,20 @@ func ReadDockerConfigFile() (cfg DockerConfig, err error) {
return ReadDockercfgFile(nil)
}
// HttpError wraps a non-StatusOK error code as an error.
type HttpError struct {
// HTTPError wraps a non-StatusOK error code as an error.
type HTTPError struct {
StatusCode int
Url string
URL string
}
// Error implements error
func (he *HttpError) Error() string {
func (he *HTTPError) Error() string {
return fmt.Sprintf("http status code: %d while fetching url %s",
he.StatusCode, he.Url)
he.StatusCode, he.URL)
}
func ReadUrl(url string, client *http.Client, header *http.Header) (body []byte, err error) {
// ReadURL read contents from given url
func ReadURL(url string, client *http.Client, header *http.Header) (body []byte, err error) {
req, err := http.NewRequest("GET", url, nil)
if err != nil {
return nil, err
@ -195,9 +200,9 @@ func ReadUrl(url string, client *http.Client, header *http.Header) (body []byte,
if resp.StatusCode != http.StatusOK {
klog.V(2).Infof("body of failing http response: %v", resp.Body)
return nil, &HttpError{
return nil, &HTTPError{
StatusCode: resp.StatusCode,
Url: url,
URL: url,
}
}
@ -214,12 +219,13 @@ func ReadUrl(url string, client *http.Client, header *http.Header) (body []byte,
return contents, nil
}
func ReadDockerConfigFileFromUrl(url string, client *http.Client, header *http.Header) (cfg DockerConfig, err error) {
if contents, err := ReadUrl(url, client, header); err != nil {
return nil, err
} else {
// ReadDockerConfigFileFromURL read a docker config file from the given url
func ReadDockerConfigFileFromURL(url string, client *http.Client, header *http.Header) (cfg DockerConfig, err error) {
if contents, err := ReadURL(url, client, header); err == nil {
return readDockerConfigFileFromBytes(contents)
}
return nil, err
}
func readDockerConfigFileFromBytes(contents []byte) (cfg DockerConfig, err error) {
@ -230,13 +236,13 @@ func readDockerConfigFileFromBytes(contents []byte) (cfg DockerConfig, err error
return
}
func readDockerConfigJsonFileFromBytes(contents []byte) (cfg DockerConfig, err error) {
var cfgJson DockerConfigJson
if err = json.Unmarshal(contents, &cfgJson); err != nil {
func readDockerConfigJSONFileFromBytes(contents []byte) (cfg DockerConfig, err error) {
var cfgJSON DockerConfigJSON
if err = json.Unmarshal(contents, &cfgJSON); err != nil {
klog.Errorf("while trying to parse blob %q: %v", contents, err)
return nil, err
}
cfg = cfgJson.Auths
cfg = cfgJSON.Auths
return
}
@ -253,6 +259,7 @@ type dockerConfigEntryWithAuth struct {
Auth string `json:"auth,omitempty"`
}
// UnmarshalJSON implements the json.Unmarshaler interface.
func (ident *DockerConfigEntry) UnmarshalJSON(data []byte) error {
var tmp dockerConfigEntryWithAuth
err := json.Unmarshal(data, &tmp)
@ -272,6 +279,7 @@ func (ident *DockerConfigEntry) UnmarshalJSON(data []byte) error {
return err
}
// MarshalJSON implements the json.Marshaler interface.
func (ident DockerConfigEntry) MarshalJSON() ([]byte, error) {
toEncode := dockerConfigEntryWithAuth{ident.Username, ident.Password, ident.Email, ""}
toEncode.Auth = encodeDockerConfigFieldAuth(ident.Username, ident.Password)

12
pkg/credentialprovider/config_test.go
View File

@ -27,11 +27,11 @@ import (
)
func TestReadDockerConfigFile(t *testing.T) {
configJsonFileName := "config.json"
configJSONFileName := "config.json"
var fileInfo *os.File
//test dockerconfig json
inputDockerconfigJsonFile := "{ \"auths\": { \"http://foo.example.com\":{\"auth\":\"Zm9vOmJhcgo=\",\"email\":\"foo@example.com\"}}}"
inputDockerconfigJSONFile := "{ \"auths\": { \"http://foo.example.com\":{\"auth\":\"Zm9vOmJhcgo=\",\"email\":\"foo@example.com\"}}}"
preferredPath, err := ioutil.TempDir("", "test_foo_bar_dockerconfigjson_")
if err != nil {
@ -39,7 +39,7 @@ func TestReadDockerConfigFile(t *testing.T) {
return
}
defer os.RemoveAll(preferredPath)
absDockerConfigFileLocation, err := filepath.Abs(filepath.Join(preferredPath, configJsonFileName))
absDockerConfigFileLocation, err := filepath.Abs(filepath.Join(preferredPath, configJSONFileName))
if err != nil {
t.Fatalf("While trying to canonicalize %s: %v", preferredPath, err)
}
@ -53,7 +53,7 @@ func TestReadDockerConfigFile(t *testing.T) {
defer fileInfo.Close()
}
fileInfo.WriteString(inputDockerconfigJsonFile)
fileInfo.WriteString(inputDockerconfigJSONFile)
orgPreferredPath := GetPreferredDockercfgPath()
SetPreferredDockercfgPath(preferredPath)
@ -66,7 +66,7 @@ func TestDockerConfigJsonJSONDecode(t *testing.T) {
// Fake values for testing.
input := []byte(`{"auths": {"http://foo.example.com":{"username": "foo", "password": "bar", "email": "foo@example.com"}, "http://bar.example.com":{"username": "bar", "password": "baz", "email": "bar@example.com"}}}`)
expect := DockerConfigJson{
expect := DockerConfigJSON{
Auths: DockerConfig(map[string]DockerConfigEntry{
"http://foo.example.com": {
Username: "foo",
@ -81,7 +81,7 @@ func TestDockerConfigJsonJSONDecode(t *testing.T) {
}),
}
var output DockerConfigJson
var output DockerConfigJSON
err := json.Unmarshal(input, &output)
if err != nil {
t.Errorf("Received unexpected error: %v", err)

14
pkg/credentialprovider/gcp/metadata.go
View File

@ -150,7 +150,7 @@ func (g *metadataProvider) Enabled() bool {
func (g *dockerConfigKeyProvider) Provide(image string) credentialprovider.DockerConfig {
// Read the contents of the google-dockercfg metadata key and
// parse them as an alternate .dockercfg
if cfg, err := credentialprovider.ReadDockerConfigFileFromUrl(dockerConfigKey, g.Client, metadataHeader); err != nil {
if cfg, err := credentialprovider.ReadDockerConfigFileFromURL(dockerConfigKey, g.Client, metadataHeader); err != nil {
klog.Errorf("while reading 'google-dockercfg' metadata: %v", err)
} else {
return cfg
@ -162,11 +162,11 @@ func (g *dockerConfigKeyProvider) Provide(image string) credentialprovider.Docke
// Provide implements DockerConfigProvider
func (g *dockerConfigURLKeyProvider) Provide(image string) credentialprovider.DockerConfig {
// Read the contents of the google-dockercfg-url key and load a .dockercfg from there
if url, err := credentialprovider.ReadUrl(dockerConfigURLKey, g.Client, metadataHeader); err != nil {
if url, err := credentialprovider.ReadURL(dockerConfigURLKey, g.Client, metadataHeader); err != nil {
klog.Errorf("while reading 'google-dockercfg-url' metadata: %v", err)
} else {
if strings.HasPrefix(string(url), "http") {
if cfg, err := credentialprovider.ReadDockerConfigFileFromUrl(string(url), g.Client, nil); err != nil {
if cfg, err := credentialprovider.ReadDockerConfigFileFromURL(string(url), g.Client, nil); err != nil {
klog.Errorf("while reading 'google-dockercfg-url'-specified url: %s, %v", string(url), err)
} else {
return cfg
@ -214,7 +214,7 @@ func (g *containerRegistryProvider) Enabled() bool {
}
// Given that we are on GCE, we should keep retrying until the metadata server responds.
value := runWithBackoff(func() ([]byte, error) {
value, err := credentialprovider.ReadUrl(serviceAccounts, g.Client, metadataHeader)
value, err := credentialprovider.ReadURL(serviceAccounts, g.Client, metadataHeader)
if err != nil {
klog.V(2).Infof("Failed to Get service accounts from gce metadata server: %v", err)
}
@ -237,7 +237,7 @@ func (g *containerRegistryProvider) Enabled() bool {
}
url := metadataScopes + "?alt=json"
value = runWithBackoff(func() ([]byte, error) {
value, err := credentialprovider.ReadUrl(url, g.Client, metadataHeader)
value, err := credentialprovider.ReadURL(url, g.Client, metadataHeader)
if err != nil {
klog.V(2).Infof("Failed to Get scopes in default service account from gce metadata server: %v", err)
}
@ -268,13 +268,13 @@ type tokenBlob struct {
func (g *containerRegistryProvider) Provide(image string) credentialprovider.DockerConfig {
cfg := credentialprovider.DockerConfig{}
tokenJSONBlob, err := credentialprovider.ReadUrl(metadataToken, g.Client, metadataHeader)
tokenJSONBlob, err := credentialprovider.ReadURL(metadataToken, g.Client, metadataHeader)
if err != nil {
klog.Errorf("while reading access token endpoint: %v", err)
return cfg
}
email, err := credentialprovider.ReadUrl(metadataEmail, g.Client, metadataHeader)
email, err := credentialprovider.ReadURL(metadataEmail, g.Client, metadataHeader)
if err != nil {
klog.Errorf("while reading email endpoint: %v", err)
return cfg

38
pkg/credentialprovider/keyring.go
View File

@ -73,6 +73,7 @@ type AuthConfig struct {
RegistryToken string `json:"registrytoken,omitempty"`
}
// Add add some docker config in basic docker keyring
func (dk *BasicDockerKeyring) Add(cfg DockerConfig) {
if dk.index == nil {
dk.index = make([]string, 0)
@ -159,8 +160,8 @@ func isDefaultRegistryMatch(image string) bool {
// url.Parse require a scheme, but ours don't have schemes. Adding a
// scheme to make url.Parse happy, then clear out the resulting scheme.
func parseSchemelessUrl(schemelessUrl string) (*url.URL, error) {
parsed, err := url.Parse("https://" + schemelessUrl)
func parseSchemelessURL(schemelessURL string) (*url.URL, error) {
parsed, err := url.Parse("https://" + schemelessURL)
if err != nil {
return nil, err
}
@ -170,7 +171,7 @@ func parseSchemelessUrl(schemelessUrl string) (*url.URL, error) {
}
// split the host name into parts, as well as the port
func splitUrl(url *url.URL) (parts []string, port string) {
func splitURL(url *url.URL) (parts []string, port string) {
host, port, err := net.SplitHostPort(url.Host)
if err != nil {
// could not parse port
@ -181,43 +182,43 @@ func splitUrl(url *url.URL) (parts []string, port string) {
// overloaded version of urlsMatch, operating on strings instead of URLs.
func urlsMatchStr(glob string, target string) (bool, error) {
globUrl, err := parseSchemelessUrl(glob)
globURL, err := parseSchemelessURL(glob)
if err != nil {
return false, err
}
targetUrl, err := parseSchemelessUrl(target)
targetURL, err := parseSchemelessURL(target)
if err != nil {
return false, err
}
return urlsMatch(globUrl, targetUrl)
return urlsMatch(globURL, targetURL)
}
// check whether the given target url matches the glob url, which may have
// glob wild cards in the host name.
//
// Examples:
// globUrl=*.docker.io, targetUrl=blah.docker.io => match
// globUrl=*.docker.io, targetUrl=not.right.io => no match
// globURL=*.docker.io, targetURL=blah.docker.io => match
// globURL=*.docker.io, targetURL=not.right.io => no match
//
// Note that we don't support wildcards in ports and paths yet.
func urlsMatch(globUrl *url.URL, targetUrl *url.URL) (bool, error) {
globUrlParts, globPort := splitUrl(globUrl)
targetUrlParts, targetPort := splitUrl(targetUrl)
func urlsMatch(globURL *url.URL, targetURL *url.URL) (bool, error) {
globURLParts, globPort := splitURL(globURL)
targetURLParts, targetPort := splitURL(targetURL)
if globPort != targetPort {
// port doesn't match
return false, nil
}
if len(globUrlParts) != len(targetUrlParts) {
if len(globURLParts) != len(targetURLParts) {
// host name does not have the same number of parts
return false, nil
}
if !strings.HasPrefix(targetUrl.Path, globUrl.Path) {
if !strings.HasPrefix(targetURL.Path, globURL.Path) {
// the path of the credential must be a prefix
return false, nil
}
for k, globUrlPart := range globUrlParts {
targetUrlPart := targetUrlParts[k]
matched, err := filepath.Match(globUrlPart, targetUrlPart)
for k, globURLPart := range globURLParts {
targetURLPart := targetURLParts[k]
matched, err := filepath.Match(globURLPart, targetURLPart)
if err != nil {
return false, err
}
@ -270,11 +271,14 @@ func (dk *providersDockerKeyring) Lookup(image string) ([]AuthConfig, bool) {
return keyring.Lookup(image)
}
// FakeKeyring a fake config credentials
type FakeKeyring struct {
auth []AuthConfig
ok bool
}
// Lookup implements the DockerKeyring method for fetching credentials based on image name
// return fake auth and ok
func (f *FakeKeyring) Lookup(image string) ([]AuthConfig, bool) {
return f.auth, f.ok
}
@ -282,6 +286,8 @@ func (f *FakeKeyring) Lookup(image string) ([]AuthConfig, bool) {
// UnionDockerKeyring delegates to a set of keyrings.
type UnionDockerKeyring []DockerKeyring
// Lookup implements the DockerKeyring method for fetching credentials based on image name.
// return each credentials
func (k UnionDockerKeyring) Lookup(image string) ([]AuthConfig, bool) {
authConfigs := []AuthConfig{}
for _, subKeyring := range k {

176
pkg/credentialprovider/keyring_test.go
View File

@ -25,169 +25,169 @@ import (
func TestUrlsMatch(t *testing.T) {
tests := []struct {
globUrl string
targetUrl string
globURL string
targetURL string
matchExpected bool
}{
// match when there is no path component
{
globUrl: "*.kubernetes.io",
targetUrl: "prefix.kubernetes.io",
globURL: "*.kubernetes.io",
targetURL: "prefix.kubernetes.io",
matchExpected: true,
},
{
globUrl: "prefix.*.io",
targetUrl: "prefix.kubernetes.io",
globURL: "prefix.*.io",
targetURL: "prefix.kubernetes.io",
matchExpected: true,
},
{
globUrl: "prefix.kubernetes.*",
targetUrl: "prefix.kubernetes.io",
globURL: "prefix.kubernetes.*",
targetURL: "prefix.kubernetes.io",
matchExpected: true,
},
{
globUrl: "*-good.kubernetes.io",
targetUrl: "prefix-good.kubernetes.io",
globURL: "*-good.kubernetes.io",
targetURL: "prefix-good.kubernetes.io",
matchExpected: true,
},
// match with path components
{
globUrl: "*.kubernetes.io/blah",
targetUrl: "prefix.kubernetes.io/blah",
globURL: "*.kubernetes.io/blah",
targetURL: "prefix.kubernetes.io/blah",
matchExpected: true,
},
{
globUrl: "prefix.*.io/foo",
targetUrl: "prefix.kubernetes.io/foo/bar",
globURL: "prefix.*.io/foo",
targetURL: "prefix.kubernetes.io/foo/bar",
matchExpected: true,
},
// match with path components and ports
{
globUrl: "*.kubernetes.io:1111/blah",
targetUrl: "prefix.kubernetes.io:1111/blah",
globURL: "*.kubernetes.io:1111/blah",
targetURL: "prefix.kubernetes.io:1111/blah",
matchExpected: true,
},
{
globUrl: "prefix.*.io:1111/foo",
targetUrl: "prefix.kubernetes.io:1111/foo/bar",
globURL: "prefix.*.io:1111/foo",
targetURL: "prefix.kubernetes.io:1111/foo/bar",
matchExpected: true,
},
// no match when number of parts mismatch
{
globUrl: "*.kubernetes.io",
targetUrl: "kubernetes.io",
globURL: "*.kubernetes.io",
targetURL: "kubernetes.io",
matchExpected: false,
},
{
globUrl: "*.*.kubernetes.io",
targetUrl: "prefix.kubernetes.io",
globURL: "*.*.kubernetes.io",
targetURL: "prefix.kubernetes.io",
matchExpected: false,
},
{
globUrl: "*.*.kubernetes.io",
targetUrl: "kubernetes.io",
globURL: "*.*.kubernetes.io",
targetURL: "kubernetes.io",
matchExpected: false,
},
// no match when some parts mismatch
{
globUrl: "kubernetes.io",
targetUrl: "kubernetes.com",
globURL: "kubernetes.io",
targetURL: "kubernetes.com",
matchExpected: false,
},
{
globUrl: "k*.io",
targetUrl: "quay.io",
globURL: "k*.io",
targetURL: "quay.io",
matchExpected: false,
},
// no match when ports mismatch
{
globUrl: "*.kubernetes.io:1234/blah",
targetUrl: "prefix.kubernetes.io:1111/blah",
globURL: "*.kubernetes.io:1234/blah",
targetURL: "prefix.kubernetes.io:1111/blah",
matchExpected: false,
},
{
globUrl: "prefix.*.io/foo",
targetUrl: "prefix.kubernetes.io:1111/foo/bar",
globURL: "prefix.*.io/foo",
targetURL: "prefix.kubernetes.io:1111/foo/bar",
matchExpected: false,
},
}
for _, test := range tests {
matched, _ := urlsMatchStr(test.globUrl, test.targetUrl)
matched, _ := urlsMatchStr(test.globURL, test.targetURL)
if matched != test.matchExpected {
t.Errorf("Expected match result of %s and %s to be %t, but was %t",
test.globUrl, test.targetUrl, test.matchExpected, matched)
test.globURL, test.targetURL, test.matchExpected, matched)
}
}
}
func TestDockerKeyringForGlob(t *testing.T) {
tests := []struct {
globUrl string
targetUrl string
globURL string
targetURL string
}{
{
globUrl: "https://hello.kubernetes.io",
targetUrl: "hello.kubernetes.io",
globURL: "https://hello.kubernetes.io",
targetURL: "hello.kubernetes.io",
},
{
globUrl: "https://*.docker.io",
targetUrl: "prefix.docker.io",
globURL: "https://*.docker.io",
targetURL: "prefix.docker.io",
},
{
globUrl: "https://prefix.*.io",
targetUrl: "prefix.docker.io",
globURL: "https://prefix.*.io",
targetURL: "prefix.docker.io",
},
{
globUrl: "https://prefix.docker.*",
targetUrl: "prefix.docker.io",
globURL: "https://prefix.docker.*",
targetURL: "prefix.docker.io",
},
{
globUrl: "https://*.docker.io/path",
targetUrl: "prefix.docker.io/path",
globURL: "https://*.docker.io/path",
targetURL: "prefix.docker.io/path",
},
{
globUrl: "https://prefix.*.io/path",
targetUrl: "prefix.docker.io/path/subpath",
globURL: "https://prefix.*.io/path",
targetURL: "prefix.docker.io/path/subpath",
},
{
globUrl: "https://prefix.docker.*/path",
targetUrl: "prefix.docker.io/path",
globURL: "https://prefix.docker.*/path",
targetURL: "prefix.docker.io/path",
},
{
globUrl: "https://*.docker.io:8888",
targetUrl: "prefix.docker.io:8888",
globURL: "https://*.docker.io:8888",
targetURL: "prefix.docker.io:8888",
},
{
globUrl: "https://prefix.*.io:8888",
targetUrl: "prefix.docker.io:8888",
globURL: "https://prefix.*.io:8888",
targetURL: "prefix.docker.io:8888",
},
{
globUrl: "https://prefix.docker.*:8888",
targetUrl: "prefix.docker.io:8888",
globURL: "https://prefix.docker.*:8888",
targetURL: "prefix.docker.io:8888",
},
{
globUrl: "https://*.docker.io/path:1111",
targetUrl: "prefix.docker.io/path:1111",
globURL: "https://*.docker.io/path:1111",
targetURL: "prefix.docker.io/path:1111",
},
{
globUrl: "https://*.docker.io/v1/",
targetUrl: "prefix.docker.io/path:1111",
globURL: "https://*.docker.io/v1/",
targetURL: "prefix.docker.io/path:1111",
},
{
globUrl: "https://*.docker.io/v2/",
targetUrl: "prefix.docker.io/path:1111",
globURL: "https://*.docker.io/v2/",
targetURL: "prefix.docker.io/path:1111",
},
{
globUrl: "https://prefix.docker.*/path:1111",
targetUrl: "prefix.docker.io/path:1111",
globURL: "https://prefix.docker.*/path:1111",
targetURL: "prefix.docker.io/path:1111",
},
{
globUrl: "prefix.docker.io:1111",
targetUrl: "prefix.docker.io:1111/path",
globURL: "prefix.docker.io:1111",
targetURL: "prefix.docker.io:1111/path",
},
{
globUrl: "*.docker.io:1111",
targetUrl: "prefix.docker.io:1111/path",
globURL: "*.docker.io:1111",
targetURL: "prefix.docker.io:1111/path",
},
}
for i, test := range tests {
@ -200,7 +200,7 @@ func TestDockerKeyringForGlob(t *testing.T) {
"email": %q,
"auth": %q
}
}`, test.globUrl, email, auth)
}`, test.globURL, email, auth)
keyring := &BasicDockerKeyring{}
if cfg, err := readDockerConfigFileFromBytes([]byte(sampleDockerConfig)); err != nil {
@ -209,9 +209,9 @@ func TestDockerKeyringForGlob(t *testing.T) {
keyring.Add(cfg)
}
creds, ok := keyring.Lookup(test.targetUrl + "/foo/bar")
creds, ok := keyring.Lookup(test.targetURL + "/foo/bar")
if !ok {
t.Errorf("%d: Didn't find expected URL: %s", i, test.targetUrl)
t.Errorf("%d: Didn't find expected URL: %s", i, test.targetURL)
continue
}
val := creds[0]
@ -230,32 +230,32 @@ func TestDockerKeyringForGlob(t *testing.T) {
func TestKeyringMiss(t *testing.T) {
tests := []struct {
globUrl string
lookupUrl string
globURL string
lookupURL string
}{
{
globUrl: "https://hello.kubernetes.io",
lookupUrl: "world.mesos.org/foo/bar",
globURL: "https://hello.kubernetes.io",
lookupURL: "world.mesos.org/foo/bar",
},
{
globUrl: "https://*.docker.com",
lookupUrl: "prefix.docker.io",
globURL: "https://*.docker.com",
lookupURL: "prefix.docker.io",
},
{
globUrl: "https://suffix.*.io",
lookupUrl: "prefix.docker.io",
globURL: "https://suffix.*.io",
lookupURL: "prefix.docker.io",
},
{
globUrl: "https://prefix.docker.c*",
lookupUrl: "prefix.docker.io",
globURL: "https://prefix.docker.c*",
lookupURL: "prefix.docker.io",
},
{
globUrl: "https://prefix.*.io/path:1111",
lookupUrl: "prefix.docker.io/path/subpath:1111",
globURL: "https://prefix.*.io/path:1111",
lookupURL: "prefix.docker.io/path/subpath:1111",
},
{
globUrl: "suffix.*.io",
lookupUrl: "prefix.docker.io",
globURL: "suffix.*.io",
lookupURL: "prefix.docker.io",
},
}
for _, test := range tests {
@ -268,7 +268,7 @@ func TestKeyringMiss(t *testing.T) {
"email": %q,
"auth": %q
}
}`, test.globUrl, email, auth)
}`, test.globURL, email, auth)
keyring := &BasicDockerKeyring{}
if cfg, err := readDockerConfigFileFromBytes([]byte(sampleDockerConfig)); err != nil {
@ -277,9 +277,9 @@ func TestKeyringMiss(t *testing.T) {
keyring.Add(cfg)
}
_, ok := keyring.Lookup(test.lookupUrl + "/foo/bar")
_, ok := keyring.Lookup(test.lookupURL + "/foo/bar")
if ok {
t.Errorf("Expected not to find URL %s, but found", test.lookupUrl)
t.Errorf("Expected not to find URL %s, but found", test.lookupURL)
}
}

2
pkg/credentialprovider/secrets/secrets.go
View File

@ -30,7 +30,7 @@ func MakeDockerKeyring(passedSecrets []v1.Secret, defaultKeyring credentialprovi
passedCredentials := []credentialprovider.DockerConfig{}
for _, passedSecret := range passedSecrets {
if dockerConfigJSONBytes, dockerConfigJSONExists := passedSecret.Data[v1.DockerConfigJsonKey]; (passedSecret.Type == v1.SecretTypeDockerConfigJson) && dockerConfigJSONExists && (len(dockerConfigJSONBytes) > 0) {
dockerConfigJSON := credentialprovider.DockerConfigJson{}
dockerConfigJSON := credentialprovider.DockerConfigJSON{}
if err := json.Unmarshal(dockerConfigJSONBytes, &dockerConfigJSON); err != nil {
return nil, err
}