moby/distribution/registry_unit_test.go
Daniel Hiltgen 8dce8e9901 Add token pass-thru for AuthConfig
This change allows API clients to retrieve an authentication token from
a registry, and then pass that token directly to the API.

Example usage:

    REPO_USER=dhiltgen
    read -s PASSWORD
    REPO=privateorg/repo
    AUTH_URL=https://auth.docker.io/token
    TOKEN=$(curl -s -u "${REPO_USER}:${PASSWORD}" "${AUTH_URL}?scope=repository:${REPO}:pull&service=registry.docker.io" |
        jq -r ".token")

    HEADER=$(echo "{\"registrytoken\":\"${TOKEN}\"}"|base64 -w 0 )
    curl -s -D - -H "X-Registry-Auth: ${HEADER}" -X POST "http://localhost:2376/images/create?fromImage=${REPO}"

Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
2015-12-03 11:40:27 -08:00

95 lines
2.3 KiB
Go

package distribution
import (
"net/http"
"net/http/httptest"
"os"
"strings"
"testing"
"github.com/Sirupsen/logrus"
"github.com/docker/distribution/reference"
"github.com/docker/distribution/registry/client/auth"
"github.com/docker/docker/cliconfig"
"github.com/docker/docker/pkg/streamformatter"
"github.com/docker/docker/registry"
"github.com/docker/docker/utils"
)
func TestTokenPassThru(t *testing.T) {
authConfig := &cliconfig.AuthConfig{
RegistryToken: "mysecrettoken",
}
gotToken := false
handler := func(w http.ResponseWriter, r *http.Request) {
if strings.Contains(r.Header.Get("Authorization"), authConfig.RegistryToken) {
logrus.Debug("Detected registry token in auth header")
gotToken = true
}
if r.RequestURI == "/v2/" {
w.Header().Set("WWW-Authenticate", `Bearer realm="foorealm"`)
w.WriteHeader(401)
}
}
ts := httptest.NewServer(http.HandlerFunc(handler))
defer ts.Close()
tmp, err := utils.TestDirectory("")
if err != nil {
t.Fatal(err)
}
defer os.RemoveAll(tmp)
endpoint := registry.APIEndpoint{
Mirror: false,
URL: ts.URL,
Version: 2,
Official: false,
TrimHostname: false,
TLSConfig: nil,
//VersionHeader: "verheader",
Versions: []auth.APIVersion{
{
Type: "registry",
Version: "2",
},
},
}
n, _ := reference.ParseNamed("testremotename")
repoInfo := &registry.RepositoryInfo{
Index: &registry.IndexInfo{
Name: "testrepo",
Mirrors: nil,
Secure: false,
Official: false,
},
RemoteName: n,
LocalName: n,
CanonicalName: n,
Official: false,
}
imagePullConfig := &ImagePullConfig{
MetaHeaders: http.Header{},
AuthConfig: authConfig,
}
sf := streamformatter.NewJSONStreamFormatter()
puller, err := newPuller(endpoint, repoInfo, imagePullConfig, sf)
if err != nil {
t.Fatal(err)
}
p := puller.(*v2Puller)
p.repo, err = NewV2Repository(p.repoInfo, p.endpoint, p.config.MetaHeaders, p.config.AuthConfig, "pull")
if err != nil {
t.Fatal(err)
}
logrus.Debug("About to pull")
// We expect it to fail, since we haven't mock'd the full registry exchange in our handler above
tag, _ := reference.WithTag(n, "tag_goes_here")
_ = p.pullV2Repository(tag)
if !gotToken {
t.Fatal("Failed to receive registry token")
}
}