moby--moby/distribution/registry_unit_test.go

package distribution

import (
	"net/http"
	"net/http/httptest"
	"os"
	"strings"
	"testing"

	"github.com/Sirupsen/logrus"
	"github.com/docker/docker/reference"
	"github.com/docker/docker/registry"
	"github.com/docker/docker/utils"
	"github.com/docker/engine-api/types"
	registrytypes "github.com/docker/engine-api/types/registry"
	"golang.org/x/net/context"
)

func TestTokenPassThru(t *testing.T) {
	authConfig := &types.AuthConfig{
		RegistryToken: "mysecrettoken",
	}
	gotToken := false
	handler := func(w http.ResponseWriter, r *http.Request) {
		if strings.Contains(r.Header.Get("Authorization"), authConfig.RegistryToken) {
			logrus.Debug("Detected registry token in auth header")
			gotToken = true
		}
		if r.RequestURI == "/v2/" {
			w.Header().Set("WWW-Authenticate", `Bearer realm="foorealm"`)
			w.WriteHeader(401)
		}
	}
	ts := httptest.NewServer(http.HandlerFunc(handler))
	defer ts.Close()

	tmp, err := utils.TestDirectory("")
	if err != nil {
		t.Fatal(err)
	}
	defer os.RemoveAll(tmp)

	endpoint := registry.APIEndpoint{
		Mirror:       false,
		URL:          ts.URL,
		Version:      2,
		Official:     false,
		TrimHostname: false,
		TLSConfig:    nil,
		//VersionHeader: "verheader",
	}
	n, _ := reference.ParseNamed("testremotename")
	repoInfo := &registry.RepositoryInfo{
		Named: n,
		Index: &registrytypes.IndexInfo{
			Name:     "testrepo",
			Mirrors:  nil,
			Secure:   false,
			Official: false,
		},
		Official: false,
	}
	imagePullConfig := &ImagePullConfig{
		MetaHeaders: http.Header{},
		AuthConfig:  authConfig,
	}
	puller, err := newPuller(endpoint, repoInfo, imagePullConfig)
	if err != nil {
		t.Fatal(err)
	}
	p := puller.(*v2Puller)
	ctx := context.Background()
	p.repo, _, err = NewV2Repository(ctx, p.repoInfo, p.endpoint, p.config.MetaHeaders, p.config.AuthConfig, "pull")
	if err != nil {
		t.Fatal(err)
	}

	logrus.Debug("About to pull")
	// We expect it to fail, since we haven't mock'd the full registry exchange in our handler above
	tag, _ := reference.WithTag(n, "tag_goes_here")
	_ = p.pullV2Repository(ctx, tag)

	if !gotToken {
		t.Fatal("Failed to receive registry token")
	}

}
Add token pass-thru for AuthConfig This change allows API clients to retrieve an authentication token from a registry, and then pass that token directly to the API. Example usage: REPO_USER=dhiltgen read -s PASSWORD REPO=privateorg/repo AUTH_URL=https://auth.docker.io/token TOKEN=$(curl -s -u "${REPO_USER}:${PASSWORD}" "${AUTH_URL}?scope=repository:${REPO}:pull&service=registry.docker.io" \| jq -r ".token") HEADER=$(echo "{\"registrytoken\":\"${TOKEN}\"}"\|base64 -w 0 ) curl -s -D - -H "X-Registry-Auth: ${HEADER}" -X POST "http://localhost:2376/images/create?fromImage=${REPO}" Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com> 2015-11-04 00:03:12 -05:00			`package distribution`

			`import (`
			`"net/http"`
			`"net/http/httptest"`
			`"os"`
			`"strings"`
			`"testing"`

			`"github.com/Sirupsen/logrus"`
Add own reference package wrapper Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> 2015-12-04 16:55:15 -05:00			`"github.com/docker/docker/reference"`
Add token pass-thru for AuthConfig This change allows API clients to retrieve an authentication token from a registry, and then pass that token directly to the API. Example usage: REPO_USER=dhiltgen read -s PASSWORD REPO=privateorg/repo AUTH_URL=https://auth.docker.io/token TOKEN=$(curl -s -u "${REPO_USER}:${PASSWORD}" "${AUTH_URL}?scope=repository:${REPO}:pull&service=registry.docker.io" \| jq -r ".token") HEADER=$(echo "{\"registrytoken\":\"${TOKEN}\"}"\|base64 -w 0 ) curl -s -D - -H "X-Registry-Auth: ${HEADER}" -X POST "http://localhost:2376/images/create?fromImage=${REPO}" Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com> 2015-11-04 00:03:12 -05:00			`"github.com/docker/docker/registry"`
			`"github.com/docker/docker/utils"`
Modify import paths to point to the new engine-api package. Signed-off-by: David Calavera <david.calavera@gmail.com> 2016-01-04 19:05:26 -05:00			`"github.com/docker/engine-api/types"`
			`registrytypes "github.com/docker/engine-api/types/registry"`
Improved push and pull with upload manager and download manager This commit adds a transfer manager which deduplicates and schedules transfers, and also an upload manager and download manager that build on top of the transfer manager to provide high-level interfaces for uploads and downloads. The push and pull code is modified to use these building blocks. Some benefits of the changes: - Simplification of push/pull code - Pushes can upload layers concurrently - Failed downloads and uploads are retried after backoff delays - Cancellation is supported, but individual transfers will only be cancelled if all pushes or pulls using them are cancelled. - The distribution code is decoupled from Docker Engine packages and API conventions (i.e. streamformatter), which will make it easier to split out. This commit also includes unit tests for the new distribution/xfer package. The tests cover 87.8% of the statements in the package. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com> 2015-11-13 19:59:01 -05:00			`"golang.org/x/net/context"`
Add token pass-thru for AuthConfig This change allows API clients to retrieve an authentication token from a registry, and then pass that token directly to the API. Example usage: REPO_USER=dhiltgen read -s PASSWORD REPO=privateorg/repo AUTH_URL=https://auth.docker.io/token TOKEN=$(curl -s -u "${REPO_USER}:${PASSWORD}" "${AUTH_URL}?scope=repository:${REPO}:pull&service=registry.docker.io" \| jq -r ".token") HEADER=$(echo "{\"registrytoken\":\"${TOKEN}\"}"\|base64 -w 0 ) curl -s -D - -H "X-Registry-Auth: ${HEADER}" -X POST "http://localhost:2376/images/create?fromImage=${REPO}" Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com> 2015-11-04 00:03:12 -05:00			`)`

			`func TestTokenPassThru(t *testing.T) {`
Move AuthConfig to api/types Signed-off-by: Daniel Nephin <dnephin@gmail.com> 2015-12-11 23:11:42 -05:00			`authConfig := &types.AuthConfig{`
Add token pass-thru for AuthConfig This change allows API clients to retrieve an authentication token from a registry, and then pass that token directly to the API. Example usage: REPO_USER=dhiltgen read -s PASSWORD REPO=privateorg/repo AUTH_URL=https://auth.docker.io/token TOKEN=$(curl -s -u "${REPO_USER}:${PASSWORD}" "${AUTH_URL}?scope=repository:${REPO}:pull&service=registry.docker.io" \| jq -r ".token") HEADER=$(echo "{\"registrytoken\":\"${TOKEN}\"}"\|base64 -w 0 ) curl -s -D - -H "X-Registry-Auth: ${HEADER}" -X POST "http://localhost:2376/images/create?fromImage=${REPO}" Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com> 2015-11-04 00:03:12 -05:00			`RegistryToken: "mysecrettoken",`
			`}`
			`gotToken := false`
			`handler := func(w http.ResponseWriter, r *http.Request) {`
			`if strings.Contains(r.Header.Get("Authorization"), authConfig.RegistryToken) {`
			`logrus.Debug("Detected registry token in auth header")`
			`gotToken = true`
			`}`
			`if r.RequestURI == "/v2/" {`
			w.Header().Set("WWW-Authenticate", `Bearer realm="foorealm"`)
			`w.WriteHeader(401)`
			`}`
			`}`
			`ts := httptest.NewServer(http.HandlerFunc(handler))`
			`defer ts.Close()`

			`tmp, err := utils.TestDirectory("")`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`defer os.RemoveAll(tmp)`

			`endpoint := registry.APIEndpoint{`
			`Mirror: false,`
			`URL: ts.URL,`
			`Version: 2,`
			`Official: false,`
			`TrimHostname: false,`
			`TLSConfig: nil,`
			`//VersionHeader: "verheader",`
			`}`
			`n, _ := reference.ParseNamed("testremotename")`
			`repoInfo := &registry.RepositoryInfo{`
Update Named reference with validation of conversions Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> 2015-12-11 14:00:13 -05:00			`Named: n,`
Move IndexInfo and ServiceConfig types to api/types/registry/registry.go Signed-off-by: Daniel Nephin <dnephin@gmail.com> 2015-12-11 21:14:52 -05:00			`Index: &registrytypes.IndexInfo{`
Add token pass-thru for AuthConfig This change allows API clients to retrieve an authentication token from a registry, and then pass that token directly to the API. Example usage: REPO_USER=dhiltgen read -s PASSWORD REPO=privateorg/repo AUTH_URL=https://auth.docker.io/token TOKEN=$(curl -s -u "${REPO_USER}:${PASSWORD}" "${AUTH_URL}?scope=repository:${REPO}:pull&service=registry.docker.io" \| jq -r ".token") HEADER=$(echo "{\"registrytoken\":\"${TOKEN}\"}"\|base64 -w 0 ) curl -s -D - -H "X-Registry-Auth: ${HEADER}" -X POST "http://localhost:2376/images/create?fromImage=${REPO}" Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com> 2015-11-04 00:03:12 -05:00			`Name: "testrepo",`
			`Mirrors: nil,`
			`Secure: false,`
			`Official: false,`
			`},`
Update Named reference with validation of conversions Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> 2015-12-11 14:00:13 -05:00			`Official: false,`
Add token pass-thru for AuthConfig This change allows API clients to retrieve an authentication token from a registry, and then pass that token directly to the API. Example usage: REPO_USER=dhiltgen read -s PASSWORD REPO=privateorg/repo AUTH_URL=https://auth.docker.io/token TOKEN=$(curl -s -u "${REPO_USER}:${PASSWORD}" "${AUTH_URL}?scope=repository:${REPO}:pull&service=registry.docker.io" \| jq -r ".token") HEADER=$(echo "{\"registrytoken\":\"${TOKEN}\"}"\|base64 -w 0 ) curl -s -D - -H "X-Registry-Auth: ${HEADER}" -X POST "http://localhost:2376/images/create?fromImage=${REPO}" Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com> 2015-11-04 00:03:12 -05:00			`}`
			`imagePullConfig := &ImagePullConfig{`
			`MetaHeaders: http.Header{},`
			`AuthConfig: authConfig,`
			`}`
Improved push and pull with upload manager and download manager This commit adds a transfer manager which deduplicates and schedules transfers, and also an upload manager and download manager that build on top of the transfer manager to provide high-level interfaces for uploads and downloads. The push and pull code is modified to use these building blocks. Some benefits of the changes: - Simplification of push/pull code - Pushes can upload layers concurrently - Failed downloads and uploads are retried after backoff delays - Cancellation is supported, but individual transfers will only be cancelled if all pushes or pulls using them are cancelled. - The distribution code is decoupled from Docker Engine packages and API conventions (i.e. streamformatter), which will make it easier to split out. This commit also includes unit tests for the new distribution/xfer package. The tests cover 87.8% of the statements in the package. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com> 2015-11-13 19:59:01 -05:00			`puller, err := newPuller(endpoint, repoInfo, imagePullConfig)`
Add token pass-thru for AuthConfig This change allows API clients to retrieve an authentication token from a registry, and then pass that token directly to the API. Example usage: REPO_USER=dhiltgen read -s PASSWORD REPO=privateorg/repo AUTH_URL=https://auth.docker.io/token TOKEN=$(curl -s -u "${REPO_USER}:${PASSWORD}" "${AUTH_URL}?scope=repository:${REPO}:pull&service=registry.docker.io" \| jq -r ".token") HEADER=$(echo "{\"registrytoken\":\"${TOKEN}\"}"\|base64 -w 0 ) curl -s -D - -H "X-Registry-Auth: ${HEADER}" -X POST "http://localhost:2376/images/create?fromImage=${REPO}" Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com> 2015-11-04 00:03:12 -05:00			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`p := puller.(*v2Puller)`
Do not fall back to the V1 protocol when we know we are talking to a V2 registry If we detect a Docker-Distribution-Api-Version header indicating that the registry speaks the V2 protocol, no fallback to V1 should take place. The same applies if a V2 registry operation succeeds while attempting a push or pull. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com> 2015-12-04 16:42:33 -05:00			`ctx := context.Background()`
			`p.repo, _, err = NewV2Repository(ctx, p.repoInfo, p.endpoint, p.config.MetaHeaders, p.config.AuthConfig, "pull")`
Add token pass-thru for AuthConfig This change allows API clients to retrieve an authentication token from a registry, and then pass that token directly to the API. Example usage: REPO_USER=dhiltgen read -s PASSWORD REPO=privateorg/repo AUTH_URL=https://auth.docker.io/token TOKEN=$(curl -s -u "${REPO_USER}:${PASSWORD}" "${AUTH_URL}?scope=repository:${REPO}:pull&service=registry.docker.io" \| jq -r ".token") HEADER=$(echo "{\"registrytoken\":\"${TOKEN}\"}"\|base64 -w 0 ) curl -s -D - -H "X-Registry-Auth: ${HEADER}" -X POST "http://localhost:2376/images/create?fromImage=${REPO}" Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com> 2015-11-04 00:03:12 -05:00			`if err != nil {`
			`t.Fatal(err)`
			`}`

			`logrus.Debug("About to pull")`
			`// We expect it to fail, since we haven't mock'd the full registry exchange in our handler above`
			`tag, _ := reference.WithTag(n, "tag_goes_here")`
Do not fall back to the V1 protocol when we know we are talking to a V2 registry If we detect a Docker-Distribution-Api-Version header indicating that the registry speaks the V2 protocol, no fallback to V1 should take place. The same applies if a V2 registry operation succeeds while attempting a push or pull. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com> 2015-12-04 16:42:33 -05:00			`_ = p.pullV2Repository(ctx, tag)`
Add token pass-thru for AuthConfig This change allows API clients to retrieve an authentication token from a registry, and then pass that token directly to the API. Example usage: REPO_USER=dhiltgen read -s PASSWORD REPO=privateorg/repo AUTH_URL=https://auth.docker.io/token TOKEN=$(curl -s -u "${REPO_USER}:${PASSWORD}" "${AUTH_URL}?scope=repository:${REPO}:pull&service=registry.docker.io" \| jq -r ".token") HEADER=$(echo "{\"registrytoken\":\"${TOKEN}\"}"\|base64 -w 0 ) curl -s -D - -H "X-Registry-Auth: ${HEADER}" -X POST "http://localhost:2376/images/create?fromImage=${REPO}" Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com> 2015-11-04 00:03:12 -05:00
			`if !gotToken {`
			`t.Fatal("Failed to receive registry token")`
			`}`

			`}`