cli/command: add unit-test for RetrieveAuthTokenFromImage

It's currently slower because it calls registry.ParseRepositoryInfo, which does a DNS lookup for hostnames to determine if they're a loopback address (and marked "insecure"); go test -v -run TestRetrieveAuthTokenFromImage === RUN TestRetrieveAuthTokenFromImage === RUN TestRetrieveAuthTokenFromImage/no-prefix === RUN TestRetrieveAuthTokenFromImage/docker.io === RUN TestRetrieveAuthTokenFromImage/index.docker.io === RUN TestRetrieveAuthTokenFromImage/registry-1.docker.io === RUN TestRetrieveAuthTokenFromImage/registry.hub.docker.com === RUN TestRetrieveAuthTokenFromImage/[::1] === RUN TestRetrieveAuthTokenFromImage/[::1]:5000 === RUN TestRetrieveAuthTokenFromImage/127.0.0.1 === RUN TestRetrieveAuthTokenFromImage/localhost === RUN TestRetrieveAuthTokenFromImage/localhost:5000 === RUN TestRetrieveAuthTokenFromImage/no-auth.example.com --- PASS: TestRetrieveAuthTokenFromImage (0.35s) --- PASS: TestRetrieveAuthTokenFromImage/no-prefix (0.00s) --- PASS: TestRetrieveAuthTokenFromImage/docker.io (0.00s) --- PASS: TestRetrieveAuthTokenFromImage/index.docker.io (0.00s) --- PASS: TestRetrieveAuthTokenFromImage/registry-1.docker.io (0.08s) --- PASS: TestRetrieveAuthTokenFromImage/registry.hub.docker.com (0.12s) --- PASS: TestRetrieveAuthTokenFromImage/[::1] (0.13s) --- PASS: TestRetrieveAuthTokenFromImage/[::1]:5000 (0.00s) --- PASS: TestRetrieveAuthTokenFromImage/127.0.0.1 (0.00s) --- PASS: TestRetrieveAuthTokenFromImage/localhost (0.00s) --- PASS: TestRetrieveAuthTokenFromImage/localhost:5000 (0.00s) --- PASS: TestRetrieveAuthTokenFromImage/no-auth.example.com (0.01s) PASS ok github.com/docker/cli/cli/command 1.367s Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-03-26 14:25:50 +01:00 · 2025-03-26 14:25:50 +01:00 · 15b95beac7
commit 15b95beac7
parent b8034c0ed7
1 changed files with 112 additions and 0 deletions
--- a/cli/command/registry_test.go
+++ b/cli/command/registry_test.go
@ -1,6 +1,8 @@
 package command_test

 import (
+	"bytes"
+	"path"
 	"testing"

 	"github.com/docker/cli/cli/command"
@ -80,3 +82,113 @@ func TestGetDefaultAuthConfig_HelperError(t *testing.T) {
 	assert.Check(t, is.DeepEqual(expectedAuthConfig, authconfig))
 	assert.Check(t, is.ErrorContains(err, "docker-credential-fake-does-not-exist"))
 }
+
+func TestRetrieveAuthTokenFromImage(t *testing.T) {
+	// configFileContent contains a plain-text "username:password", as stored by
+	// the plain-text store;
+	// https://github.com/docker/cli/blob/v28.0.4/cli/config/configfile/file.go#L218-L229
+	const configFileContent = `{"auths": {
+		"https://index.docker.io/v1/": {"auth": "dXNlcm5hbWU6cGFzc3dvcmQ="},
+		"[::1]": {"auth": "dXNlcm5hbWU6cGFzc3dvcmQ="},
+		"[::1]:5000": {"auth": "dXNlcm5hbWU6cGFzc3dvcmQ="},
+		"127.0.0.1": {"auth": "dXNlcm5hbWU6cGFzc3dvcmQ="},
+		"127.0.0.1:5000": {"auth": "dXNlcm5hbWU6cGFzc3dvcmQ="},
+		"localhost": {"auth": "dXNlcm5hbWU6cGFzc3dvcmQ="},
+		"localhost:5000": {"auth": "dXNlcm5hbWU6cGFzc3dvcmQ="},
+		"registry-1.docker.io": {"auth": "dXNlcm5hbWU6cGFzc3dvcmQ="},
+		"registry.hub.docker.com": {"auth": "dXNlcm5hbWU6cGFzc3dvcmQ="}
+	}
+}`
+	cfg := configfile.ConfigFile{}
+	err := cfg.LoadFromReader(bytes.NewReader([]byte(configFileContent)))
+	assert.NilError(t, err)
+
+	remoteRefs := []string{
+		"ubuntu",
+		"ubuntu:latest",
+		"ubuntu:latest@sha256:72297848456d5d37d1262630108ab308d3e9ec7ed1c3286a32fe09856619a782",
+		"ubuntu@sha256:72297848456d5d37d1262630108ab308d3e9ec7ed1c3286a32fe09856619a782",
+		"library/ubuntu",
+		"library/ubuntu:latest",
+		"library/ubuntu:latest@sha256:72297848456d5d37d1262630108ab308d3e9ec7ed1c3286a32fe09856619a782",
+		"library/ubuntu@sha256:72297848456d5d37d1262630108ab308d3e9ec7ed1c3286a32fe09856619a782",
+	}
+
+	tests := []struct {
+		prefix          string
+		expectedAddress string
+		expectedAuthCfg registry.AuthConfig
+	}{
+		{
+			prefix:          "",
+			expectedAddress: "https://index.docker.io/v1/",
+			expectedAuthCfg: registry.AuthConfig{Username: "username", Password: "password", ServerAddress: "https://index.docker.io/v1/"},
+		},
+		{
+			prefix:          "docker.io",
+			expectedAddress: "https://index.docker.io/v1/",
+			expectedAuthCfg: registry.AuthConfig{Username: "username", Password: "password", ServerAddress: "https://index.docker.io/v1/"},
+		},
+		{
+			prefix:          "index.docker.io",
+			expectedAddress: "https://index.docker.io/v1/",
+			expectedAuthCfg: registry.AuthConfig{Username: "username", Password: "password", ServerAddress: "https://index.docker.io/v1/"},
+		},
+		{
+			// FIXME(thaJeztah): registry-1.docker.io (the actual registry) is the odd one out, and is stored separate from other URLs used for docker hub's registry
+			prefix:          "registry-1.docker.io",
+			expectedAuthCfg: registry.AuthConfig{Username: "username", Password: "password", ServerAddress: "registry-1.docker.io"},
+		},
+		{
+			// FIXME(thaJeztah): registry.hub.docker.com is stored separate from other URLs used for docker hub's registry
+			prefix:          "registry.hub.docker.com",
+			expectedAuthCfg: registry.AuthConfig{Username: "username", Password: "password", ServerAddress: "registry.hub.docker.com"},
+		},
+		{
+			prefix:          "[::1]",
+			expectedAddress: "[::1]",
+			expectedAuthCfg: registry.AuthConfig{Username: "username", Password: "password", ServerAddress: "[::1]"},
+		},
+		{
+			prefix:          "[::1]:5000",
+			expectedAddress: "[::1]:5000",
+			expectedAuthCfg: registry.AuthConfig{Username: "username", Password: "password", ServerAddress: "[::1]:5000"},
+		},
+		{
+			prefix:          "127.0.0.1",
+			expectedAddress: "127.0.0.1",
+			expectedAuthCfg: registry.AuthConfig{Username: "username", Password: "password", ServerAddress: "127.0.0.1"},
+		},
+		{
+			prefix:          "localhost",
+			expectedAddress: "localhost",
+			expectedAuthCfg: registry.AuthConfig{Username: "username", Password: "password", ServerAddress: "localhost"},
+		},
+		{
+			prefix:          "localhost:5000",
+			expectedAddress: "localhost:5000",
+			expectedAuthCfg: registry.AuthConfig{Username: "username", Password: "password", ServerAddress: "localhost:5000"},
+		},
+		{
+			prefix:          "no-auth.example.com",
+			expectedAuthCfg: registry.AuthConfig{},
+		},
+	}
+
+	for _, tc := range tests {
+		tcName := tc.prefix
+		if tc.prefix == "" {
+			tcName = "no-prefix"
+		}
+		t.Run(tcName, func(t *testing.T) {
+			for _, remoteRef := range remoteRefs {
+				imageRef := path.Join(tc.prefix, remoteRef)
+				actual, err := command.RetrieveAuthTokenFromImage(&cfg, imageRef)
+				assert.NilError(t, err)
+				ac, err := registry.DecodeAuthConfig(actual)
+				assert.NilError(t, err)
+				assert.Check(t, is.DeepEqual(*ac, tc.expectedAuthCfg))
+			}
+		})
+	}
+}