Etusivu Tutki Apua
Kirjaudu sisään
tzeneto
/
custom-kube-scheduler
Tarkkaile 1
Äänestä 0
Fork 0
Tiedostot Ongelmat 0 Pull-pyynnöt 0 Wiki
Puu: cb14858ef6
Branchit Tagit
custom-kube-...
/
kubernetes
/
pkg
/
credentialprovider
/
keyring_test.go

keyring_test.go 15 KB
Historia Raaka

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606 
  1. /*
    2. 

  2. Copyright 2014 The Kubernetes Authors.
    3. 

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package credentialprovider
    18. 

  18. 

  19. import (
    20. 

  20. 	"encoding/base64"
    21. 

  21. 	"fmt"
    22. 

  22. 	"reflect"
    23. 

  23. 	"testing"
    24. 

  24. )
    25. 

  25. 

  26. func TestUrlsMatch(t *testing.T) {
    27. 

  27. 	tests := []struct {
    28. 

  28. 		globUrl       string
    29. 

  29. 		targetUrl     string
    30. 

  30. 		matchExpected bool
    31. 

  31. 	}{
    32. 

  32. 		// match when there is no path component
    33. 

  33. 		{
    34. 

  34. 			globUrl:       "*.kubernetes.io",
    35. 

  35. 			targetUrl:     "prefix.kubernetes.io",
    36. 

  36. 			matchExpected: true,
    37. 

  37. 		},
    38. 

  38. 		{
    39. 

  39. 			globUrl:       "prefix.*.io",
    40. 

  40. 			targetUrl:     "prefix.kubernetes.io",
    41. 

  41. 			matchExpected: true,
    42. 

  42. 		},
    43. 

  43. 		{
    44. 

  44. 			globUrl:       "prefix.kubernetes.*",
    45. 

  45. 			targetUrl:     "prefix.kubernetes.io",
    46. 

  46. 			matchExpected: true,
    47. 

  47. 		},
    48. 

  48. 		{
    49. 

  49. 			globUrl:       "*-good.kubernetes.io",
    50. 

  50. 			targetUrl:     "prefix-good.kubernetes.io",
    51. 

  51. 			matchExpected: true,
    52. 

  52. 		},
    53. 

  53. 		// match with path components
    54. 

  54. 		{
    55. 

  55. 			globUrl:       "*.kubernetes.io/blah",
    56. 

  56. 			targetUrl:     "prefix.kubernetes.io/blah",
    57. 

  57. 			matchExpected: true,
    58. 

  58. 		},
    59. 

  59. 		{
    60. 

  60. 			globUrl:       "prefix.*.io/foo",
    61. 

  61. 			targetUrl:     "prefix.kubernetes.io/foo/bar",
    62. 

  62. 			matchExpected: true,
    63. 

  63. 		},
    64. 

  64. 		// match with path components and ports
    65. 

  65. 		{
    66. 

  66. 			globUrl:       "*.kubernetes.io:1111/blah",
    67. 

  67. 			targetUrl:     "prefix.kubernetes.io:1111/blah",
    68. 

  68. 			matchExpected: true,
    69. 

  69. 		},
    70. 

  70. 		{
    71. 

  71. 			globUrl:       "prefix.*.io:1111/foo",
    72. 

  72. 			targetUrl:     "prefix.kubernetes.io:1111/foo/bar",
    73. 

  73. 			matchExpected: true,
    74. 

  74. 		},
    75. 

  75. 		// no match when number of parts mismatch
    76. 

  76. 		{
    77. 

  77. 			globUrl:       "*.kubernetes.io",
    78. 

  78. 			targetUrl:     "kubernetes.io",
    79. 

  79. 			matchExpected: false,
    80. 

  80. 		},
    81. 

  81. 		{
    82. 

  82. 			globUrl:       "*.*.kubernetes.io",
    83. 

  83. 			targetUrl:     "prefix.kubernetes.io",
    84. 

  84. 			matchExpected: false,
    85. 

  85. 		},
    86. 

  86. 		{
    87. 

  87. 			globUrl:       "*.*.kubernetes.io",
    88. 

  88. 			targetUrl:     "kubernetes.io",
    89. 

  89. 			matchExpected: false,
    90. 

  90. 		},
    91. 

  91. 		// no match when some parts mismatch
    92. 

  92. 		{
    93. 

  93. 			globUrl:       "kubernetes.io",
    94. 

  94. 			targetUrl:     "kubernetes.com",
    95. 

  95. 			matchExpected: false,
    96. 

  96. 		},
    97. 

  97. 		{
    98. 

  98. 			globUrl:       "k*.io",
    99. 

  99. 			targetUrl:     "quay.io",
    100. 

  100. 			matchExpected: false,
    101. 

  101. 		},
    102. 

  102. 		// no match when ports mismatch
    103. 

  103. 		{
    104. 

  104. 			globUrl:       "*.kubernetes.io:1234/blah",
    105. 

  105. 			targetUrl:     "prefix.kubernetes.io:1111/blah",
    106. 

  106. 			matchExpected: false,
    107. 

  107. 		},
    108. 

  108. 		{
    109. 

  109. 			globUrl:       "prefix.*.io/foo",
    110. 

  110. 			targetUrl:     "prefix.kubernetes.io:1111/foo/bar",
    111. 

  111. 			matchExpected: false,
    112. 

  112. 		},
    113. 

  113. 	}
    114. 

  114. 	for _, test := range tests {
    115. 

  115. 		matched, _ := urlsMatchStr(test.globUrl, test.targetUrl)
    116. 

  116. 		if matched != test.matchExpected {
    117. 

  117. 			t.Errorf("Expected match result of %s and %s to be %t, but was %t",
    118. 

  118. 				test.globUrl, test.targetUrl, test.matchExpected, matched)
    119. 

  119. 		}
    120. 

  120. 	}
    121. 

  121. }
    122. 

  122. 

  123. func TestDockerKeyringForGlob(t *testing.T) {
    124. 

  124. 	tests := []struct {
    125. 

  125. 		globUrl   string
    126. 

  126. 		targetUrl string
    127. 

  127. 	}{
    128. 

  128. 		{
    129. 

  129. 			globUrl:   "https://hello.kubernetes.io",
    130. 

  130. 			targetUrl: "hello.kubernetes.io",
    131. 

  131. 		},
    132. 

  132. 		{
    133. 

  133. 			globUrl:   "https://*.docker.io",
    134. 

  134. 			targetUrl: "prefix.docker.io",
    135. 

  135. 		},
    136. 

  136. 		{
    137. 

  137. 			globUrl:   "https://prefix.*.io",
    138. 

  138. 			targetUrl: "prefix.docker.io",
    139. 

  139. 		},
    140. 

  140. 		{
    141. 

  141. 			globUrl:   "https://prefix.docker.*",
    142. 

  142. 			targetUrl: "prefix.docker.io",
    143. 

  143. 		},
    144. 

  144. 		{
    145. 

  145. 			globUrl:   "https://*.docker.io/path",
    146. 

  146. 			targetUrl: "prefix.docker.io/path",
    147. 

  147. 		},
    148. 

  148. 		{
    149. 

  149. 			globUrl:   "https://prefix.*.io/path",
    150. 

  150. 			targetUrl: "prefix.docker.io/path/subpath",
    151. 

  151. 		},
    152. 

  152. 		{
    153. 

  153. 			globUrl:   "https://prefix.docker.*/path",
    154. 

  154. 			targetUrl: "prefix.docker.io/path",
    155. 

  155. 		},
    156. 

  156. 		{
    157. 

  157. 			globUrl:   "https://*.docker.io:8888",
    158. 

  158. 			targetUrl: "prefix.docker.io:8888",
    159. 

  159. 		},
    160. 

  160. 		{
    161. 

  161. 			globUrl:   "https://prefix.*.io:8888",
    162. 

  162. 			targetUrl: "prefix.docker.io:8888",
    163. 

  163. 		},
    164. 

  164. 		{
    165. 

  165. 			globUrl:   "https://prefix.docker.*:8888",
    166. 

  166. 			targetUrl: "prefix.docker.io:8888",
    167. 

  167. 		},
    168. 

  168. 		{
    169. 

  169. 			globUrl:   "https://*.docker.io/path:1111",
    170. 

  170. 			targetUrl: "prefix.docker.io/path:1111",
    171. 

  171. 		},
    172. 

  172. 		{
    173. 

  173. 			globUrl:   "https://*.docker.io/v1/",
    174. 

  174. 			targetUrl: "prefix.docker.io/path:1111",
    175. 

  175. 		},
    176. 

  176. 		{
    177. 

  177. 			globUrl:   "https://*.docker.io/v2/",
    178. 

  178. 			targetUrl: "prefix.docker.io/path:1111",
    179. 

  179. 		},
    180. 

  180. 		{
    181. 

  181. 			globUrl:   "https://prefix.docker.*/path:1111",
    182. 

  182. 			targetUrl: "prefix.docker.io/path:1111",
    183. 

  183. 		},
    184. 

  184. 		{
    185. 

  185. 			globUrl:   "prefix.docker.io:1111",
    186. 

  186. 			targetUrl: "prefix.docker.io:1111/path",
    187. 

  187. 		},
    188. 

  188. 		{
    189. 

  189. 			globUrl:   "*.docker.io:1111",
    190. 

  190. 			targetUrl: "prefix.docker.io:1111/path",
    191. 

  191. 		},
    192. 

  192. 	}
    193. 

  193. 	for i, test := range tests {
    194. 

  194. 		email := "foo@bar.baz"
    195. 

  195. 		username := "foo"
    196. 

  196. 		password := "bar" // Fake value for testing.
    197. 

  197. 		auth := base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", username, password)))
    198. 

  198. 		sampleDockerConfig := fmt.Sprintf(`{
    199. 

  199.    "%s": {
    200. 

  200.      "email": %q,
    201. 

  201.      "auth": %q
    202. 

  202.    }
    203. 

  203. }`, test.globUrl, email, auth)
    204. 

  204. 

  205. 		keyring := &BasicDockerKeyring{}
    206. 

  206. 		if cfg, err := readDockerConfigFileFromBytes([]byte(sampleDockerConfig)); err != nil {
    207. 

  207. 			t.Errorf("Error processing json blob %q, %v", sampleDockerConfig, err)
    208. 

  208. 		} else {
    209. 

  209. 			keyring.Add(cfg)
    210. 

  210. 		}
    211. 

  211. 

  212. 		creds, ok := keyring.Lookup(test.targetUrl + "/foo/bar")
    213. 

  213. 		if !ok {
    214. 

  214. 			t.Errorf("%d: Didn't find expected URL: %s", i, test.targetUrl)
    215. 

  215. 			continue
    216. 

  216. 		}
    217. 

  217. 		val := creds[0]
    218. 

  218. 

  219. 		if username != val.Username {
    220. 

  220. 			t.Errorf("Unexpected username value, want: %s, got: %s", username, val.Username)
    221. 

  221. 		}
    222. 

  222. 		if password != val.Password {
    223. 

  223. 			t.Errorf("Unexpected password value, want: %s, got: %s", password, val.Password)
    224. 

  224. 		}
    225. 

  225. 		if email != val.Email {
    226. 

  226. 			t.Errorf("Unexpected email value, want: %s, got: %s", email, val.Email)
    227. 

  227. 		}
    228. 

  228. 	}
    229. 

  229. }
    230. 

  230. 

  231. func TestKeyringMiss(t *testing.T) {
    232. 

  232. 	tests := []struct {
    233. 

  233. 		globUrl   string
    234. 

  234. 		lookupUrl string
    235. 

  235. 	}{
    236. 

  236. 		{
    237. 

  237. 			globUrl:   "https://hello.kubernetes.io",
    238. 

  238. 			lookupUrl: "world.mesos.org/foo/bar",
    239. 

  239. 		},
    240. 

  240. 		{
    241. 

  241. 			globUrl:   "https://*.docker.com",
    242. 

  242. 			lookupUrl: "prefix.docker.io",
    243. 

  243. 		},
    244. 

  244. 		{
    245. 

  245. 			globUrl:   "https://suffix.*.io",
    246. 

  246. 			lookupUrl: "prefix.docker.io",
    247. 

  247. 		},
    248. 

  248. 		{
    249. 

  249. 			globUrl:   "https://prefix.docker.c*",
    250. 

  250. 			lookupUrl: "prefix.docker.io",
    251. 

  251. 		},
    252. 

  252. 		{
    253. 

  253. 			globUrl:   "https://prefix.*.io/path:1111",
    254. 

  254. 			lookupUrl: "prefix.docker.io/path/subpath:1111",
    255. 

  255. 		},
    256. 

  256. 		{
    257. 

  257. 			globUrl:   "suffix.*.io",
    258. 

  258. 			lookupUrl: "prefix.docker.io",
    259. 

  259. 		},
    260. 

  260. 	}
    261. 

  261. 	for _, test := range tests {
    262. 

  262. 		email := "foo@bar.baz"
    263. 

  263. 		username := "foo"
    264. 

  264. 		password := "bar" // Fake value for testing.
    265. 

  265. 		auth := base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", username, password)))
    266. 

  266. 		sampleDockerConfig := fmt.Sprintf(`{
    267. 

  267.    "%s": {
    268. 

  268.      "email": %q,
    269. 

  269.      "auth": %q
    270. 

  270.    }
    271. 

  271. }`, test.globUrl, email, auth)
    272. 

  272. 

  273. 		keyring := &BasicDockerKeyring{}
    274. 

  274. 		if cfg, err := readDockerConfigFileFromBytes([]byte(sampleDockerConfig)); err != nil {
    275. 

  275. 			t.Errorf("Error processing json blob %q, %v", sampleDockerConfig, err)
    276. 

  276. 		} else {
    277. 

  277. 			keyring.Add(cfg)
    278. 

  278. 		}
    279. 

  279. 

  280. 		_, ok := keyring.Lookup(test.lookupUrl + "/foo/bar")
    281. 

  281. 		if ok {
    282. 

  282. 			t.Errorf("Expected not to find URL %s, but found", test.lookupUrl)
    283. 

  283. 		}
    284. 

  284. 	}
    285. 

  285. 

  286. }
    287. 

  287. 

  288. func TestKeyringMissWithDockerHubCredentials(t *testing.T) {
    289. 

  289. 	url := defaultRegistryKey
    290. 

  290. 	email := "foo@bar.baz"
    291. 

  291. 	username := "foo"
    292. 

  292. 	password := "bar" // Fake value for testing.
    293. 

  293. 	auth := base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", username, password)))
    294. 

  294. 	sampleDockerConfig := fmt.Sprintf(`{
    295. 

  295.    "https://%s": {
    296. 

  296.      "email": %q,
    297. 

  297.      "auth": %q
    298. 

  298.    }
    299. 

  299. }`, url, email, auth)
    300. 

  300. 

  301. 	keyring := &BasicDockerKeyring{}
    302. 

  302. 	if cfg, err := readDockerConfigFileFromBytes([]byte(sampleDockerConfig)); err != nil {
    303. 

  303. 		t.Errorf("Error processing json blob %q, %v", sampleDockerConfig, err)
    304. 

  304. 	} else {
    305. 

  305. 		keyring.Add(cfg)
    306. 

  306. 	}
    307. 

  307. 

  308. 	val, ok := keyring.Lookup("world.mesos.org/foo/bar")
    309. 

  309. 	if ok {
    310. 

  310. 		t.Errorf("Found unexpected credential: %+v", val)
    311. 

  311. 	}
    312. 

  312. }
    313. 

  313. 

  314. func TestKeyringHitWithUnqualifiedDockerHub(t *testing.T) {
    315. 

  315. 	url := defaultRegistryKey
    316. 

  316. 	email := "foo@bar.baz"
    317. 

  317. 	username := "foo"
    318. 

  318. 	password := "bar" // Fake value for testing.
    319. 

  319. 	auth := base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", username, password)))
    320. 

  320. 	sampleDockerConfig := fmt.Sprintf(`{
    321. 

  321.    "https://%s": {
    322. 

  322.      "email": %q,
    323. 

  323.      "auth": %q
    324. 

  324.    }
    325. 

  325. }`, url, email, auth)
    326. 

  326. 

  327. 	keyring := &BasicDockerKeyring{}
    328. 

  328. 	if cfg, err := readDockerConfigFileFromBytes([]byte(sampleDockerConfig)); err != nil {
    329. 

  329. 		t.Errorf("Error processing json blob %q, %v", sampleDockerConfig, err)
    330. 

  330. 	} else {
    331. 

  331. 		keyring.Add(cfg)
    332. 

  332. 	}
    333. 

  333. 

  334. 	creds, ok := keyring.Lookup("google/docker-registry")
    335. 

  335. 	if !ok {
    336. 

  336. 		t.Errorf("Didn't find expected URL: %s", url)
    337. 

  337. 		return
    338. 

  338. 	}
    339. 

  339. 	if len(creds) > 1 {
    340. 

  340. 		t.Errorf("Got more hits than expected: %s", creds)
    341. 

  341. 	}
    342. 

  342. 	val := creds[0]
    343. 

  343. 

  344. 	if username != val.Username {
    345. 

  345. 		t.Errorf("Unexpected username value, want: %s, got: %s", username, val.Username)
    346. 

  346. 	}
    347. 

  347. 	if password != val.Password {
    348. 

  348. 		t.Errorf("Unexpected password value, want: %s, got: %s", password, val.Password)
    349. 

  349. 	}
    350. 

  350. 	if email != val.Email {
    351. 

  351. 		t.Errorf("Unexpected email value, want: %s, got: %s", email, val.Email)
    352. 

  352. 	}
    353. 

  353. }
    354. 

  354. 

  355. func TestKeyringHitWithUnqualifiedLibraryDockerHub(t *testing.T) {
    356. 

  356. 	url := defaultRegistryKey
    357. 

  357. 	email := "foo@bar.baz"
    358. 

  358. 	username := "foo"
    359. 

  359. 	password := "bar" // Fake value for testing.
    360. 

  360. 	auth := base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", username, password)))
    361. 

  361. 	sampleDockerConfig := fmt.Sprintf(`{
    362. 

  362.    "https://%s": {
    363. 

  363.      "email": %q,
    364. 

  364.      "auth": %q
    365. 

  365.    }
    366. 

  366. }`, url, email, auth)
    367. 

  367. 

  368. 	keyring := &BasicDockerKeyring{}
    369. 

  369. 	if cfg, err := readDockerConfigFileFromBytes([]byte(sampleDockerConfig)); err != nil {
    370. 

  370. 		t.Errorf("Error processing json blob %q, %v", sampleDockerConfig, err)
    371. 

  371. 	} else {
    372. 

  372. 		keyring.Add(cfg)
    373. 

  373. 	}
    374. 

  374. 

  375. 	creds, ok := keyring.Lookup("jenkins")
    376. 

  376. 	if !ok {
    377. 

  377. 		t.Errorf("Didn't find expected URL: %s", url)
    378. 

  378. 		return
    379. 

  379. 	}
    380. 

  380. 	if len(creds) > 1 {
    381. 

  381. 		t.Errorf("Got more hits than expected: %s", creds)
    382. 

  382. 	}
    383. 

  383. 	val := creds[0]
    384. 

  384. 

  385. 	if username != val.Username {
    386. 

  386. 		t.Errorf("Unexpected username value, want: %s, got: %s", username, val.Username)
    387. 

  387. 	}
    388. 

  388. 	if password != val.Password {
    389. 

  389. 		t.Errorf("Unexpected password value, want: %s, got: %s", password, val.Password)
    390. 

  390. 	}
    391. 

  391. 	if email != val.Email {
    392. 

  392. 		t.Errorf("Unexpected email value, want: %s, got: %s", email, val.Email)
    393. 

  393. 	}
    394. 

  394. }
    395. 

  395. 

  396. func TestKeyringHitWithQualifiedDockerHub(t *testing.T) {
    397. 

  397. 	url := defaultRegistryKey
    398. 

  398. 	email := "foo@bar.baz"
    399. 

  399. 	username := "foo"
    400. 

  400. 	password := "bar" // Fake value for testing.
    401. 

  401. 	auth := base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", username, password)))
    402. 

  402. 	sampleDockerConfig := fmt.Sprintf(`{
    403. 

  403.    "https://%s": {
    404. 

  404.      "email": %q,
    405. 

  405.      "auth": %q
    406. 

  406.    }
    407. 

  407. }`, url, email, auth)
    408. 

  408. 

  409. 	keyring := &BasicDockerKeyring{}
    410. 

  410. 	if cfg, err := readDockerConfigFileFromBytes([]byte(sampleDockerConfig)); err != nil {
    411. 

  411. 		t.Errorf("Error processing json blob %q, %v", sampleDockerConfig, err)
    412. 

  412. 	} else {
    413. 

  413. 		keyring.Add(cfg)
    414. 

  414. 	}
    415. 

  415. 

  416. 	creds, ok := keyring.Lookup(url + "/google/docker-registry")
    417. 

  417. 	if !ok {
    418. 

  418. 		t.Errorf("Didn't find expected URL: %s", url)
    419. 

  419. 		return
    420. 

  420. 	}
    421. 

  421. 	if len(creds) > 2 {
    422. 

  422. 		t.Errorf("Got more hits than expected: %s", creds)
    423. 

  423. 	}
    424. 

  424. 	val := creds[0]
    425. 

  425. 

  426. 	if username != val.Username {
    427. 

  427. 		t.Errorf("Unexpected username value, want: %s, got: %s", username, val.Username)
    428. 

  428. 	}
    429. 

  429. 	if password != val.Password {
    430. 

  430. 		t.Errorf("Unexpected password value, want: %s, got: %s", password, val.Password)
    431. 

  431. 	}
    432. 

  432. 	if email != val.Email {
    433. 

  433. 		t.Errorf("Unexpected email value, want: %s, got: %s", email, val.Email)
    434. 

  434. 	}
    435. 

  435. }
    436. 

  436. 

  437. func TestIsDefaultRegistryMatch(t *testing.T) {
    438. 

  438. 	samples := []map[bool]string{
    439. 

  439. 		{true: "foo/bar"},
    440. 

  440. 		{true: "docker.io/foo/bar"},
    441. 

  441. 		{true: "index.docker.io/foo/bar"},
    442. 

  442. 		{true: "foo"},
    443. 

  443. 		{false: ""},
    444. 

  444. 		{false: "registry.tld/foo/bar"},
    445. 

  445. 		{false: "registry:5000/foo/bar"},
    446. 

  446. 		{false: "myhostdocker.io/foo/bar"},
    447. 

  447. 	}
    448. 

  448. 	for _, sample := range samples {
    449. 

  449. 		for expected, imageName := range sample {
    450. 

  450. 			if got := isDefaultRegistryMatch(imageName); got != expected {
    451. 

  451. 				t.Errorf("Expected '%s' to be %t, got %t", imageName, expected, got)
    452. 

  452. 			}
    453. 

  453. 		}
    454. 

  454. 	}
    455. 

  455. }
    456. 

  456. 

  457. type testProvider struct {
    458. 

  458. 	Count int
    459. 

  459. }
    460. 

  460. 

  461. // Enabled implements dockerConfigProvider
    462. 

  462. func (d *testProvider) Enabled() bool {
    463. 

  463. 	return true
    464. 

  464. }
    465. 

  465. 

  466. // Provide implements dockerConfigProvider
    467. 

  467. func (d *testProvider) Provide(image string) DockerConfig {
    468. 

  468. 	d.Count++
    469. 

  469. 	return DockerConfig{}
    470. 

  470. }
    471. 

  471. 

  472. func TestProvidersDockerKeyring(t *testing.T) {
    473. 

  473. 	provider := &testProvider{
    474. 

  474. 		Count: 0,
    475. 

  475. 	}
    476. 

  476. 	keyring := &providersDockerKeyring{
    477. 

  477. 		Providers: []DockerConfigProvider{
    478. 

  478. 			provider,
    479. 

  479. 		},
    480. 

  480. 	}
    481. 

  481. 

  482. 	if provider.Count != 0 {
    483. 

  483. 		t.Errorf("Unexpected number of Provide calls: %v", provider.Count)
    484. 

  484. 	}
    485. 

  485. 	keyring.Lookup("foo")
    486. 

  486. 	if provider.Count != 1 {
    487. 

  487. 		t.Errorf("Unexpected number of Provide calls: %v", provider.Count)
    488. 

  488. 	}
    489. 

  489. 	keyring.Lookup("foo")
    490. 

  490. 	if provider.Count != 2 {
    491. 

  491. 		t.Errorf("Unexpected number of Provide calls: %v", provider.Count)
    492. 

  492. 	}
    493. 

  493. 	keyring.Lookup("foo")
    494. 

  494. 	if provider.Count != 3 {
    495. 

  495. 		t.Errorf("Unexpected number of Provide calls: %v", provider.Count)
    496. 

  496. 	}
    497. 

  497. }
    498. 

  498. 

  499. func TestDockerKeyringLookup(t *testing.T) {
    500. 

  500. 	ada := AuthConfig{
    501. 

  501. 		Username: "ada",
    502. 

  502. 		Password: "smash", // Fake value for testing.
    503. 

  503. 		Email:    "ada@example.com",
    504. 

  504. 	}
    505. 

  505. 

  506. 	grace := AuthConfig{
    507. 

  507. 		Username: "grace",
    508. 

  508. 		Password: "squash", // Fake value for testing.
    509. 

  509. 		Email:    "grace@example.com",
    510. 

  510. 	}
    511. 

  511. 

  512. 	dk := &BasicDockerKeyring{}
    513. 

  513. 	dk.Add(DockerConfig{
    514. 

  514. 		"bar.example.com/pong": DockerConfigEntry{
    515. 

  515. 			Username: grace.Username,
    516. 

  516. 			Password: grace.Password,
    517. 

  517. 			Email:    grace.Email,
    518. 

  518. 		},
    519. 

  519. 		"bar.example.com": DockerConfigEntry{
    520. 

  520. 			Username: ada.Username,
    521. 

  521. 			Password: ada.Password,
    522. 

  522. 			Email:    ada.Email,
    523. 

  523. 		},
    524. 

  524. 	})
    525. 

  525. 

  526. 	tests := []struct {
    527. 

  527. 		image string
    528. 

  528. 		match []AuthConfig
    529. 

  529. 		ok    bool
    530. 

  530. 	}{
    531. 

  531. 		// direct match
    532. 

  532. 		{"bar.example.com", []AuthConfig{ada}, true},
    533. 

  533. 

  534. 		// direct match deeper than other possible matches
    535. 

  535. 		{"bar.example.com/pong", []AuthConfig{grace, ada}, true},
    536. 

  536. 

  537. 		// no direct match, deeper path ignored
    538. 

  538. 		{"bar.example.com/ping", []AuthConfig{ada}, true},
    539. 

  539. 

  540. 		// match first part of path token
    541. 

  541. 		{"bar.example.com/pongz", []AuthConfig{grace, ada}, true},
    542. 

  542. 

  543. 		// match regardless of sub-path
    544. 

  544. 		{"bar.example.com/pong/pang", []AuthConfig{grace, ada}, true},
    545. 

  545. 

  546. 		// no host match
    547. 

  547. 		{"example.com", []AuthConfig{}, false},
    548. 

  548. 		{"foo.example.com", []AuthConfig{}, false},
    549. 

  549. 	}
    550. 

  550. 

  551. 	for i, tt := range tests {
    552. 

  552. 		match, ok := dk.Lookup(tt.image)
    553. 

  553. 		if tt.ok != ok {
    554. 

  554. 			t.Errorf("case %d: expected ok=%t, got %t", i, tt.ok, ok)
    555. 

  555. 		}
    556. 

  556. 

  557. 		if !reflect.DeepEqual(tt.match, match) {
    558. 

  558. 			t.Errorf("case %d: expected match=%#v, got %#v", i, tt.match, match)
    559. 

  559. 		}
    560. 

  560. 	}
    561. 

  561. }
    562. 

  562. 

  563. // This validates that dockercfg entries with a scheme and url path are properly matched
    564. 

  564. // by images that only match the hostname.
    565. 

  565. // NOTE: the above covers the case of a more specific match trumping just hostname.
    566. 

  566. func TestIssue3797(t *testing.T) {
    567. 

  567. 	rex := AuthConfig{
    568. 

  568. 		Username: "rex",
    569. 

  569. 		Password: "tiny arms", // Fake value for testing.
    570. 

  570. 		Email:    "rex@example.com",
    571. 

  571. 	}
    572. 

  572. 

  573. 	dk := &BasicDockerKeyring{}
    574. 

  574. 	dk.Add(DockerConfig{
    575. 

  575. 		"https://quay.io/v1/": DockerConfigEntry{
    576. 

  576. 			Username: rex.Username,
    577. 

  577. 			Password: rex.Password,
    578. 

  578. 			Email:    rex.Email,
    579. 

  579. 		},
    580. 

  580. 	})
    581. 

  581. 

  582. 	tests := []struct {
    583. 

  583. 		image string
    584. 

  584. 		match []AuthConfig
    585. 

  585. 		ok    bool
    586. 

  586. 	}{
    587. 

  587. 		// direct match
    588. 

  588. 		{"quay.io", []AuthConfig{rex}, true},
    589. 

  589. 

  590. 		// partial matches
    591. 

  591. 		{"quay.io/foo", []AuthConfig{rex}, true},
    592. 

  592. 		{"quay.io/foo/bar", []AuthConfig{rex}, true},
    593. 

  593. 	}
    594. 

  594. 

  595. 	for i, tt := range tests {
    596. 

  596. 		match, ok := dk.Lookup(tt.image)
    597. 

  597. 		if tt.ok != ok {
    598. 

  598. 			t.Errorf("case %d: expected ok=%t, got %t", i, tt.ok, ok)
    599. 

  599. 		}
    600. 

  600. 

  601. 		if !reflect.DeepEqual(tt.match, match) {
    602. 

  602. 			t.Errorf("case %d: expected match=%#v, got %#v", i, tt.match, match)
    603. 

  603. 		}
    604. 

  604. 	}
    605. 

  605. }
    606. 

  606.