moby/distribution/registry_unit_test.go

package distribution

import (
	"net/http"
	"net/http/httptest"
	"os"
	"strings"
	"testing"

	"github.com/Sirupsen/logrus"
	"github.com/docker/distribution/reference"
	"github.com/docker/distribution/registry/client/auth"
	"github.com/docker/docker/cliconfig"
	"github.com/docker/docker/pkg/streamformatter"
	"github.com/docker/docker/registry"
	"github.com/docker/docker/utils"
)

func TestTokenPassThru(t *testing.T) {
	authConfig := &cliconfig.AuthConfig{
		RegistryToken: "mysecrettoken",
	}
	gotToken := false
	handler := func(w http.ResponseWriter, r *http.Request) {
		if strings.Contains(r.Header.Get("Authorization"), authConfig.RegistryToken) {
			logrus.Debug("Detected registry token in auth header")
			gotToken = true
		}
		if r.RequestURI == "/v2/" {
			w.Header().Set("WWW-Authenticate", `Bearer realm="foorealm"`)
			w.WriteHeader(401)
		}
	}
	ts := httptest.NewServer(http.HandlerFunc(handler))
	defer ts.Close()

	tmp, err := utils.TestDirectory("")
	if err != nil {
		t.Fatal(err)
	}
	defer os.RemoveAll(tmp)

	endpoint := registry.APIEndpoint{
		Mirror:       false,
		URL:          ts.URL,
		Version:      2,
		Official:     false,
		TrimHostname: false,
		TLSConfig:    nil,
		//VersionHeader: "verheader",
		Versions: []auth.APIVersion{
			{
				Type:    "registry",
				Version: "2",
			},
		},
	}
	n, _ := reference.ParseNamed("testremotename")
	repoInfo := &registry.RepositoryInfo{
		Index: &registry.IndexInfo{
			Name:     "testrepo",
			Mirrors:  nil,
			Secure:   false,
			Official: false,
		},
		RemoteName:    n,
		LocalName:     n,
		CanonicalName: n,
		Official:      false,
	}
	imagePullConfig := &ImagePullConfig{
		MetaHeaders: http.Header{},
		AuthConfig:  authConfig,
	}
	sf := streamformatter.NewJSONStreamFormatter()
	puller, err := newPuller(endpoint, repoInfo, imagePullConfig, sf)
	if err != nil {
		t.Fatal(err)
	}
	p := puller.(*v2Puller)
	p.repo, err = NewV2Repository(p.repoInfo, p.endpoint, p.config.MetaHeaders, p.config.AuthConfig, "pull")
	if err != nil {
		t.Fatal(err)
	}

	logrus.Debug("About to pull")
	// We expect it to fail, since we haven't mock'd the full registry exchange in our handler above
	tag, _ := reference.WithTag(n, "tag_goes_here")
	_ = p.pullV2Repository(tag)

	if !gotToken {
		t.Fatal("Failed to receive registry token")
	}

}
Add token pass-thru for AuthConfig This change allows API clients to retrieve an authentication token from a registry, and then pass that token directly to the API. Example usage: REPO_USER=dhiltgen read -s PASSWORD REPO=privateorg/repo AUTH_URL=https://auth.docker.io/token TOKEN=$(curl -s -u "${REPO_USER}:${PASSWORD}" "${AUTH_URL}?scope=repository:${REPO}:pull&service=registry.docker.io" \| jq -r ".token") HEADER=$(echo "{\"registrytoken\":\"${TOKEN}\"}"\|base64 -w 0 ) curl -s -D - -H "X-Registry-Auth: ${HEADER}" -X POST "http://localhost:2376/images/create?fromImage=${REPO}" Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com> 2015-11-04 05:03:12 +00:00			`package distribution`

			`import (`
			`"net/http"`
			`"net/http/httptest"`
			`"os"`
			`"strings"`
			`"testing"`

			`"github.com/Sirupsen/logrus"`
			`"github.com/docker/distribution/reference"`
			`"github.com/docker/distribution/registry/client/auth"`
			`"github.com/docker/docker/cliconfig"`
			`"github.com/docker/docker/pkg/streamformatter"`
			`"github.com/docker/docker/registry"`
			`"github.com/docker/docker/utils"`
			`)`

			`func TestTokenPassThru(t *testing.T) {`
			`authConfig := &cliconfig.AuthConfig{`
			`RegistryToken: "mysecrettoken",`
			`}`
			`gotToken := false`
			`handler := func(w http.ResponseWriter, r *http.Request) {`
			`if strings.Contains(r.Header.Get("Authorization"), authConfig.RegistryToken) {`
			`logrus.Debug("Detected registry token in auth header")`
			`gotToken = true`
			`}`
			`if r.RequestURI == "/v2/" {`
			w.Header().Set("WWW-Authenticate", `Bearer realm="foorealm"`)
			`w.WriteHeader(401)`
			`}`
			`}`
			`ts := httptest.NewServer(http.HandlerFunc(handler))`
			`defer ts.Close()`

			`tmp, err := utils.TestDirectory("")`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`defer os.RemoveAll(tmp)`

			`endpoint := registry.APIEndpoint{`
			`Mirror: false,`
			`URL: ts.URL,`
			`Version: 2,`
			`Official: false,`
			`TrimHostname: false,`
			`TLSConfig: nil,`
			`//VersionHeader: "verheader",`
			`Versions: []auth.APIVersion{`
			`{`
			`Type: "registry",`
			`Version: "2",`
			`},`
			`},`
			`}`
			`n, _ := reference.ParseNamed("testremotename")`
			`repoInfo := &registry.RepositoryInfo{`
			`Index: &registry.IndexInfo{`
			`Name: "testrepo",`
			`Mirrors: nil,`
			`Secure: false,`
			`Official: false,`
			`},`
			`RemoteName: n,`
			`LocalName: n,`
			`CanonicalName: n,`
			`Official: false,`
			`}`
			`imagePullConfig := &ImagePullConfig{`
			`MetaHeaders: http.Header{},`
			`AuthConfig: authConfig,`
			`}`
			`sf := streamformatter.NewJSONStreamFormatter()`
			`puller, err := newPuller(endpoint, repoInfo, imagePullConfig, sf)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`p := puller.(*v2Puller)`
			`p.repo, err = NewV2Repository(p.repoInfo, p.endpoint, p.config.MetaHeaders, p.config.AuthConfig, "pull")`
			`if err != nil {`
			`t.Fatal(err)`
			`}`

			`logrus.Debug("About to pull")`
			`// We expect it to fail, since we haven't mock'd the full registry exchange in our handler above`
			`tag, _ := reference.WithTag(n, "tag_goes_here")`
			`_ = p.pullV2Repository(tag)`

			`if !gotToken {`
			`t.Fatal("Failed to receive registry token")`
			`}`

			`}`