github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Merge pull request #5186 from cpuguy83/fix_docker_cert_loading

Browse Source 
Fix docker style cert loading.
This commit is contained in:
Phil Estes 2021-03-15 10:36:42 -04:00 committed by GitHub
commit bd4f468c62
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 118 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
remotes/docker/config/hosts.go
View File

@ -82,7 +82,6 @@ func ConfigureHosts(ctx context.Context, options HostOptions) docker.RegistryHos
return nil, err return nil, err
} }
} }
} }
// If hosts was not set, add a default host // If hosts was not set, add a default host
@ -490,7 +489,7 @@ func loadCertFiles(ctx context.Context, certsDir string) ([]hostConfig, error) {
} }
hosts := make([]hostConfig, 1) hosts := make([]hostConfig, 1)
for _, f := range fs { for _, f := range fs {
if !f.IsDir() { if f.IsDir() {
continue continue
} }
if strings.HasSuffix(f.Name(), ".crt") { if strings.HasSuffix(f.Name(), ".crt") {
@ -501,9 +500,9 @@ func loadCertFiles(ctx context.Context, certsDir string) ([]hostConfig, error) {
certFile := f.Name() certFile := f.Name()
pair[0] = filepath.Join(certsDir, certFile) pair[0] = filepath.Join(certsDir, certFile)
// Check if key also exists // Check if key also exists
keyFile := certFile[:len(certFile)-5] + ".key" keyFile := filepath.Join(certsDir, certFile[:len(certFile)-5]+".key")
if _, err := os.Stat(keyFile); err == nil { if _, err := os.Stat(keyFile); err == nil {
pair[1] = filepath.Join(certsDir, keyFile) pair[1] = keyFile
} else if !os.IsNotExist(err) { } else if !os.IsNotExist(err) {
return nil, err return nil, err
} }

115
remotes/docker/config/hosts_test.go
View File

@ -20,7 +20,9 @@ import (
"bytes" "bytes"
"context" "context"
"fmt" "fmt"
"io/ioutil"
"net/http" "net/http"
"os"
"path/filepath" "path/filepath"
"testing" "testing"
@ -190,6 +192,87 @@ ca = "/etc/path/default"
} }
} }
func TestLoadCertFiles(t *testing.T) {
dir, err := ioutil.TempDir("", t.Name())
if err != nil {
t.Fatal(err)
}
defer os.RemoveAll(dir)
type testCase struct {
input hostConfig
}
cases := map[string]testCase{
"crt only": {
input: hostConfig{host: "testing.io", caCerts: []string{filepath.Join(dir, "testing.io", "ca.crt")}},
},
"crt and cert pair": {
input: hostConfig{
host: "testing.io",
caCerts: []string{filepath.Join(dir, "testing.io", "ca.crt")},
clientPairs: [][2]string{
{
filepath.Join(dir, "testing.io", "client.cert"),
filepath.Join(dir, "testing.io", "client.key"),
},
},
},
},
"cert pair only": {
input: hostConfig{
host: "testing.io",
clientPairs: [][2]string{
{
filepath.Join(dir, "testing.io", "client.cert"),
filepath.Join(dir, "testing.io", "client.key"),
},
},
},
},
}
for name, tc := range cases {
t.Run(name, func(t *testing.T) {
hostDir := filepath.Join(dir, tc.input.host)
if err := os.MkdirAll(hostDir, 0700); err != nil {
t.Fatal(err)
}
defer os.RemoveAll(hostDir)
for _, f := range tc.input.caCerts {
if err := ioutil.WriteFile(f, testKey, 0600); err != nil {
t.Fatal(err)
}
}
for _, pair := range tc.input.clientPairs {
if err := ioutil.WriteFile(pair[0], testKey, 0600); err != nil {
t.Fatal(err)
}
if err := ioutil.WriteFile(pair[1], testKey, 0600); err != nil {
t.Fatal(err)
}
}
configs, err := loadHostDir(context.Background(), hostDir)
if err != nil {
t.Fatal(err)
}
if len(configs) != 1 {
t.Fatalf("\nexpected:\n%+v\ngot:\n%+v", tc.input, configs)
}
cfg := configs[0]
cfg.host = tc.input.host
if !compareHostConfig(cfg, tc.input) {
t.Errorf("\nexpected:\n%+v:\n\ngot:\n%+v", tc.input, cfg)
}
})
}
}
func compareRegistryHost(j, k docker.RegistryHost) bool { func compareRegistryHost(j, k docker.RegistryHost) bool {
if j.Scheme != k.Scheme { if j.Scheme != k.Scheme {
return false return false
@ -283,3 +366,35 @@ func printHostConfig(hc []hostConfig) string {
} }
return b.String() return b.String()
} }
var (
testKey = []byte(`-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDa+zvPgFXwra4S
0DzEWRgZHxVTDG1sJsnN/jOaHCNpRyABGVW5kdei9WFWv3dpiELI+guQMjdUL++w
M68bs6cXKW+1nW6u5uWuGwklOwkoKoeHkkn/vHef7ybk+5qdk6AYY0DKQsrBBOvj
f0WAnG+1xi8VIOEBmce0/47MexOiuILVkjokgdmDCOc8ShkT6/EJTCsI1wDew/4G
9IiRzw2xSM0ZATAtEC3HEBRLJGWZQtuKlLCuzJ+erOWUcg2cjnSgR3PmaAXE//5g
SoeqEbtTo1satf9AR4VvreIAI8m0eyo8ABMLTkZovEFcUUHetL63hdqItjCeRfrQ
zK4LMRFbAgMBAAECggEBAJtP6UHo0gtcA8SQMSlJz4+xvhwjClDUyfjyPIMnRe5b
ZdWhtG1jhT+tLhaqwfT1kfidcCobk6aAQU4FukK5jt8cooB7Yo9mcKylvDzNvFbi
ozGCjj113JpwsnNiCG2O0NO7Qa6y5L810GCQWik3yvtvzuD7atsJyN0VDKD3Ahw7
1X8z76grZFlhVMCTAA3vAJ2y2p3sd+TGC/PIhnsvChwxEorGCnMj93mBaUI7zZRY
EZhlk4ZvC9sUvlVUuYC+wAHjasgN9s3AzsOBSx+Xt3NaXQHzhL0mVo/vu/pjjFBs
WBLR1PBoIfveTJPOp+Hrr4cuCK0NuX9sWlWPYLl5A2ECgYEA5fq3n4PhbJ2BuTS5
AVgOmjRpk1eogb6aSY+cx7Mr++ADF9EYXc5tgKoUsDeeiiyK2lv6IKavoTWT1kdd
shiclyEzp2CxG5GtbC/g2XHiBLepgo1fjfev3btCmIeGVBjglOx4F3gEsRygrAID
zcz94m2I+uqLT8hvWnccIqScglkCgYEA88H2ji4Nvx6TmqCLcER0vNDVoxxDfgGb
iohvenD2jmmdTnezTddsgECAI8L0BPNS/0vBCduTjs5BqhKbIfQvuK5CANMUcxuQ
twWH8kPvTYJVgsmWP6sSXSz3PohWC5EA9xACExGtyN6d7sLUCV0SBhjlcgMvGuDM
lP6NjyyWctMCgYBKdfGr+QQsqZaNw48+6ybXMK8aIKCTWYYU2SW21sEf7PizZmTQ
Qnzb0rWeFHQFYsSWTH9gwPdOZ8107GheuG9C02IpCDpvpawTwjC31pKKWnjMpz9P
9OkBDpdSUVbhtahJL4L2fkpumck/x+s5X+y3uiVGsFfovgmnrbbzVH7ECQKBgQCC
MYs7DaYR+obkA/P2FtozL2esIyB5YOpu58iDIWrPTeHTU2PVo8Y0Cj9m2m3zZvNh
oFiOp1T85XV1HVL2o7IJdimSvyshAAwfdTjTUS2zvHVn0bwKbZj1Y1r7b15l9yEI
1OgGv16O9zhrmmweRDOoRgvnBYRXWtJqkjuRyULiOQKBgQC/lSYigV32Eb8Eg1pv
7OcPWv4qV4880lRE0MXuQ4VFa4+pqvdziYFYQD4jDYJ4IX9l//bsobL0j7z0P0Gk
wDFti9bRwRoO1ntqoA8n2pDLlLRGl0dyjB6fHzp27oqtyf1HRlHiow7Gqx5b5JOk
tycYKwA3DuaSyqPe6MthLneq8w==
-----END PRIVATE KEY-----
`)
)