cli/command: add unit-test for RetrieveAuthTokenFromImage

It's currently slower because it calls registry.ParseRepositoryInfo,
which does a DNS lookup for hostnames to determine if they're a loopback
address (and marked "insecure");

    go test -v -run TestRetrieveAuthTokenFromImage
    === RUN   TestRetrieveAuthTokenFromImage
    === RUN   TestRetrieveAuthTokenFromImage/no-prefix
    === RUN   TestRetrieveAuthTokenFromImage/docker.io
    === RUN   TestRetrieveAuthTokenFromImage/index.docker.io
    === RUN   TestRetrieveAuthTokenFromImage/registry-1.docker.io
    === RUN   TestRetrieveAuthTokenFromImage/registry.hub.docker.com
    === RUN   TestRetrieveAuthTokenFromImage/[::1]
    === RUN   TestRetrieveAuthTokenFromImage/[::1]:5000
    === RUN   TestRetrieveAuthTokenFromImage/127.0.0.1
    === RUN   TestRetrieveAuthTokenFromImage/localhost
    === RUN   TestRetrieveAuthTokenFromImage/localhost:5000
    === RUN   TestRetrieveAuthTokenFromImage/no-auth.example.com
    --- PASS: TestRetrieveAuthTokenFromImage (0.35s)
        --- PASS: TestRetrieveAuthTokenFromImage/no-prefix (0.00s)
        --- PASS: TestRetrieveAuthTokenFromImage/docker.io (0.00s)
        --- PASS: TestRetrieveAuthTokenFromImage/index.docker.io (0.00s)
        --- PASS: TestRetrieveAuthTokenFromImage/registry-1.docker.io (0.08s)
        --- PASS: TestRetrieveAuthTokenFromImage/registry.hub.docker.com (0.12s)
        --- PASS: TestRetrieveAuthTokenFromImage/[::1] (0.13s)
        --- PASS: TestRetrieveAuthTokenFromImage/[::1]:5000 (0.00s)
        --- PASS: TestRetrieveAuthTokenFromImage/127.0.0.1 (0.00s)
        --- PASS: TestRetrieveAuthTokenFromImage/localhost (0.00s)
        --- PASS: TestRetrieveAuthTokenFromImage/localhost:5000 (0.00s)
        --- PASS: TestRetrieveAuthTokenFromImage/no-auth.example.com (0.01s)
    PASS
    ok  	github.com/docker/cli/cli/command	1.367s

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2025-03-26 14:25:50 +01:00
parent b8034c0ed7
commit 15b95beac7
No known key found for this signature in database
GPG Key ID: 76698F39D527CE8C

View File

@ -1,6 +1,8 @@
package command_test
import (
"bytes"
"path"
"testing"
"github.com/docker/cli/cli/command"
@ -80,3 +82,113 @@ func TestGetDefaultAuthConfig_HelperError(t *testing.T) {
assert.Check(t, is.DeepEqual(expectedAuthConfig, authconfig))
assert.Check(t, is.ErrorContains(err, "docker-credential-fake-does-not-exist"))
}
func TestRetrieveAuthTokenFromImage(t *testing.T) {
// configFileContent contains a plain-text "username:password", as stored by
// the plain-text store;
// https://github.com/docker/cli/blob/v28.0.4/cli/config/configfile/file.go#L218-L229
const configFileContent = `{"auths": {
"https://index.docker.io/v1/": {"auth": "dXNlcm5hbWU6cGFzc3dvcmQ="},
"[::1]": {"auth": "dXNlcm5hbWU6cGFzc3dvcmQ="},
"[::1]:5000": {"auth": "dXNlcm5hbWU6cGFzc3dvcmQ="},
"127.0.0.1": {"auth": "dXNlcm5hbWU6cGFzc3dvcmQ="},
"127.0.0.1:5000": {"auth": "dXNlcm5hbWU6cGFzc3dvcmQ="},
"localhost": {"auth": "dXNlcm5hbWU6cGFzc3dvcmQ="},
"localhost:5000": {"auth": "dXNlcm5hbWU6cGFzc3dvcmQ="},
"registry-1.docker.io": {"auth": "dXNlcm5hbWU6cGFzc3dvcmQ="},
"registry.hub.docker.com": {"auth": "dXNlcm5hbWU6cGFzc3dvcmQ="}
}
}`
cfg := configfile.ConfigFile{}
err := cfg.LoadFromReader(bytes.NewReader([]byte(configFileContent)))
assert.NilError(t, err)
remoteRefs := []string{
"ubuntu",
"ubuntu:latest",
"ubuntu:latest@sha256:72297848456d5d37d1262630108ab308d3e9ec7ed1c3286a32fe09856619a782",
"ubuntu@sha256:72297848456d5d37d1262630108ab308d3e9ec7ed1c3286a32fe09856619a782",
"library/ubuntu",
"library/ubuntu:latest",
"library/ubuntu:latest@sha256:72297848456d5d37d1262630108ab308d3e9ec7ed1c3286a32fe09856619a782",
"library/ubuntu@sha256:72297848456d5d37d1262630108ab308d3e9ec7ed1c3286a32fe09856619a782",
}
tests := []struct {
prefix string
expectedAddress string
expectedAuthCfg registry.AuthConfig
}{
{
prefix: "",
expectedAddress: "https://index.docker.io/v1/",
expectedAuthCfg: registry.AuthConfig{Username: "username", Password: "password", ServerAddress: "https://index.docker.io/v1/"},
},
{
prefix: "docker.io",
expectedAddress: "https://index.docker.io/v1/",
expectedAuthCfg: registry.AuthConfig{Username: "username", Password: "password", ServerAddress: "https://index.docker.io/v1/"},
},
{
prefix: "index.docker.io",
expectedAddress: "https://index.docker.io/v1/",
expectedAuthCfg: registry.AuthConfig{Username: "username", Password: "password", ServerAddress: "https://index.docker.io/v1/"},
},
{
// FIXME(thaJeztah): registry-1.docker.io (the actual registry) is the odd one out, and is stored separate from other URLs used for docker hub's registry
prefix: "registry-1.docker.io",
expectedAuthCfg: registry.AuthConfig{Username: "username", Password: "password", ServerAddress: "registry-1.docker.io"},
},
{
// FIXME(thaJeztah): registry.hub.docker.com is stored separate from other URLs used for docker hub's registry
prefix: "registry.hub.docker.com",
expectedAuthCfg: registry.AuthConfig{Username: "username", Password: "password", ServerAddress: "registry.hub.docker.com"},
},
{
prefix: "[::1]",
expectedAddress: "[::1]",
expectedAuthCfg: registry.AuthConfig{Username: "username", Password: "password", ServerAddress: "[::1]"},
},
{
prefix: "[::1]:5000",
expectedAddress: "[::1]:5000",
expectedAuthCfg: registry.AuthConfig{Username: "username", Password: "password", ServerAddress: "[::1]:5000"},
},
{
prefix: "127.0.0.1",
expectedAddress: "127.0.0.1",
expectedAuthCfg: registry.AuthConfig{Username: "username", Password: "password", ServerAddress: "127.0.0.1"},
},
{
prefix: "localhost",
expectedAddress: "localhost",
expectedAuthCfg: registry.AuthConfig{Username: "username", Password: "password", ServerAddress: "localhost"},
},
{
prefix: "localhost:5000",
expectedAddress: "localhost:5000",
expectedAuthCfg: registry.AuthConfig{Username: "username", Password: "password", ServerAddress: "localhost:5000"},
},
{
prefix: "no-auth.example.com",
expectedAuthCfg: registry.AuthConfig{},
},
}
for _, tc := range tests {
tcName := tc.prefix
if tc.prefix == "" {
tcName = "no-prefix"
}
t.Run(tcName, func(t *testing.T) {
for _, remoteRef := range remoteRefs {
imageRef := path.Join(tc.prefix, remoteRef)
actual, err := command.RetrieveAuthTokenFromImage(&cfg, imageRef)
assert.NilError(t, err)
ac, err := registry.DecodeAuthConfig(actual)
assert.NilError(t, err)
assert.Check(t, is.DeepEqual(*ac, tc.expectedAuthCfg))
}
})
}
}