test: add test for per registry credential helpers (#242)

bazel-contrib · May 12, 2023 · 675f052 · 675f052
1 parent 2402501
commit 675f052
Show file tree

Hide file tree

Showing 3 changed files with 59 additions and 8 deletions.
diff --git a/e2e/auth/helpers/docker-credential-new b/e2e/auth/helpers/docker-credential-new
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+read -r URL
+
+
+if [[ "$URL" != "localhost:1447" ]]; then 
+    echo "expected registry url to be localhost:1447";
+    exit 1
+fi
+
+echo "{\"ServerURL\": \"$URL\", \"Username\": \"per-cred\", \"Secret\": \"testing\"}"
diff --git a/e2e/auth/main.go b/e2e/auth/main.go
@@ -8,6 +8,7 @@ import (
 	"log"
 	"net/http"
 	"os"
+	"strings"
 
 	"github.com/google/go-containerregistry/pkg/registry"
 	"github.com/r3labs/diff/v3"
@@ -26,11 +27,11 @@ func main() {
 	go func() {
 		for scanner.Scan() {
 			content := scanner.Text()
-			fmt.Println(content)
 			err := json.Unmarshal([]byte(content), &auth)
 			if err != nil {
 				log.Fatalln(err)
 			}
+			fmt.Println(content)
 		}
 		if scanner.Err() != nil {
 			log.Fatalln(scanner.Err())
@@ -40,7 +41,7 @@ func main() {
 	reg := registry.New(registry.Logger(log.New(ioutil.Discard, "", log.LstdFlags)))
 	s := &http.Server{
 		Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			if r.RequestURI == "/v2/empty_image/static/manifests/sha256:c3c3d0230d487c0ad3a0d87ad03ee02ea2ff0b3dcce91ca06a1019e07de05f12" {
+			if strings.Contains(r.RequestURI, "/v2/empty_image/") {
 				currentAuth := Authn{Authorization: []string{}}
 				if r.Header["Authorization"] != nil {
 					currentAuth.Authorization = r.Header["Authorization"]

diff --git a/e2e/auth/test.bats b/e2e/auth/test.bats
@@ -28,6 +28,7 @@ function teardown_file() {
 
 function setup() {
     export DOCKER_CONFIG=$(mktemp -d)
+    bazel clean
 }
 
 function update_assert() {
@@ -44,7 +45,7 @@ function update_assert() {
 }
 EOF
     update_assert '{"Authorization": ["Basic dGVzdDp0ZXN0"]}'
-    run bazel build @empty_image//... --repository_cache=$BATS_TEST_TMPDIR
+    run bazel build @empty_image//... --repository_cache=
     assert_success
 }
 
@@ -57,7 +58,7 @@ EOF
 }
 EOF
     update_assert '{"Authorization": ["Basic dGVzdDp0ZXN0"]}'
-    run bazel build @empty_image//... --repository_cache=$BATS_TEST_TMPDIR
+    run bazel build @empty_image//... --repository_cache=
     assert_success
 }
 
@@ -70,7 +71,7 @@ EOF
 }
 EOF
     update_assert '{"Authorization": ["Basic dGVzdDp0ZXN0"]}'
-    run bazel build @empty_image//... --repository_cache=$BATS_TEST_TMPDIR
+    run bazel build @empty_image//... --repository_cache=
     assert_success
 }
 
@@ -82,7 +83,7 @@ EOF
 }
 EOF
     update_assert '{"Authorization": ["Basic dGVzdGluZzpvY2k="]}'
-    run bazel build @empty_image//... --repository_cache=$BATS_TEST_TMPDIR
+    run bazel build @empty_image//... --repository_cache=
     assert_success
 }
 
@@ -93,7 +94,7 @@ EOF
   "credsStore": "evil"
 }
 EOF
-    run bazel build @empty_image//... --repository_cache=$BATS_TEST_TMPDIR
+    run bazel build @empty_image//... --repository_cache=
     assert_failure
     assert_output -p "can't run at this time" "ERROR: credential helper failed:"
 }
@@ -105,7 +106,46 @@ EOF
   "credsStore": "missing"
 }
 EOF
-    run bazel build @empty_image//... --repository_cache=$BATS_TEST_TMPDIR
+    run bazel build @empty_image//... --repository_cache=
     assert_failure
     assert_output -p "exec: docker-credential-missing: not found" "ERROR: credential helper failed:"
+}
+
+@test "per registry credHelper fails" {
+    cat > "$DOCKER_CONFIG/config.json" <<EOF
+{
+  "credHelpers": {
+    "localhost:1447": "evil"
+  }
+}
+EOF
+    run bazel build @empty_image//... --repository_cache=
+    assert_failure 
+    assert_output -p "Error in fail: credential helper failed:" "can't run at this time"
+}
+
+@test "per registry credHelper succeeds" {
+    cat > "$DOCKER_CONFIG/config.json" <<EOF
+{
+  "credHelpers": {
+    "localhost:1447": "new"
+  }
+}
+EOF
+    update_assert '{"Authorization": ["Basic cGVyLWNyZWQ6dGVzdGluZw=="]}'
+    run bazel build @empty_image//... --repository_cache=
+    assert_success
+}
+
+@test "per registry credHelper fails to match authorization" {
+    cat > "$DOCKER_CONFIG/config.json" <<EOF
+{
+  "credHelpers": {
+    "localhost:1447": "oci"
+  }
+}
+EOF
+    update_assert '{"Authorization": ["Basic not_match"]}'
+    run bazel build @empty_image//... --repository_cache=
+    assert_failure
 }