Inicio Explorar Axuda
Iniciar sesión
tzeneto
/
custom-kube-scheduler
Seguir 1
Destacar 0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Árbore: 00784d0d8d
Ramas Etiquetas
custom-kube-...
/
kubernetes-v1.15.4
/
pkg
/
credentialprovider
/
keyring_test.go

keyring_test.go 15 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617 
  1. /*
    2. 

  2. Copyright 2014 The Kubernetes Authors.
    3. 

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package credentialprovider
    18. 

  18. 

  19. import (
    20. 

  20. 	"encoding/base64"
    21. 

  21. 	"fmt"
    22. 

  22. 	"reflect"
    23. 

  23. 	"testing"
    24. 

  24. )
    25. 

  25. 

  26. func TestUrlsMatch(t *testing.T) {
    27. 

  27. 	tests := []struct {
    28. 

  28. 		globUrl       string
    29. 

  29. 		targetUrl     string
    30. 

  30. 		matchExpected bool
    31. 

  31. 	}{
    32. 

  32. 		// match when there is no path component
    33. 

  33. 		{
    34. 

  34. 			globUrl:       "*.kubernetes.io",
    35. 

  35. 			targetUrl:     "prefix.kubernetes.io",
    36. 

  36. 			matchExpected: true,
    37. 

  37. 		},
    38. 

  38. 		{
    39. 

  39. 			globUrl:       "prefix.*.io",
    40. 

  40. 			targetUrl:     "prefix.kubernetes.io",
    41. 

  41. 			matchExpected: true,
    42. 

  42. 		},
    43. 

  43. 		{
    44. 

  44. 			globUrl:       "prefix.kubernetes.*",
    45. 

  45. 			targetUrl:     "prefix.kubernetes.io",
    46. 

  46. 			matchExpected: true,
    47. 

  47. 		},
    48. 

  48. 		{
    49. 

  49. 			globUrl:       "*-good.kubernetes.io",
    50. 

  50. 			targetUrl:     "prefix-good.kubernetes.io",
    51. 

  51. 			matchExpected: true,
    52. 

  52. 		},
    53. 

  53. 		// match with path components
    54. 

  54. 		{
    55. 

  55. 			globUrl:       "*.kubernetes.io/blah",
    56. 

  56. 			targetUrl:     "prefix.kubernetes.io/blah",
    57. 

  57. 			matchExpected: true,
    58. 

  58. 		},
    59. 

  59. 		{
    60. 

  60. 			globUrl:       "prefix.*.io/foo",
    61. 

  61. 			targetUrl:     "prefix.kubernetes.io/foo/bar",
    62. 

  62. 			matchExpected: true,
    63. 

  63. 		},
    64. 

  64. 		// match with path components and ports
    65. 

  65. 		{
    66. 

  66. 			globUrl:       "*.kubernetes.io:1111/blah",
    67. 

  67. 			targetUrl:     "prefix.kubernetes.io:1111/blah",
    68. 

  68. 			matchExpected: true,
    69. 

  69. 		},
    70. 

  70. 		{
    71. 

  71. 			globUrl:       "prefix.*.io:1111/foo",
    72. 

  72. 			targetUrl:     "prefix.kubernetes.io:1111/foo/bar",
    73. 

  73. 			matchExpected: true,
    74. 

  74. 		},
    75. 

  75. 		// no match when number of parts mismatch
    76. 

  76. 		{
    77. 

  77. 			globUrl:       "*.kubernetes.io",
    78. 

  78. 			targetUrl:     "kubernetes.io",
    79. 

  79. 			matchExpected: false,
    80. 

  80. 		},
    81. 

  81. 		{
    82. 

  82. 			globUrl:       "*.*.kubernetes.io",
    83. 

  83. 			targetUrl:     "prefix.kubernetes.io",
    84. 

  84. 			matchExpected: false,
    85. 

  85. 		},
    86. 

  86. 		{
    87. 

  87. 			globUrl:       "*.*.kubernetes.io",
    88. 

  88. 			targetUrl:     "kubernetes.io",
    89. 

  89. 			matchExpected: false,
    90. 

  90. 		},
    91. 

  91. 		// no match when some parts mismatch
    92. 

  92. 		{
    93. 

  93. 			globUrl:       "kubernetes.io",
    94. 

  94. 			targetUrl:     "kubernetes.com",
    95. 

  95. 			matchExpected: false,
    96. 

  96. 		},
    97. 

  97. 		{
    98. 

  98. 			globUrl:       "k*.io",
    99. 

  99. 			targetUrl:     "quay.io",
    100. 

  100. 			matchExpected: false,
    101. 

  101. 		},
    102. 

  102. 		// no match when ports mismatch
    103. 

  103. 		{
    104. 

  104. 			globUrl:       "*.kubernetes.io:1234/blah",
    105. 

  105. 			targetUrl:     "prefix.kubernetes.io:1111/blah",
    106. 

  106. 			matchExpected: false,
    107. 

  107. 		},
    108. 

  108. 		{
    109. 

  109. 			globUrl:       "prefix.*.io/foo",
    110. 

  110. 			targetUrl:     "prefix.kubernetes.io:1111/foo/bar",
    111. 

  111. 			matchExpected: false,
    112. 

  112. 		},
    113. 

  113. 	}
    114. 

  114. 	for _, test := range tests {
    115. 

  115. 		matched, _ := urlsMatchStr(test.globUrl, test.targetUrl)
    116. 

  116. 		if matched != test.matchExpected {
    117. 

  117. 			t.Errorf("Expected match result of %s and %s to be %t, but was %t",
    118. 

  118. 				test.globUrl, test.targetUrl, test.matchExpected, matched)
    119. 

  119. 		}
    120. 

  120. 	}
    121. 

  121. }
    122. 

  122. 

  123. func TestDockerKeyringForGlob(t *testing.T) {
    124. 

  124. 	tests := []struct {
    125. 

  125. 		globUrl   string
    126. 

  126. 		targetUrl string
    127. 

  127. 	}{
    128. 

  128. 		{
    129. 

  129. 			globUrl:   "https://hello.kubernetes.io",
    130. 

  130. 			targetUrl: "hello.kubernetes.io",
    131. 

  131. 		},
    132. 

  132. 		{
    133. 

  133. 			globUrl:   "https://*.docker.io",
    134. 

  134. 			targetUrl: "prefix.docker.io",
    135. 

  135. 		},
    136. 

  136. 		{
    137. 

  137. 			globUrl:   "https://prefix.*.io",
    138. 

  138. 			targetUrl: "prefix.docker.io",
    139. 

  139. 		},
    140. 

  140. 		{
    141. 

  141. 			globUrl:   "https://prefix.docker.*",
    142. 

  142. 			targetUrl: "prefix.docker.io",
    143. 

  143. 		},
    144. 

  144. 		{
    145. 

  145. 			globUrl:   "https://*.docker.io/path",
    146. 

  146. 			targetUrl: "prefix.docker.io/path",
    147. 

  147. 		},
    148. 

  148. 		{
    149. 

  149. 			globUrl:   "https://prefix.*.io/path",
    150. 

  150. 			targetUrl: "prefix.docker.io/path/subpath",
    151. 

  151. 		},
    152. 

  152. 		{
    153. 

  153. 			globUrl:   "https://prefix.docker.*/path",
    154. 

  154. 			targetUrl: "prefix.docker.io/path",
    155. 

  155. 		},
    156. 

  156. 		{
    157. 

  157. 			globUrl:   "https://*.docker.io:8888",
    158. 

  158. 			targetUrl: "prefix.docker.io:8888",
    159. 

  159. 		},
    160. 

  160. 		{
    161. 

  161. 			globUrl:   "https://prefix.*.io:8888",
    162. 

  162. 			targetUrl: "prefix.docker.io:8888",
    163. 

  163. 		},
    164. 

  164. 		{
    165. 

  165. 			globUrl:   "https://prefix.docker.*:8888",
    166. 

  166. 			targetUrl: "prefix.docker.io:8888",
    167. 

  167. 		},
    168. 

  168. 		{
    169. 

  169. 			globUrl:   "https://*.docker.io/path:1111",
    170. 

  170. 			targetUrl: "prefix.docker.io/path:1111",
    171. 

  171. 		},
    172. 

  172. 		{
    173. 

  173. 			globUrl:   "https://*.docker.io/v1/",
    174. 

  174. 			targetUrl: "prefix.docker.io/path:1111",
    175. 

  175. 		},
    176. 

  176. 		{
    177. 

  177. 			globUrl:   "https://*.docker.io/v2/",
    178. 

  178. 			targetUrl: "prefix.docker.io/path:1111",
    179. 

  179. 		},
    180. 

  180. 		{
    181. 

  181. 			globUrl:   "https://prefix.docker.*/path:1111",
    182. 

  182. 			targetUrl: "prefix.docker.io/path:1111",
    183. 

  183. 		},
    184. 

  184. 		{
    185. 

  185. 			globUrl:   "prefix.docker.io:1111",
    186. 

  186. 			targetUrl: "prefix.docker.io:1111/path",
    187. 

  187. 		},
    188. 

  188. 		{
    189. 

  189. 			globUrl:   "*.docker.io:1111",
    190. 

  190. 			targetUrl: "prefix.docker.io:1111/path",
    191. 

  191. 		},
    192. 

  192. 	}
    193. 

  193. 	for i, test := range tests {
    194. 

  194. 		email := "foo@bar.baz"
    195. 

  195. 		username := "foo"
    196. 

  196. 		password := "bar"
    197. 

  197. 		auth := base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", username, password)))
    198. 

  198. 		sampleDockerConfig := fmt.Sprintf(`{
    199. 

  199.    "%s": {
    200. 

  200.      "email": %q,
    201. 

  201.      "auth": %q
    202. 

  202.    }
    203. 

  203. }`, test.globUrl, email, auth)
    204. 

  204. 

  205. 		keyring := &BasicDockerKeyring{}
    206. 

  206. 		if cfg, err := readDockerConfigFileFromBytes([]byte(sampleDockerConfig)); err != nil {
    207. 

  207. 			t.Errorf("Error processing json blob %q, %v", sampleDockerConfig, err)
    208. 

  208. 		} else {
    209. 

  209. 			keyring.Add(cfg)
    210. 

  210. 		}
    211. 

  211. 

  212. 		creds, ok := keyring.Lookup(test.targetUrl + "/foo/bar")
    213. 

  213. 		if !ok {
    214. 

  214. 			t.Errorf("%d: Didn't find expected URL: %s", i, test.targetUrl)
    215. 

  215. 			continue
    216. 

  216. 		}
    217. 

  217. 		val := creds[0]
    218. 

  218. 

  219. 		if username != val.Username {
    220. 

  220. 			t.Errorf("Unexpected username value, want: %s, got: %s", username, val.Username)
    221. 

  221. 		}
    222. 

  222. 		if password != val.Password {
    223. 

  223. 			t.Errorf("Unexpected password value, want: %s, got: %s", password, val.Password)
    224. 

  224. 		}
    225. 

  225. 		if email != val.Email {
    226. 

  226. 			t.Errorf("Unexpected email value, want: %s, got: %s", email, val.Email)
    227. 

  227. 		}
    228. 

  228. 	}
    229. 

  229. }
    230. 

  230. 

  231. func TestKeyringMiss(t *testing.T) {
    232. 

  232. 	tests := []struct {
    233. 

  233. 		globUrl   string
    234. 

  234. 		lookupUrl string
    235. 

  235. 	}{
    236. 

  236. 		{
    237. 

  237. 			globUrl:   "https://hello.kubernetes.io",
    238. 

  238. 			lookupUrl: "world.mesos.org/foo/bar",
    239. 

  239. 		},
    240. 

  240. 		{
    241. 

  241. 			globUrl:   "https://*.docker.com",
    242. 

  242. 			lookupUrl: "prefix.docker.io",
    243. 

  243. 		},
    244. 

  244. 		{
    245. 

  245. 			globUrl:   "https://suffix.*.io",
    246. 

  246. 			lookupUrl: "prefix.docker.io",
    247. 

  247. 		},
    248. 

  248. 		{
    249. 

  249. 			globUrl:   "https://prefix.docker.c*",
    250. 

  250. 			lookupUrl: "prefix.docker.io",
    251. 

  251. 		},
    252. 

  252. 		{
    253. 

  253. 			globUrl:   "https://prefix.*.io/path:1111",
    254. 

  254. 			lookupUrl: "prefix.docker.io/path/subpath:1111",
    255. 

  255. 		},
    256. 

  256. 		{
    257. 

  257. 			globUrl:   "suffix.*.io",
    258. 

  258. 			lookupUrl: "prefix.docker.io",
    259. 

  259. 		},
    260. 

  260. 	}
    261. 

  261. 	for _, test := range tests {
    262. 

  262. 		email := "foo@bar.baz"
    263. 

  263. 		username := "foo"
    264. 

  264. 		password := "bar"
    265. 

  265. 		auth := base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", username, password)))
    266. 

  266. 		sampleDockerConfig := fmt.Sprintf(`{
    267. 

  267.    "%s": {
    268. 

  268.      "email": %q,
    269. 

  269.      "auth": %q
    270. 

  270.    }
    271. 

  271. }`, test.globUrl, email, auth)
    272. 

  272. 

  273. 		keyring := &BasicDockerKeyring{}
    274. 

  274. 		if cfg, err := readDockerConfigFileFromBytes([]byte(sampleDockerConfig)); err != nil {
    275. 

  275. 			t.Errorf("Error processing json blob %q, %v", sampleDockerConfig, err)
    276. 

  276. 		} else {
    277. 

  277. 			keyring.Add(cfg)
    278. 

  278. 		}
    279. 

  279. 

  280. 		_, ok := keyring.Lookup(test.lookupUrl + "/foo/bar")
    281. 

  281. 		if ok {
    282. 

  282. 			t.Errorf("Expected not to find URL %s, but found", test.lookupUrl)
    283. 

  283. 		}
    284. 

  284. 	}
    285. 

  285. 

  286. }
    287. 

  287. 

  288. func TestKeyringMissWithDockerHubCredentials(t *testing.T) {
    289. 

  289. 	url := defaultRegistryKey
    290. 

  290. 	email := "foo@bar.baz"
    291. 

  291. 	username := "foo"
    292. 

  292. 	password := "bar"
    293. 

  293. 	auth := base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", username, password)))
    294. 

  294. 	sampleDockerConfig := fmt.Sprintf(`{
    295. 

  295.    "https://%s": {
    296. 

  296.      "email": %q,
    297. 

  297.      "auth": %q
    298. 

  298.    }
    299. 

  299. }`, url, email, auth)
    300. 

  300. 

  301. 	keyring := &BasicDockerKeyring{}
    302. 

  302. 	if cfg, err := readDockerConfigFileFromBytes([]byte(sampleDockerConfig)); err != nil {
    303. 

  303. 		t.Errorf("Error processing json blob %q, %v", sampleDockerConfig, err)
    304. 

  304. 	} else {
    305. 

  305. 		keyring.Add(cfg)
    306. 

  306. 	}
    307. 

  307. 

  308. 	val, ok := keyring.Lookup("world.mesos.org/foo/bar")
    309. 

  309. 	if ok {
    310. 

  310. 		t.Errorf("Found unexpected credential: %+v", val)
    311. 

  311. 	}
    312. 

  312. }
    313. 

  313. 

  314. func TestKeyringHitWithUnqualifiedDockerHub(t *testing.T) {
    315. 

  315. 	url := defaultRegistryKey
    316. 

  316. 	email := "foo@bar.baz"
    317. 

  317. 	username := "foo"
    318. 

  318. 	password := "bar"
    319. 

  319. 	auth := base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", username, password)))
    320. 

  320. 	sampleDockerConfig := fmt.Sprintf(`{
    321. 

  321.    "https://%s": {
    322. 

  322.      "email": %q,
    323. 

  323.      "auth": %q
    324. 

  324.    }
    325. 

  325. }`, url, email, auth)
    326. 

  326. 

  327. 	keyring := &BasicDockerKeyring{}
    328. 

  328. 	if cfg, err := readDockerConfigFileFromBytes([]byte(sampleDockerConfig)); err != nil {
    329. 

  329. 		t.Errorf("Error processing json blob %q, %v", sampleDockerConfig, err)
    330. 

  330. 	} else {
    331. 

  331. 		keyring.Add(cfg)
    332. 

  332. 	}
    333. 

  333. 

  334. 	creds, ok := keyring.Lookup("google/docker-registry")
    335. 

  335. 	if !ok {
    336. 

  336. 		t.Errorf("Didn't find expected URL: %s", url)
    337. 

  337. 		return
    338. 

  338. 	}
    339. 

  339. 	if len(creds) > 1 {
    340. 

  340. 		t.Errorf("Got more hits than expected: %s", creds)
    341. 

  341. 	}
    342. 

  342. 	val := creds[0]
    343. 

  343. 

  344. 	if username != val.Username {
    345. 

  345. 		t.Errorf("Unexpected username value, want: %s, got: %s", username, val.Username)
    346. 

  346. 	}
    347. 

  347. 	if password != val.Password {
    348. 

  348. 		t.Errorf("Unexpected password value, want: %s, got: %s", password, val.Password)
    349. 

  349. 	}
    350. 

  350. 	if email != val.Email {
    351. 

  351. 		t.Errorf("Unexpected email value, want: %s, got: %s", email, val.Email)
    352. 

  352. 	}
    353. 

  353. }
    354. 

  354. 

  355. func TestKeyringHitWithUnqualifiedLibraryDockerHub(t *testing.T) {
    356. 

  356. 	url := defaultRegistryKey
    357. 

  357. 	email := "foo@bar.baz"
    358. 

  358. 	username := "foo"
    359. 

  359. 	password := "bar"
    360. 

  360. 	auth := base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", username, password)))
    361. 

  361. 	sampleDockerConfig := fmt.Sprintf(`{
    362. 

  362.    "https://%s": {
    363. 

  363.      "email": %q,
    364. 

  364.      "auth": %q
    365. 

  365.    }
    366. 

  366. }`, url, email, auth)
    367. 

  367. 

  368. 	keyring := &BasicDockerKeyring{}
    369. 

  369. 	if cfg, err := readDockerConfigFileFromBytes([]byte(sampleDockerConfig)); err != nil {
    370. 

  370. 		t.Errorf("Error processing json blob %q, %v", sampleDockerConfig, err)
    371. 

  371. 	} else {
    372. 

  372. 		keyring.Add(cfg)
    373. 

  373. 	}
    374. 

  374. 

  375. 	creds, ok := keyring.Lookup("jenkins")
    376. 

  376. 	if !ok {
    377. 

  377. 		t.Errorf("Didn't find expected URL: %s", url)
    378. 

  378. 		return
    379. 

  379. 	}
    380. 

  380. 	if len(creds) > 1 {
    381. 

  381. 		t.Errorf("Got more hits than expected: %s", creds)
    382. 

  382. 	}
    383. 

  383. 	val := creds[0]
    384. 

  384. 

  385. 	if username != val.Username {
    386. 

  386. 		t.Errorf("Unexpected username value, want: %s, got: %s", username, val.Username)
    387. 

  387. 	}
    388. 

  388. 	if password != val.Password {
    389. 

  389. 		t.Errorf("Unexpected password value, want: %s, got: %s", password, val.Password)
    390. 

  390. 	}
    391. 

  391. 	if email != val.Email {
    392. 

  392. 		t.Errorf("Unexpected email value, want: %s, got: %s", email, val.Email)
    393. 

  393. 	}
    394. 

  394. }
    395. 

  395. 

  396. func TestKeyringHitWithQualifiedDockerHub(t *testing.T) {
    397. 

  397. 	url := defaultRegistryKey
    398. 

  398. 	email := "foo@bar.baz"
    399. 

  399. 	username := "foo"
    400. 

  400. 	password := "bar"
    401. 

  401. 	auth := base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", username, password)))
    402. 

  402. 	sampleDockerConfig := fmt.Sprintf(`{
    403. 

  403.    "https://%s": {
    404. 

  404.      "email": %q,
    405. 

  405.      "auth": %q
    406. 

  406.    }
    407. 

  407. }`, url, email, auth)
    408. 

  408. 

  409. 	keyring := &BasicDockerKeyring{}
    410. 

  410. 	if cfg, err := readDockerConfigFileFromBytes([]byte(sampleDockerConfig)); err != nil {
    411. 

  411. 		t.Errorf("Error processing json blob %q, %v", sampleDockerConfig, err)
    412. 

  412. 	} else {
    413. 

  413. 		keyring.Add(cfg)
    414. 

  414. 	}
    415. 

  415. 

  416. 	creds, ok := keyring.Lookup(url + "/google/docker-registry")
    417. 

  417. 	if !ok {
    418. 

  418. 		t.Errorf("Didn't find expected URL: %s", url)
    419. 

  419. 		return
    420. 

  420. 	}
    421. 

  421. 	if len(creds) > 2 {
    422. 

  422. 		t.Errorf("Got more hits than expected: %s", creds)
    423. 

  423. 	}
    424. 

  424. 	val := creds[0]
    425. 

  425. 

  426. 	if username != val.Username {
    427. 

  427. 		t.Errorf("Unexpected username value, want: %s, got: %s", username, val.Username)
    428. 

  428. 	}
    429. 

  429. 	if password != val.Password {
    430. 

  430. 		t.Errorf("Unexpected password value, want: %s, got: %s", password, val.Password)
    431. 

  431. 	}
    432. 

  432. 	if email != val.Email {
    433. 

  433. 		t.Errorf("Unexpected email value, want: %s, got: %s", email, val.Email)
    434. 

  434. 	}
    435. 

  435. }
    436. 

  436. 

  437. func TestIsDefaultRegistryMatch(t *testing.T) {
    438. 

  438. 	samples := []map[bool]string{
    439. 

  439. 		{true: "foo/bar"},
    440. 

  440. 		{true: "docker.io/foo/bar"},
    441. 

  441. 		{true: "index.docker.io/foo/bar"},
    442. 

  442. 		{true: "foo"},
    443. 

  443. 		{false: ""},
    444. 

  444. 		{false: "registry.tld/foo/bar"},
    445. 

  445. 		{false: "registry:5000/foo/bar"},
    446. 

  446. 		{false: "myhostdocker.io/foo/bar"},
    447. 

  447. 	}
    448. 

  448. 	for _, sample := range samples {
    449. 

  449. 		for expected, imageName := range sample {
    450. 

  450. 			if got := isDefaultRegistryMatch(imageName); got != expected {
    451. 

  451. 				t.Errorf("Expected '%s' to be %t, got %t", imageName, expected, got)
    452. 

  452. 			}
    453. 

  453. 		}
    454. 

  454. 	}
    455. 

  455. }
    456. 

  456. 

  457. type testProvider struct {
    458. 

  458. 	Count int
    459. 

  459. }
    460. 

  460. 

  461. // Enabled implements dockerConfigProvider
    462. 

  462. func (d *testProvider) Enabled() bool {
    463. 

  463. 	return true
    464. 

  464. }
    465. 

  465. 

  466. // LazyProvide implements dockerConfigProvider. Should never be called.
    467. 

  467. func (d *testProvider) LazyProvide(image string) *DockerConfigEntry {
    468. 

  468. 	return nil
    469. 

  469. }
    470. 

  470. 

  471. // Provide implements dockerConfigProvider
    472. 

  472. func (d *testProvider) Provide(image string) DockerConfig {
    473. 

  473. 	d.Count++
    474. 

  474. 	return DockerConfig{}
    475. 

  475. }
    476. 

  476. 

  477. func TestLazyKeyring(t *testing.T) {
    478. 

  478. 	provider := &testProvider{
    479. 

  479. 		Count: 0,
    480. 

  480. 	}
    481. 

  481. 	lazy := &lazyDockerKeyring{
    482. 

  482. 		Providers: []DockerConfigProvider{
    483. 

  483. 			provider,
    484. 

  484. 		},
    485. 

  485. 	}
    486. 

  486. 

  487. 	if provider.Count != 0 {
    488. 

  488. 		t.Errorf("Unexpected number of Provide calls: %v", provider.Count)
    489. 

  489. 	}
    490. 

  490. 	lazy.Lookup("foo")
    491. 

  491. 	if provider.Count != 1 {
    492. 

  492. 		t.Errorf("Unexpected number of Provide calls: %v", provider.Count)
    493. 

  493. 	}
    494. 

  494. 	lazy.Lookup("foo")
    495. 

  495. 	if provider.Count != 2 {
    496. 

  496. 		t.Errorf("Unexpected number of Provide calls: %v", provider.Count)
    497. 

  497. 	}
    498. 

  498. 	lazy.Lookup("foo")
    499. 

  499. 	if provider.Count != 3 {
    500. 

  500. 		t.Errorf("Unexpected number of Provide calls: %v", provider.Count)
    501. 

  501. 	}
    502. 

  502. }
    503. 

  503. 

  504. func TestDockerKeyringLookup(t *testing.T) {
    505. 

  505. 	ada := LazyAuthConfiguration{
    506. 

  506. 		AuthConfig: AuthConfig{
    507. 

  507. 			Username: "ada",
    508. 

  508. 			Password: "smash",
    509. 

  509. 			Email:    "ada@example.com",
    510. 

  510. 		},
    511. 

  511. 	}
    512. 

  512. 

  513. 	grace := LazyAuthConfiguration{
    514. 

  514. 		AuthConfig: AuthConfig{
    515. 

  515. 			Username: "grace",
    516. 

  516. 			Password: "squash",
    517. 

  517. 			Email:    "grace@example.com",
    518. 

  518. 		},
    519. 

  519. 	}
    520. 

  520. 

  521. 	dk := &BasicDockerKeyring{}
    522. 

  522. 	dk.Add(DockerConfig{
    523. 

  523. 		"bar.example.com/pong": DockerConfigEntry{
    524. 

  524. 			Username: grace.Username,
    525. 

  525. 			Password: grace.Password,
    526. 

  526. 			Email:    grace.Email,
    527. 

  527. 		},
    528. 

  528. 		"bar.example.com": DockerConfigEntry{
    529. 

  529. 			Username: ada.Username,
    530. 

  530. 			Password: ada.Password,
    531. 

  531. 			Email:    ada.Email,
    532. 

  532. 		},
    533. 

  533. 	})
    534. 

  534. 

  535. 	tests := []struct {
    536. 

  536. 		image string
    537. 

  537. 		match []LazyAuthConfiguration
    538. 

  538. 		ok    bool
    539. 

  539. 	}{
    540. 

  540. 		// direct match
    541. 

  541. 		{"bar.example.com", []LazyAuthConfiguration{ada}, true},
    542. 

  542. 

  543. 		// direct match deeper than other possible matches
    544. 

  544. 		{"bar.example.com/pong", []LazyAuthConfiguration{grace, ada}, true},
    545. 

  545. 

  546. 		// no direct match, deeper path ignored
    547. 

  547. 		{"bar.example.com/ping", []LazyAuthConfiguration{ada}, true},
    548. 

  548. 

  549. 		// match first part of path token
    550. 

  550. 		{"bar.example.com/pongz", []LazyAuthConfiguration{grace, ada}, true},
    551. 

  551. 

  552. 		// match regardless of sub-path
    553. 

  553. 		{"bar.example.com/pong/pang", []LazyAuthConfiguration{grace, ada}, true},
    554. 

  554. 

  555. 		// no host match
    556. 

  556. 		{"example.com", []LazyAuthConfiguration{}, false},
    557. 

  557. 		{"foo.example.com", []LazyAuthConfiguration{}, false},
    558. 

  558. 	}
    559. 

  559. 

  560. 	for i, tt := range tests {
    561. 

  561. 		match, ok := dk.Lookup(tt.image)
    562. 

  562. 		if tt.ok != ok {
    563. 

  563. 			t.Errorf("case %d: expected ok=%t, got %t", i, tt.ok, ok)
    564. 

  564. 		}
    565. 

  565. 

  566. 		if !reflect.DeepEqual(tt.match, match) {
    567. 

  567. 			t.Errorf("case %d: expected match=%#v, got %#v", i, tt.match, match)
    568. 

  568. 		}
    569. 

  569. 	}
    570. 

  570. }
    571. 

  571. 

  572. // This validates that dockercfg entries with a scheme and url path are properly matched
    573. 

  573. // by images that only match the hostname.
    574. 

  574. // NOTE: the above covers the case of a more specific match trumping just hostname.
    575. 

  575. func TestIssue3797(t *testing.T) {
    576. 

  576. 	rex := LazyAuthConfiguration{
    577. 

  577. 		AuthConfig: AuthConfig{
    578. 

  578. 			Username: "rex",
    579. 

  579. 			Password: "tiny arms",
    580. 

  580. 			Email:    "rex@example.com",
    581. 

  581. 		},
    582. 

  582. 	}
    583. 

  583. 

  584. 	dk := &BasicDockerKeyring{}
    585. 

  585. 	dk.Add(DockerConfig{
    586. 

  586. 		"https://quay.io/v1/": DockerConfigEntry{
    587. 

  587. 			Username: rex.Username,
    588. 

  588. 			Password: rex.Password,
    589. 

  589. 			Email:    rex.Email,
    590. 

  590. 		},
    591. 

  591. 	})
    592. 

  592. 

  593. 	tests := []struct {
    594. 

  594. 		image string
    595. 

  595. 		match []LazyAuthConfiguration
    596. 

  596. 		ok    bool
    597. 

  597. 	}{
    598. 

  598. 		// direct match
    599. 

  599. 		{"quay.io", []LazyAuthConfiguration{rex}, true},
    600. 

  600. 

  601. 		// partial matches
    602. 

  602. 		{"quay.io/foo", []LazyAuthConfiguration{rex}, true},
    603. 

  603. 		{"quay.io/foo/bar", []LazyAuthConfiguration{rex}, true},
    604. 

  604. 	}
    605. 

  605. 

  606. 	for i, tt := range tests {
    607. 

  607. 		match, ok := dk.Lookup(tt.image)
    608. 

  608. 		if tt.ok != ok {
    609. 

  609. 			t.Errorf("case %d: expected ok=%t, got %t", i, tt.ok, ok)
    610. 

  610. 		}
    611. 

  611. 

  612. 		if !reflect.DeepEqual(tt.match, match) {
    613. 

  613. 			t.Errorf("case %d: expected match=%#v, got %#v", i, tt.match, match)
    614. 

  614. 		}
    615. 

  615. 	}
    616. 

  616. }
    617. 

  617.