-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Handle a Docker daemon without registry info
The current implementation of the ElectAuthServer doesn't handle well when the default Registry server is not included in the response from the daemon Info endpoint. That leads to the storage and usage of the credentials for the default registry (`https://index.docker.io/v1/`) under an empty string on the client config file. Sample config file after a login via a Docker Daemon without Registry information: ```json { "auths": { "": { "auth": "***" } } } ``` That can lead to duplication of the password for the default registry and authentication failures against the default registry if a pull/push is performed without first authenticating via the misbehaving daemon. Also, changes the output of the warning message from stdout to sdterr as per dnephin suggestion. Signed-off-by: Marcus Martins <marcus@docker.com>
- Loading branch information
1 parent
61c0b9f
commit 8626497
Showing
2 changed files
with
82 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
package command_test | ||
|
||
import ( | ||
"bytes" | ||
"testing" | ||
|
||
"github.com/pkg/errors" | ||
"github.com/stretchr/testify/assert" | ||
"golang.org/x/net/context" | ||
|
||
// Prevents a circular import with "github.com/docker/cli/cli/internal/test" | ||
. "github.com/docker/cli/cli/command" | ||
"github.com/docker/cli/cli/internal/test" | ||
"github.com/docker/docker/api/types" | ||
"github.com/docker/docker/client" | ||
) | ||
|
||
type fakeClient struct { | ||
client.Client | ||
infoFunc func() (types.Info, error) | ||
} | ||
|
||
func (cli *fakeClient) Info(_ context.Context) (types.Info, error) { | ||
if cli.infoFunc != nil { | ||
return cli.infoFunc() | ||
} | ||
return types.Info{}, nil | ||
} | ||
|
||
func TestElectAuthServer(t *testing.T) { | ||
testCases := []struct { | ||
expectedAuthServer string | ||
expectedWarning string | ||
infoFunc func() (types.Info, error) | ||
}{ | ||
{ | ||
expectedAuthServer: "https://index.docker.io/v1/", | ||
expectedWarning: "", | ||
infoFunc: func() (types.Info, error) { | ||
return types.Info{IndexServerAddress: "https://index.docker.io/v1/"}, nil | ||
}, | ||
}, | ||
{ | ||
expectedAuthServer: "https://index.docker.io/v1/", | ||
expectedWarning: "Empty registry endpoint from daemon", | ||
infoFunc: func() (types.Info, error) { | ||
return types.Info{IndexServerAddress: ""}, nil | ||
}, | ||
}, | ||
{ | ||
expectedAuthServer: "https://foo.bar", | ||
expectedWarning: "", | ||
infoFunc: func() (types.Info, error) { | ||
return types.Info{IndexServerAddress: "https://foo.bar"}, nil | ||
}, | ||
}, | ||
{ | ||
expectedAuthServer: "https://index.docker.io/v1/", | ||
expectedWarning: "failed to get default registry endpoint from daemon", | ||
infoFunc: func() (types.Info, error) { | ||
return types.Info{}, errors.Errorf("error getting info") | ||
}, | ||
}, | ||
} | ||
for _, tc := range testCases { | ||
buf := new(bytes.Buffer) | ||
cli := test.NewFakeCli(&fakeClient{infoFunc: tc.infoFunc}, buf) | ||
errBuf := new(bytes.Buffer) | ||
cli.SetErr(errBuf) | ||
server := ElectAuthServer(context.Background(), cli) | ||
assert.Equal(t, tc.expectedAuthServer, server) | ||
actual := errBuf.String() | ||
if tc.expectedWarning == "" { | ||
assert.Empty(t, actual) | ||
} else { | ||
assert.Contains(t, actual, tc.expectedWarning) | ||
} | ||
} | ||
} |