Browse code
client: add staticAuth utility
Add a small utility to create a "RequestAuthConfig" from
a static value.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Sebastiaan van Stijn authored on 2025/06/21 05:17:29Showing 3 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,14 @@ |
| 0 |
+package client |
|
| 1 |
+ |
|
| 2 |
+import ( |
|
| 3 |
+ "context" |
|
| 4 |
+ |
|
| 5 |
+ "github.com/docker/docker/api/types/registry" |
|
| 6 |
+) |
|
| 7 |
+ |
|
| 8 |
+// staticAuth creates a privilegeFn from the given registryAuth. |
|
| 9 |
+func staticAuth(registryAuth string) registry.RequestAuthConfig {
|
|
| 10 |
+ return func(ctx context.Context) (string, error) {
|
|
| 11 |
+ return registryAuth, nil |
|
| 12 |
+ } |
|
| 13 |
+} |
| ... | ... |
@@ -48,43 +48,41 @@ func TestImagePullWithUnauthorizedErrorAndPrivilegeFuncError(t *testing.T) {
|
| 48 | 48 |
client := &Client{
|
| 49 | 49 |
client: newMockClient(errorMock(http.StatusUnauthorized, "Unauthorized error")), |
| 50 | 50 |
} |
| 51 |
- privilegeFunc := func(_ context.Context) (string, error) {
|
|
| 52 |
- return "", errors.New("Error requesting privilege")
|
|
| 53 |
- } |
|
| 54 | 51 |
_, err := client.ImagePull(context.Background(), "myimage", image.PullOptions{
|
| 55 |
- PrivilegeFunc: privilegeFunc, |
|
| 52 |
+ PrivilegeFunc: func(_ context.Context) (string, error) {
|
|
| 53 |
+ return "", errors.New("error requesting privilege")
|
|
| 54 |
+ }, |
|
| 56 | 55 |
}) |
| 57 |
- assert.Check(t, is.Error(err, "Error requesting privilege")) |
|
| 56 |
+ assert.Check(t, is.Error(err, "error requesting privilege")) |
|
| 58 | 57 |
} |
| 59 | 58 |
|
| 60 | 59 |
func TestImagePullWithUnauthorizedErrorAndAnotherUnauthorizedError(t *testing.T) {
|
| 61 | 60 |
client := &Client{
|
| 62 | 61 |
client: newMockClient(errorMock(http.StatusUnauthorized, "Unauthorized error")), |
| 63 | 62 |
} |
| 64 |
- privilegeFunc := func(_ context.Context) (string, error) {
|
|
| 65 |
- return "a-auth-header", nil |
|
| 66 |
- } |
|
| 67 | 63 |
_, err := client.ImagePull(context.Background(), "myimage", image.PullOptions{
|
| 68 |
- PrivilegeFunc: privilegeFunc, |
|
| 64 |
+ PrivilegeFunc: staticAuth("a-auth-header"),
|
|
| 69 | 65 |
}) |
| 70 | 66 |
assert.Check(t, is.ErrorType(err, cerrdefs.IsUnauthorized)) |
| 71 | 67 |
} |
| 72 | 68 |
|
| 73 | 69 |
func TestImagePullWithPrivilegedFuncNoError(t *testing.T) {
|
| 74 | 70 |
const expectedURL = "/images/create" |
| 71 |
+ const invalidAuth = "NotValid" |
|
| 72 |
+ const validAuth = "IAmValid" |
|
| 75 | 73 |
client := &Client{
|
| 76 | 74 |
client: newMockClient(func(req *http.Request) (*http.Response, error) {
|
| 77 | 75 |
if !strings.HasPrefix(req.URL.Path, expectedURL) {
|
| 78 | 76 |
return nil, fmt.Errorf("expected URL '%s', got '%s'", expectedURL, req.URL)
|
| 79 | 77 |
} |
| 80 | 78 |
auth := req.Header.Get(registry.AuthHeader) |
| 81 |
- if auth == "NotValid" {
|
|
| 79 |
+ if auth == invalidAuth {
|
|
| 82 | 80 |
return &http.Response{
|
| 83 | 81 |
StatusCode: http.StatusUnauthorized, |
| 84 | 82 |
Body: io.NopCloser(bytes.NewReader([]byte("Invalid credentials"))),
|
| 85 | 83 |
}, nil |
| 86 | 84 |
} |
| 87 |
- if auth != "IAmValid" {
|
|
| 85 |
+ if auth != validAuth {
|
|
| 88 | 86 |
return nil, fmt.Errorf("invalid auth header: expected %s, got %s", "IAmValid", auth)
|
| 89 | 87 |
} |
| 90 | 88 |
query := req.URL.Query() |
| ... | ... |
@@ -102,12 +100,9 @@ func TestImagePullWithPrivilegedFuncNoError(t *testing.T) {
|
| 102 | 102 |
}, nil |
| 103 | 103 |
}), |
| 104 | 104 |
} |
| 105 |
- privilegeFunc := func(_ context.Context) (string, error) {
|
|
| 106 |
- return "IAmValid", nil |
|
| 107 |
- } |
|
| 108 | 105 |
resp, err := client.ImagePull(context.Background(), "myimage", image.PullOptions{
|
| 109 |
- RegistryAuth: "NotValid", |
|
| 110 |
- PrivilegeFunc: privilegeFunc, |
|
| 106 |
+ RegistryAuth: invalidAuth, |
|
| 107 |
+ PrivilegeFunc: staticAuth(validAuth), |
|
| 111 | 108 |
}) |
| 112 | 109 |
assert.NilError(t, err) |
| 113 | 110 |
body, err := io.ReadAll(resp) |
| ... | ... |
@@ -75,19 +75,21 @@ func TestImagePushWithUnauthorizedErrorAndAnotherUnauthorizedError(t *testing.T) |
| 75 | 75 |
|
| 76 | 76 |
func TestImagePushWithPrivilegedFuncNoError(t *testing.T) {
|
| 77 | 77 |
const expectedURL = "/images/docker.io/myname/myimage/push" |
| 78 |
+ const invalidAuth = "NotValid" |
|
| 79 |
+ const validAuth = "IAmValid" |
|
| 78 | 80 |
client := &Client{
|
| 79 | 81 |
client: newMockClient(func(req *http.Request) (*http.Response, error) {
|
| 80 | 82 |
if !strings.HasPrefix(req.URL.Path, expectedURL) {
|
| 81 | 83 |
return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL)
|
| 82 | 84 |
} |
| 83 | 85 |
auth := req.Header.Get(registry.AuthHeader) |
| 84 |
- if auth == "NotValid" {
|
|
| 86 |
+ if auth == invalidAuth {
|
|
| 85 | 87 |
return &http.Response{
|
| 86 | 88 |
StatusCode: http.StatusUnauthorized, |
| 87 | 89 |
Body: io.NopCloser(bytes.NewReader([]byte("Invalid credentials"))),
|
| 88 | 90 |
}, nil |
| 89 | 91 |
} |
| 90 |
- if auth != "IAmValid" {
|
|
| 92 |
+ if auth != validAuth {
|
|
| 91 | 93 |
return nil, fmt.Errorf("invalid auth header: expected %s, got %s", "IAmValid", auth)
|
| 92 | 94 |
} |
| 93 | 95 |
query := req.URL.Query() |
| ... | ... |
@@ -101,12 +103,9 @@ func TestImagePushWithPrivilegedFuncNoError(t *testing.T) {
|
| 101 | 101 |
}, nil |
| 102 | 102 |
}), |
| 103 | 103 |
} |
| 104 |
- privilegeFunc := func(_ context.Context) (string, error) {
|
|
| 105 |
- return "IAmValid", nil |
|
| 106 |
- } |
|
| 107 | 104 |
resp, err := client.ImagePush(context.Background(), "myname/myimage:tag", image.PushOptions{
|
| 108 |
- RegistryAuth: "NotValid", |
|
| 109 |
- PrivilegeFunc: privilegeFunc, |
|
| 105 |
+ RegistryAuth: invalidAuth, |
|
| 106 |
+ PrivilegeFunc: staticAuth(validAuth), |
|
| 110 | 107 |
}) |
| 111 | 108 |
assert.NilError(t, err) |
| 112 | 109 |
body, err := io.ReadAll(resp) |