github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix golint failures in pkg/credentialprovider (#88860)

Browse Source 
* Fix golint failures in pkg/credentialprovider

* improve Comment

* test
This commit is contained in:
zzde 2020-03-19 11:10:43 +08:00 committed by GitHub
parent 42972f2a37
commit a95d04993a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 163 additions and 150 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hack/.golint_failures
View File

@ -95,7 +95,6 @@ pkg/controller/volume/events
pkg/controller/volume/expand pkg/controller/volume/expand
pkg/controller/volume/persistentvolume pkg/controller/volume/persistentvolume
pkg/controller/volume/persistentvolume/config/v1alpha1 pkg/controller/volume/persistentvolume/config/v1alpha1
pkg/credentialprovider
pkg/features pkg/features
pkg/kubeapiserver pkg/kubeapiserver
pkg/kubeapiserver/options pkg/kubeapiserver/options

70
pkg/credentialprovider/config.go
View File

@ -36,12 +36,12 @@ const (
maxReadLength = 10 * 1 << 20 // 10MB maxReadLength = 10 * 1 << 20 // 10MB
) )
// DockerConfigJson represents ~/.docker/config.json file info // DockerConfigJSON represents ~/.docker/config.json file info
// see https://github.com/docker/docker/pull/12009 // see https://github.com/docker/docker/pull/12009
type DockerConfigJson struct { type DockerConfigJSON struct {
Auths DockerConfig `json:"auths"` Auths DockerConfig `json:"auths"`
// +optional // +optional
HttpHeaders map[string]string `json:"HttpHeaders,omitempty"` HTTPHeaders map[string]string `json:"HttpHeaders,omitempty"`
} }
// DockerConfig represents the config file used by the docker CLI. // DockerConfig represents the config file used by the docker CLI.
@ -49,6 +49,7 @@ type DockerConfigJson struct {
// when pulling images from specific image repositories. // when pulling images from specific image repositories.
type DockerConfig map[string]DockerConfigEntry type DockerConfig map[string]DockerConfigEntry
// DockerConfigEntry wraps a docker config as a entry
type DockerConfigEntry struct { type DockerConfigEntry struct {
Username string Username string
Password string Password string
@ -62,19 +63,21 @@ var (
workingDirPath = "" workingDirPath = ""
homeDirPath, _ = os.UserHomeDir() homeDirPath, _ = os.UserHomeDir()
rootDirPath = "/" rootDirPath = "/"
homeJsonDirPath = filepath.Join(homeDirPath, ".docker") homeJSONDirPath = filepath.Join(homeDirPath, ".docker")
rootJsonDirPath = filepath.Join(rootDirPath, ".docker") rootJSONDirPath = filepath.Join(rootDirPath, ".docker")
configFileName = ".dockercfg" configFileName = ".dockercfg"
configJsonFileName = "config.json" configJSONFileName = "config.json"
) )
// SetPreferredDockercfgPath set preferred docker config path
func SetPreferredDockercfgPath(path string) { func SetPreferredDockercfgPath(path string) {
preferredPathLock.Lock() preferredPathLock.Lock()
defer preferredPathLock.Unlock() defer preferredPathLock.Unlock()
preferredPath = path preferredPath = path
} }
// GetPreferredDockercfgPath get preferred docker config path
func GetPreferredDockercfgPath() string { func GetPreferredDockercfgPath() string {
preferredPathLock.Lock() preferredPathLock.Lock()
defer preferredPathLock.Unlock() defer preferredPathLock.Unlock()
@ -88,7 +91,7 @@ func DefaultDockercfgPaths() []string {
//DefaultDockerConfigJSONPaths returns default search paths of .docker/config.json //DefaultDockerConfigJSONPaths returns default search paths of .docker/config.json
func DefaultDockerConfigJSONPaths() []string { func DefaultDockerConfigJSONPaths() []string {
return []string{GetPreferredDockercfgPath(), workingDirPath, homeJsonDirPath, rootJsonDirPath} return []string{GetPreferredDockercfgPath(), workingDirPath, homeJSONDirPath, rootJSONDirPath}
} }
// ReadDockercfgFile attempts to read a legacy dockercfg file from the given paths. // ReadDockercfgFile attempts to read a legacy dockercfg file from the given paths.
@ -129,36 +132,37 @@ func ReadDockerConfigJSONFile(searchPaths []string) (cfg DockerConfig, err error
searchPaths = DefaultDockerConfigJSONPaths() searchPaths = DefaultDockerConfigJSONPaths()
} }
for _, configPath := range searchPaths { for _, configPath := range searchPaths {
absDockerConfigFileLocation, err := filepath.Abs(filepath.Join(configPath, configJsonFileName)) absDockerConfigFileLocation, err := filepath.Abs(filepath.Join(configPath, configJSONFileName))
if err != nil { if err != nil {
klog.Errorf("while trying to canonicalize %s: %v", configPath, err) klog.Errorf("while trying to canonicalize %s: %v", configPath, err)
continue continue
} }
klog.V(4).Infof("looking for %s at %s", configJsonFileName, absDockerConfigFileLocation) klog.V(4).Infof("looking for %s at %s", configJSONFileName, absDockerConfigFileLocation)
cfg, err = ReadSpecificDockerConfigJsonFile(absDockerConfigFileLocation) cfg, err = ReadSpecificDockerConfigJSONFile(absDockerConfigFileLocation)
if err != nil { if err != nil {
if !os.IsNotExist(err) { if !os.IsNotExist(err) {
klog.V(4).Infof("while trying to read %s: %v", absDockerConfigFileLocation, err) klog.V(4).Infof("while trying to read %s: %v", absDockerConfigFileLocation, err)
} }
continue continue
} }
klog.V(4).Infof("found valid %s at %s", configJsonFileName, absDockerConfigFileLocation) klog.V(4).Infof("found valid %s at %s", configJSONFileName, absDockerConfigFileLocation)
return cfg, nil return cfg, nil
} }
return nil, fmt.Errorf("couldn't find valid %s after checking in %v", configJsonFileName, searchPaths) return nil, fmt.Errorf("couldn't find valid %s after checking in %v", configJSONFileName, searchPaths)
} }
//ReadSpecificDockerConfigJsonFile attempts to read docker configJSON from a given file path. //ReadSpecificDockerConfigJSONFile attempts to read docker configJSON from a given file path.
func ReadSpecificDockerConfigJsonFile(filePath string) (cfg DockerConfig, err error) { func ReadSpecificDockerConfigJSONFile(filePath string) (cfg DockerConfig, err error) {
var contents []byte var contents []byte
if contents, err = ioutil.ReadFile(filePath); err != nil { if contents, err = ioutil.ReadFile(filePath); err != nil {
return nil, err return nil, err
} }
return readDockerConfigJsonFileFromBytes(contents) return readDockerConfigJSONFileFromBytes(contents)
} }
// ReadDockerConfigFile read a docker config file from default path
func ReadDockerConfigFile() (cfg DockerConfig, err error) { func ReadDockerConfigFile() (cfg DockerConfig, err error) {
if cfg, err := ReadDockerConfigJSONFile(nil); err == nil { if cfg, err := ReadDockerConfigJSONFile(nil); err == nil {
return cfg, nil return cfg, nil
@ -167,19 +171,20 @@ func ReadDockerConfigFile() (cfg DockerConfig, err error) {
return ReadDockercfgFile(nil) return ReadDockercfgFile(nil)
} }
// HttpError wraps a non-StatusOK error code as an error. // HTTPError wraps a non-StatusOK error code as an error.
type HttpError struct { type HTTPError struct {
StatusCode int StatusCode int
Url string URL string
} }
// Error implements error // Error implements error
func (he *HttpError) Error() string { func (he *HTTPError) Error() string {
return fmt.Sprintf("http status code: %d while fetching url %s", return fmt.Sprintf("http status code: %d while fetching url %s",
he.StatusCode, he.Url) he.StatusCode, he.URL)
} }
func ReadUrl(url string, client *http.Client, header *http.Header) (body []byte, err error) { // ReadURL read contents from given url
func ReadURL(url string, client *http.Client, header *http.Header) (body []byte, err error) {
req, err := http.NewRequest("GET", url, nil) req, err := http.NewRequest("GET", url, nil)
if err != nil { if err != nil {
return nil, err return nil, err
@ -195,9 +200,9 @@ func ReadUrl(url string, client *http.Client, header *http.Header) (body []byte,
if resp.StatusCode != http.StatusOK { if resp.StatusCode != http.StatusOK {
klog.V(2).Infof("body of failing http response: %v", resp.Body) klog.V(2).Infof("body of failing http response: %v", resp.Body)
return nil, &HttpError{ return nil, &HTTPError{
StatusCode: resp.StatusCode, StatusCode: resp.StatusCode,
Url: url, URL: url,
} }
} }
@ -214,12 +219,13 @@ func ReadUrl(url string, client *http.Client, header *http.Header) (body []byte,
return contents, nil return contents, nil
} }
func ReadDockerConfigFileFromUrl(url string, client *http.Client, header *http.Header) (cfg DockerConfig, err error) { // ReadDockerConfigFileFromURL read a docker config file from the given url
if contents, err := ReadUrl(url, client, header); err != nil { func ReadDockerConfigFileFromURL(url string, client *http.Client, header *http.Header) (cfg DockerConfig, err error) {
return nil, err if contents, err := ReadURL(url, client, header); err == nil {
} else {
return readDockerConfigFileFromBytes(contents) return readDockerConfigFileFromBytes(contents)
} }
return nil, err
} }
func readDockerConfigFileFromBytes(contents []byte) (cfg DockerConfig, err error) { func readDockerConfigFileFromBytes(contents []byte) (cfg DockerConfig, err error) {
@ -230,13 +236,13 @@ func readDockerConfigFileFromBytes(contents []byte) (cfg DockerConfig, err error
return return
} }
func readDockerConfigJsonFileFromBytes(contents []byte) (cfg DockerConfig, err error) { func readDockerConfigJSONFileFromBytes(contents []byte) (cfg DockerConfig, err error) {
var cfgJson DockerConfigJson var cfgJSON DockerConfigJSON
if err = json.Unmarshal(contents, &cfgJson); err != nil { if err = json.Unmarshal(contents, &cfgJSON); err != nil {
klog.Errorf("while trying to parse blob %q: %v", contents, err) klog.Errorf("while trying to parse blob %q: %v", contents, err)
return nil, err return nil, err
} }
cfg = cfgJson.Auths cfg = cfgJSON.Auths
return return
} }
@ -253,6 +259,7 @@ type dockerConfigEntryWithAuth struct {
Auth string `json:"auth,omitempty"` Auth string `json:"auth,omitempty"`
} }
// UnmarshalJSON implements the json.Unmarshaler interface.
func (ident *DockerConfigEntry) UnmarshalJSON(data []byte) error { func (ident *DockerConfigEntry) UnmarshalJSON(data []byte) error {
var tmp dockerConfigEntryWithAuth var tmp dockerConfigEntryWithAuth
err := json.Unmarshal(data, &tmp) err := json.Unmarshal(data, &tmp)
@ -272,6 +279,7 @@ func (ident *DockerConfigEntry) UnmarshalJSON(data []byte) error {
return err return err
} }
// MarshalJSON implements the json.Marshaler interface.
func (ident DockerConfigEntry) MarshalJSON() ([]byte, error) { func (ident DockerConfigEntry) MarshalJSON() ([]byte, error) {
toEncode := dockerConfigEntryWithAuth{ident.Username, ident.Password, ident.Email, ""} toEncode := dockerConfigEntryWithAuth{ident.Username, ident.Password, ident.Email, ""}
toEncode.Auth = encodeDockerConfigFieldAuth(ident.Username, ident.Password) toEncode.Auth = encodeDockerConfigFieldAuth(ident.Username, ident.Password)

12
pkg/credentialprovider/config_test.go
View File

@ -27,11 +27,11 @@ import (
) )
func TestReadDockerConfigFile(t *testing.T) { func TestReadDockerConfigFile(t *testing.T) {
configJsonFileName := "config.json" configJSONFileName := "config.json"
var fileInfo *os.File var fileInfo *os.File
//test dockerconfig json //test dockerconfig json
inputDockerconfigJsonFile := "{ \"auths\": { \"http://foo.example.com\":{\"auth\":\"Zm9vOmJhcgo=\",\"email\":\"foo@example.com\"}}}" inputDockerconfigJSONFile := "{ \"auths\": { \"http://foo.example.com\":{\"auth\":\"Zm9vOmJhcgo=\",\"email\":\"foo@example.com\"}}}"
preferredPath, err := ioutil.TempDir("", "test_foo_bar_dockerconfigjson_") preferredPath, err := ioutil.TempDir("", "test_foo_bar_dockerconfigjson_")
if err != nil { if err != nil {
@ -39,7 +39,7 @@ func TestReadDockerConfigFile(t *testing.T) {
return return
} }
defer os.RemoveAll(preferredPath) defer os.RemoveAll(preferredPath)
absDockerConfigFileLocation, err := filepath.Abs(filepath.Join(preferredPath, configJsonFileName)) absDockerConfigFileLocation, err := filepath.Abs(filepath.Join(preferredPath, configJSONFileName))
if err != nil { if err != nil {
t.Fatalf("While trying to canonicalize %s: %v", preferredPath, err) t.Fatalf("While trying to canonicalize %s: %v", preferredPath, err)
} }
@ -53,7 +53,7 @@ func TestReadDockerConfigFile(t *testing.T) {
defer fileInfo.Close() defer fileInfo.Close()
} }
fileInfo.WriteString(inputDockerconfigJsonFile) fileInfo.WriteString(inputDockerconfigJSONFile)
orgPreferredPath := GetPreferredDockercfgPath() orgPreferredPath := GetPreferredDockercfgPath()
SetPreferredDockercfgPath(preferredPath) SetPreferredDockercfgPath(preferredPath)
@ -66,7 +66,7 @@ func TestDockerConfigJsonJSONDecode(t *testing.T) {
// Fake values for testing. // Fake values for testing.
input := []byte(`{"auths": {"http://foo.example.com":{"username": "foo", "password": "bar", "email": "foo@example.com"}, "http://bar.example.com":{"username": "bar", "password": "baz", "email": "bar@example.com"}}}`) input := []byte(`{"auths": {"http://foo.example.com":{"username": "foo", "password": "bar", "email": "foo@example.com"}, "http://bar.example.com":{"username": "bar", "password": "baz", "email": "bar@example.com"}}}`)
expect := DockerConfigJson{ expect := DockerConfigJSON{
Auths: DockerConfig(map[string]DockerConfigEntry{ Auths: DockerConfig(map[string]DockerConfigEntry{
"http://foo.example.com": { "http://foo.example.com": {
Username: "foo", Username: "foo",
@ -81,7 +81,7 @@ func TestDockerConfigJsonJSONDecode(t *testing.T) {
}), }),
} }
var output DockerConfigJson var output DockerConfigJSON
err := json.Unmarshal(input, &output) err := json.Unmarshal(input, &output)
if err != nil { if err != nil {
t.Errorf("Received unexpected error: %v", err) t.Errorf("Received unexpected error: %v", err)

14
pkg/credentialprovider/gcp/metadata.go
View File

@ -150,7 +150,7 @@ func (g *metadataProvider) Enabled() bool {
func (g *dockerConfigKeyProvider) Provide(image string) credentialprovider.DockerConfig { func (g *dockerConfigKeyProvider) Provide(image string) credentialprovider.DockerConfig {
// Read the contents of the google-dockercfg metadata key and // Read the contents of the google-dockercfg metadata key and
// parse them as an alternate .dockercfg // parse them as an alternate .dockercfg
if cfg, err := credentialprovider.ReadDockerConfigFileFromUrl(dockerConfigKey, g.Client, metadataHeader); err != nil { if cfg, err := credentialprovider.ReadDockerConfigFileFromURL(dockerConfigKey, g.Client, metadataHeader); err != nil {
klog.Errorf("while reading 'google-dockercfg' metadata: %v", err) klog.Errorf("while reading 'google-dockercfg' metadata: %v", err)
} else { } else {
return cfg return cfg
@ -162,11 +162,11 @@ func (g *dockerConfigKeyProvider) Provide(image string) credentialprovider.Docke
// Provide implements DockerConfigProvider // Provide implements DockerConfigProvider
func (g *dockerConfigURLKeyProvider) Provide(image string) credentialprovider.DockerConfig { func (g *dockerConfigURLKeyProvider) Provide(image string) credentialprovider.DockerConfig {
// Read the contents of the google-dockercfg-url key and load a .dockercfg from there // Read the contents of the google-dockercfg-url key and load a .dockercfg from there
if url, err := credentialprovider.ReadUrl(dockerConfigURLKey, g.Client, metadataHeader); err != nil { if url, err := credentialprovider.ReadURL(dockerConfigURLKey, g.Client, metadataHeader); err != nil {
klog.Errorf("while reading 'google-dockercfg-url' metadata: %v", err) klog.Errorf("while reading 'google-dockercfg-url' metadata: %v", err)
} else { } else {
if strings.HasPrefix(string(url), "http") { if strings.HasPrefix(string(url), "http") {
if cfg, err := credentialprovider.ReadDockerConfigFileFromUrl(string(url), g.Client, nil); err != nil { if cfg, err := credentialprovider.ReadDockerConfigFileFromURL(string(url), g.Client, nil); err != nil {
klog.Errorf("while reading 'google-dockercfg-url'-specified url: %s, %v", string(url), err) klog.Errorf("while reading 'google-dockercfg-url'-specified url: %s, %v", string(url), err)
} else { } else {
return cfg return cfg
@ -214,7 +214,7 @@ func (g *containerRegistryProvider) Enabled() bool {
} }
// Given that we are on GCE, we should keep retrying until the metadata server responds. // Given that we are on GCE, we should keep retrying until the metadata server responds.
value := runWithBackoff(func() ([]byte, error) { value := runWithBackoff(func() ([]byte, error) {
value, err := credentialprovider.ReadUrl(serviceAccounts, g.Client, metadataHeader) value, err := credentialprovider.ReadURL(serviceAccounts, g.Client, metadataHeader)
if err != nil { if err != nil {
klog.V(2).Infof("Failed to Get service accounts from gce metadata server: %v", err) klog.V(2).Infof("Failed to Get service accounts from gce metadata server: %v", err)
} }
@ -237,7 +237,7 @@ func (g *containerRegistryProvider) Enabled() bool {
} }
url := metadataScopes + "?alt=json" url := metadataScopes + "?alt=json"
value = runWithBackoff(func() ([]byte, error) { value = runWithBackoff(func() ([]byte, error) {
value, err := credentialprovider.ReadUrl(url, g.Client, metadataHeader) value, err := credentialprovider.ReadURL(url, g.Client, metadataHeader)
if err != nil { if err != nil {
klog.V(2).Infof("Failed to Get scopes in default service account from gce metadata server: %v", err) klog.V(2).Infof("Failed to Get scopes in default service account from gce metadata server: %v", err)
} }
@ -268,13 +268,13 @@ type tokenBlob struct {
func (g *containerRegistryProvider) Provide(image string) credentialprovider.DockerConfig { func (g *containerRegistryProvider) Provide(image string) credentialprovider.DockerConfig {
cfg := credentialprovider.DockerConfig{} cfg := credentialprovider.DockerConfig{}
tokenJSONBlob, err := credentialprovider.ReadUrl(metadataToken, g.Client, metadataHeader) tokenJSONBlob, err := credentialprovider.ReadURL(metadataToken, g.Client, metadataHeader)
if err != nil { if err != nil {
klog.Errorf("while reading access token endpoint: %v", err) klog.Errorf("while reading access token endpoint: %v", err)
return cfg return cfg
} }
email, err := credentialprovider.ReadUrl(metadataEmail, g.Client, metadataHeader) email, err := credentialprovider.ReadURL(metadataEmail, g.Client, metadataHeader)
if err != nil { if err != nil {
klog.Errorf("while reading email endpoint: %v", err) klog.Errorf("while reading email endpoint: %v", err)
return cfg return cfg

38
pkg/credentialprovider/keyring.go
View File

@ -73,6 +73,7 @@ type AuthConfig struct {
RegistryToken string `json:"registrytoken,omitempty"` RegistryToken string `json:"registrytoken,omitempty"`
} }
// Add add some docker config in basic docker keyring
func (dk *BasicDockerKeyring) Add(cfg DockerConfig) { func (dk *BasicDockerKeyring) Add(cfg DockerConfig) {
if dk.index == nil { if dk.index == nil {
dk.index = make([]string, 0) dk.index = make([]string, 0)
@ -159,8 +160,8 @@ func isDefaultRegistryMatch(image string) bool {
// url.Parse require a scheme, but ours don't have schemes. Adding a // url.Parse require a scheme, but ours don't have schemes. Adding a
// scheme to make url.Parse happy, then clear out the resulting scheme. // scheme to make url.Parse happy, then clear out the resulting scheme.
func parseSchemelessUrl(schemelessUrl string) (*url.URL, error) { func parseSchemelessURL(schemelessURL string) (*url.URL, error) {
parsed, err := url.Parse("https://" + schemelessUrl) parsed, err := url.Parse("https://" + schemelessURL)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -170,7 +171,7 @@ func parseSchemelessUrl(schemelessUrl string) (*url.URL, error) {
} }
// split the host name into parts, as well as the port // split the host name into parts, as well as the port
func splitUrl(url *url.URL) (parts []string, port string) { func splitURL(url *url.URL) (parts []string, port string) {
host, port, err := net.SplitHostPort(url.Host) host, port, err := net.SplitHostPort(url.Host)
if err != nil { if err != nil {
// could not parse port // could not parse port
@ -181,43 +182,43 @@ func splitUrl(url *url.URL) (parts []string, port string) {
// overloaded version of urlsMatch, operating on strings instead of URLs. // overloaded version of urlsMatch, operating on strings instead of URLs.
func urlsMatchStr(glob string, target string) (bool, error) { func urlsMatchStr(glob string, target string) (bool, error) {
globUrl, err := parseSchemelessUrl(glob) globURL, err := parseSchemelessURL(glob)
if err != nil { if err != nil {
return false, err return false, err
} }
targetUrl, err := parseSchemelessUrl(target) targetURL, err := parseSchemelessURL(target)
if err != nil { if err != nil {
return false, err return false, err
} }
return urlsMatch(globUrl, targetUrl) return urlsMatch(globURL, targetURL)
} }
// check whether the given target url matches the glob url, which may have // check whether the given target url matches the glob url, which may have
// glob wild cards in the host name. // glob wild cards in the host name.
// //
// Examples: // Examples:
// globUrl=*.docker.io, targetUrl=blah.docker.io => match // globURL=*.docker.io, targetURL=blah.docker.io => match
// globUrl=*.docker.io, targetUrl=not.right.io => no match // globURL=*.docker.io, targetURL=not.right.io => no match
// //
// Note that we don't support wildcards in ports and paths yet. // Note that we don't support wildcards in ports and paths yet.
func urlsMatch(globUrl *url.URL, targetUrl *url.URL) (bool, error) { func urlsMatch(globURL *url.URL, targetURL *url.URL) (bool, error) {
globUrlParts, globPort := splitUrl(globUrl) globURLParts, globPort := splitURL(globURL)
targetUrlParts, targetPort := splitUrl(targetUrl) targetURLParts, targetPort := splitURL(targetURL)
if globPort != targetPort { if globPort != targetPort {
// port doesn't match // port doesn't match
return false, nil return false, nil
} }
if len(globUrlParts) != len(targetUrlParts) { if len(globURLParts) != len(targetURLParts) {
// host name does not have the same number of parts // host name does not have the same number of parts
return false, nil return false, nil
} }
if !strings.HasPrefix(targetUrl.Path, globUrl.Path) { if !strings.HasPrefix(targetURL.Path, globURL.Path) {
// the path of the credential must be a prefix // the path of the credential must be a prefix
return false, nil return false, nil
} }
for k, globUrlPart := range globUrlParts { for k, globURLPart := range globURLParts {
targetUrlPart := targetUrlParts[k] targetURLPart := targetURLParts[k]
matched, err := filepath.Match(globUrlPart, targetUrlPart) matched, err := filepath.Match(globURLPart, targetURLPart)
if err != nil { if err != nil {
return false, err return false, err
} }
@ -270,11 +271,14 @@ func (dk *providersDockerKeyring) Lookup(image string) ([]AuthConfig, bool) {
return keyring.Lookup(image) return keyring.Lookup(image)
} }
// FakeKeyring a fake config credentials
type FakeKeyring struct { type FakeKeyring struct {
auth []AuthConfig auth []AuthConfig
ok bool ok bool
} }
// Lookup implements the DockerKeyring method for fetching credentials based on image name
// return fake auth and ok
func (f *FakeKeyring) Lookup(image string) ([]AuthConfig, bool) { func (f *FakeKeyring) Lookup(image string) ([]AuthConfig, bool) {
return f.auth, f.ok return f.auth, f.ok
} }
@ -282,6 +286,8 @@ func (f *FakeKeyring) Lookup(image string) ([]AuthConfig, bool) {
// UnionDockerKeyring delegates to a set of keyrings. // UnionDockerKeyring delegates to a set of keyrings.
type UnionDockerKeyring []DockerKeyring type UnionDockerKeyring []DockerKeyring
// Lookup implements the DockerKeyring method for fetching credentials based on image name.
// return each credentials
func (k UnionDockerKeyring) Lookup(image string) ([]AuthConfig, bool) { func (k UnionDockerKeyring) Lookup(image string) ([]AuthConfig, bool) {
authConfigs := []AuthConfig{} authConfigs := []AuthConfig{}
for _, subKeyring := range k { for _, subKeyring := range k {

176
pkg/credentialprovider/keyring_test.go
View File

@ -25,169 +25,169 @@ import (
func TestUrlsMatch(t *testing.T) { func TestUrlsMatch(t *testing.T) {
tests := []struct { tests := []struct {
globUrl string globURL string
targetUrl string targetURL string
matchExpected bool matchExpected bool
}{ }{
// match when there is no path component // match when there is no path component
{ {
globUrl: "*.kubernetes.io", globURL: "*.kubernetes.io",
targetUrl: "prefix.kubernetes.io", targetURL: "prefix.kubernetes.io",
matchExpected: true, matchExpected: true,
}, },
{ {
globUrl: "prefix.*.io", globURL: "prefix.*.io",
targetUrl: "prefix.kubernetes.io", targetURL: "prefix.kubernetes.io",
matchExpected: true, matchExpected: true,
}, },
{ {
globUrl: "prefix.kubernetes.*", globURL: "prefix.kubernetes.*",
targetUrl: "prefix.kubernetes.io", targetURL: "prefix.kubernetes.io",
matchExpected: true, matchExpected: true,
}, },
{ {
globUrl: "*-good.kubernetes.io", globURL: "*-good.kubernetes.io",
targetUrl: "prefix-good.kubernetes.io", targetURL: "prefix-good.kubernetes.io",
matchExpected: true, matchExpected: true,
}, },
// match with path components // match with path components
{ {
globUrl: "*.kubernetes.io/blah", globURL: "*.kubernetes.io/blah",
targetUrl: "prefix.kubernetes.io/blah", targetURL: "prefix.kubernetes.io/blah",
matchExpected: true, matchExpected: true,
}, },
{ {
globUrl: "prefix.*.io/foo", globURL: "prefix.*.io/foo",
targetUrl: "prefix.kubernetes.io/foo/bar", targetURL: "prefix.kubernetes.io/foo/bar",
matchExpected: true, matchExpected: true,
}, },
// match with path components and ports // match with path components and ports
{ {
globUrl: "*.kubernetes.io:1111/blah", globURL: "*.kubernetes.io:1111/blah",
targetUrl: "prefix.kubernetes.io:1111/blah", targetURL: "prefix.kubernetes.io:1111/blah",
matchExpected: true, matchExpected: true,
}, },
{ {
globUrl: "prefix.*.io:1111/foo", globURL: "prefix.*.io:1111/foo",
targetUrl: "prefix.kubernetes.io:1111/foo/bar", targetURL: "prefix.kubernetes.io:1111/foo/bar",
matchExpected: true, matchExpected: true,
}, },
// no match when number of parts mismatch // no match when number of parts mismatch
{ {
globUrl: "*.kubernetes.io", globURL: "*.kubernetes.io",
targetUrl: "kubernetes.io", targetURL: "kubernetes.io",
matchExpected: false, matchExpected: false,
}, },
{ {
globUrl: "*.*.kubernetes.io", globURL: "*.*.kubernetes.io",
targetUrl: "prefix.kubernetes.io", targetURL: "prefix.kubernetes.io",
matchExpected: false, matchExpected: false,
}, },
{ {
globUrl: "*.*.kubernetes.io", globURL: "*.*.kubernetes.io",
targetUrl: "kubernetes.io", targetURL: "kubernetes.io",
matchExpected: false, matchExpected: false,
}, },
// no match when some parts mismatch // no match when some parts mismatch
{ {
globUrl: "kubernetes.io", globURL: "kubernetes.io",
targetUrl: "kubernetes.com", targetURL: "kubernetes.com",
matchExpected: false, matchExpected: false,
}, },
{ {
globUrl: "k*.io", globURL: "k*.io",
targetUrl: "quay.io", targetURL: "quay.io",
matchExpected: false, matchExpected: false,
}, },
// no match when ports mismatch // no match when ports mismatch
{ {
globUrl: "*.kubernetes.io:1234/blah", globURL: "*.kubernetes.io:1234/blah",
targetUrl: "prefix.kubernetes.io:1111/blah", targetURL: "prefix.kubernetes.io:1111/blah",
matchExpected: false, matchExpected: false,
}, },
{ {
globUrl: "prefix.*.io/foo", globURL: "prefix.*.io/foo",
targetUrl: "prefix.kubernetes.io:1111/foo/bar", targetURL: "prefix.kubernetes.io:1111/foo/bar",
matchExpected: false, matchExpected: false,
}, },
} }
for _, test := range tests { for _, test := range tests {
matched, _ := urlsMatchStr(test.globUrl, test.targetUrl) matched, _ := urlsMatchStr(test.globURL, test.targetURL)
if matched != test.matchExpected { if matched != test.matchExpected {
t.Errorf("Expected match result of %s and %s to be %t, but was %t", t.Errorf("Expected match result of %s and %s to be %t, but was %t",
test.globUrl, test.targetUrl, test.matchExpected, matched) test.globURL, test.targetURL, test.matchExpected, matched)
} }
} }
} }
func TestDockerKeyringForGlob(t *testing.T) { func TestDockerKeyringForGlob(t *testing.T) {
tests := []struct { tests := []struct {
globUrl string globURL string
targetUrl string targetURL string
}{ }{
{ {
globUrl: "https://hello.kubernetes.io", globURL: "https://hello.kubernetes.io",
targetUrl: "hello.kubernetes.io", targetURL: "hello.kubernetes.io",
}, },
{ {
globUrl: "https://*.docker.io", globURL: "https://*.docker.io",
targetUrl: "prefix.docker.io", targetURL: "prefix.docker.io",
}, },
{ {
globUrl: "https://prefix.*.io", globURL: "https://prefix.*.io",
targetUrl: "prefix.docker.io", targetURL: "prefix.docker.io",
}, },
{ {
globUrl: "https://prefix.docker.*", globURL: "https://prefix.docker.*",
targetUrl: "prefix.docker.io", targetURL: "prefix.docker.io",
}, },
{ {
globUrl: "https://*.docker.io/path", globURL: "https://*.docker.io/path",
targetUrl: "prefix.docker.io/path", targetURL: "prefix.docker.io/path",
}, },
{ {
globUrl: "https://prefix.*.io/path", globURL: "https://prefix.*.io/path",
targetUrl: "prefix.docker.io/path/subpath", targetURL: "prefix.docker.io/path/subpath",
}, },
{ {
globUrl: "https://prefix.docker.*/path", globURL: "https://prefix.docker.*/path",
targetUrl: "prefix.docker.io/path", targetURL: "prefix.docker.io/path",
}, },
{ {
globUrl: "https://*.docker.io:8888", globURL: "https://*.docker.io:8888",
targetUrl: "prefix.docker.io:8888", targetURL: "prefix.docker.io:8888",
}, },
{ {
globUrl: "https://prefix.*.io:8888", globURL: "https://prefix.*.io:8888",
targetUrl: "prefix.docker.io:8888", targetURL: "prefix.docker.io:8888",
}, },
{ {
globUrl: "https://prefix.docker.*:8888", globURL: "https://prefix.docker.*:8888",
targetUrl: "prefix.docker.io:8888", targetURL: "prefix.docker.io:8888",
}, },
{ {
globUrl: "https://*.docker.io/path:1111", globURL: "https://*.docker.io/path:1111",
targetUrl: "prefix.docker.io/path:1111", targetURL: "prefix.docker.io/path:1111",
}, },
{ {
globUrl: "https://*.docker.io/v1/", globURL: "https://*.docker.io/v1/",
targetUrl: "prefix.docker.io/path:1111", targetURL: "prefix.docker.io/path:1111",
}, },
{ {
globUrl: "https://*.docker.io/v2/", globURL: "https://*.docker.io/v2/",
targetUrl: "prefix.docker.io/path:1111", targetURL: "prefix.docker.io/path:1111",
}, },
{ {
globUrl: "https://prefix.docker.*/path:1111", globURL: "https://prefix.docker.*/path:1111",
targetUrl: "prefix.docker.io/path:1111", targetURL: "prefix.docker.io/path:1111",
}, },
{ {
globUrl: "prefix.docker.io:1111", globURL: "prefix.docker.io:1111",
targetUrl: "prefix.docker.io:1111/path", targetURL: "prefix.docker.io:1111/path",
}, },
{ {
globUrl: "*.docker.io:1111", globURL: "*.docker.io:1111",
targetUrl: "prefix.docker.io:1111/path", targetURL: "prefix.docker.io:1111/path",
}, },
} }
for i, test := range tests { for i, test := range tests {
@ -200,7 +200,7 @@ func TestDockerKeyringForGlob(t *testing.T) {
"email": %q, "email": %q,
"auth": %q "auth": %q
} }
}`, test.globUrl, email, auth) }`, test.globURL, email, auth)
keyring := &BasicDockerKeyring{} keyring := &BasicDockerKeyring{}
if cfg, err := readDockerConfigFileFromBytes([]byte(sampleDockerConfig)); err != nil { if cfg, err := readDockerConfigFileFromBytes([]byte(sampleDockerConfig)); err != nil {
@ -209,9 +209,9 @@ func TestDockerKeyringForGlob(t *testing.T) {
keyring.Add(cfg) keyring.Add(cfg)
} }
creds, ok := keyring.Lookup(test.targetUrl + "/foo/bar") creds, ok := keyring.Lookup(test.targetURL + "/foo/bar")
if !ok { if !ok {
t.Errorf("%d: Didn't find expected URL: %s", i, test.targetUrl) t.Errorf("%d: Didn't find expected URL: %s", i, test.targetURL)
continue continue
} }
val := creds[0] val := creds[0]
@ -230,32 +230,32 @@ func TestDockerKeyringForGlob(t *testing.T) {
func TestKeyringMiss(t *testing.T) { func TestKeyringMiss(t *testing.T) {
tests := []struct { tests := []struct {
globUrl string globURL string
lookupUrl string lookupURL string
}{ }{
{ {
globUrl: "https://hello.kubernetes.io", globURL: "https://hello.kubernetes.io",
lookupUrl: "world.mesos.org/foo/bar", lookupURL: "world.mesos.org/foo/bar",
}, },
{ {
globUrl: "https://*.docker.com", globURL: "https://*.docker.com",
lookupUrl: "prefix.docker.io", lookupURL: "prefix.docker.io",
}, },
{ {
globUrl: "https://suffix.*.io", globURL: "https://suffix.*.io",
lookupUrl: "prefix.docker.io", lookupURL: "prefix.docker.io",
}, },
{ {
globUrl: "https://prefix.docker.c*", globURL: "https://prefix.docker.c*",
lookupUrl: "prefix.docker.io", lookupURL: "prefix.docker.io",
}, },
{ {
globUrl: "https://prefix.*.io/path:1111", globURL: "https://prefix.*.io/path:1111",
lookupUrl: "prefix.docker.io/path/subpath:1111", lookupURL: "prefix.docker.io/path/subpath:1111",
}, },
{ {
globUrl: "suffix.*.io", globURL: "suffix.*.io",
lookupUrl: "prefix.docker.io", lookupURL: "prefix.docker.io",
}, },
} }
for _, test := range tests { for _, test := range tests {
@ -268,7 +268,7 @@ func TestKeyringMiss(t *testing.T) {
"email": %q, "email": %q,
"auth": %q "auth": %q
} }
}`, test.globUrl, email, auth) }`, test.globURL, email, auth)
keyring := &BasicDockerKeyring{} keyring := &BasicDockerKeyring{}
if cfg, err := readDockerConfigFileFromBytes([]byte(sampleDockerConfig)); err != nil { if cfg, err := readDockerConfigFileFromBytes([]byte(sampleDockerConfig)); err != nil {
@ -277,9 +277,9 @@ func TestKeyringMiss(t *testing.T) {
keyring.Add(cfg) keyring.Add(cfg)
} }
_, ok := keyring.Lookup(test.lookupUrl + "/foo/bar") _, ok := keyring.Lookup(test.lookupURL + "/foo/bar")
if ok { if ok {
t.Errorf("Expected not to find URL %s, but found", test.lookupUrl) t.Errorf("Expected not to find URL %s, but found", test.lookupURL)
} }
} }

2
pkg/credentialprovider/secrets/secrets.go
View File

@ -30,7 +30,7 @@ func MakeDockerKeyring(passedSecrets []v1.Secret, defaultKeyring credentialprovi
passedCredentials := []credentialprovider.DockerConfig{} passedCredentials := []credentialprovider.DockerConfig{}
for _, passedSecret := range passedSecrets { for _, passedSecret := range passedSecrets {
if dockerConfigJSONBytes, dockerConfigJSONExists := passedSecret.Data[v1.DockerConfigJsonKey]; (passedSecret.Type == v1.SecretTypeDockerConfigJson) && dockerConfigJSONExists && (len(dockerConfigJSONBytes) > 0) { if dockerConfigJSONBytes, dockerConfigJSONExists := passedSecret.Data[v1.DockerConfigJsonKey]; (passedSecret.Type == v1.SecretTypeDockerConfigJson) && dockerConfigJSONExists && (len(dockerConfigJSONBytes) > 0) {
dockerConfigJSON := credentialprovider.DockerConfigJson{} dockerConfigJSON := credentialprovider.DockerConfigJSON{}
if err := json.Unmarshal(dockerConfigJSONBytes, &dockerConfigJSON); err != nil { if err := json.Unmarshal(dockerConfigJSONBytes, &dockerConfigJSON); err != nil {
return nil, err return nil, err
} }