Add unit tests for CheckPushPermissions
This commit is contained in:
Sam Stoelinga
parent
66268690b3
commit
8518b37ca1
|
|
@ -99,6 +99,13 @@ var defaultX509Handler systemCertLoader = func() CertPool {
|
|||
}
|
||||
}
|
||||
|
||||
// for testing
|
||||
var (
|
||||
fs = afero.NewOsFs()
|
||||
execCommand = exec.Command
|
||||
checkRemotePushPermission = remote.CheckPushPermission
|
||||
)
|
||||
|
||||
// CheckPushPermissions checks that the configured credentials can be used to
|
||||
// push to every specified destination.
|
||||
func CheckPushPermissions(opts *config.KanikoOptions) error {
|
||||
|
|
@ -122,9 +129,8 @@ func CheckPushPermissions(opts *config.KanikoOptions) error {
|
|||
if strings.Contains(destRef.RegistryStr(), "gcr.io") {
|
||||
// Checking for existence of docker.config as it's normally required for
|
||||
// authenticated registries and prevent overwriting user provided docker conf
|
||||
if _, err := os.Stat("/kaniko/.docker/config.json"); os.IsNotExist(err) {
|
||||
cmd := exec.Command("docker-credential-gcr", "configure-docker")
|
||||
if err := cmd.Run(); err != nil {
|
||||
if _, err := fs.Stat("/kaniko/.docker/config.json"); os.IsNotExist(err) {
|
||||
if err := execCommand("docker-credential-gcr", "configure-docker").Run(); err != nil {
|
||||
return errors.Wrap(err, "error while configuring docker-credential-gcr helper")
|
||||
}
|
||||
}
|
||||
|
|
@ -138,7 +144,7 @@ func CheckPushPermissions(opts *config.KanikoOptions) error {
|
|||
destRef.Repository.Registry = newReg
|
||||
}
|
||||
tr := makeTransport(opts, registryName, defaultX509Handler)
|
||||
if err := remote.CheckPushPermission(destRef, creds.GetKeychain(), tr); err != nil {
|
||||
if err := checkRemotePushPermission(destRef, creds.GetKeychain(), tr); err != nil {
|
||||
return errors.Wrapf(err, "checking push permission for %q", destRef)
|
||||
}
|
||||
checked[destRef.Context().RepositoryStr()] = true
|
||||
|
|
@ -245,8 +251,6 @@ func DoPush(image v1.Image, opts *config.KanikoOptions) error {
|
|||
return writeImageOutputs(image, destRefs)
|
||||
}
|
||||
|
||||
var fs = afero.NewOsFs()
|
||||
|
||||
func writeImageOutputs(image v1.Image, destRefs []name.Tag) error {
|
||||
dir := os.Getenv("BUILDER_OUTPUT")
|
||||
if dir == "" {
|
||||
|
|
|
|||
|
|
@ -24,11 +24,13 @@ import (
|
|||
"io/ioutil"
|
||||
"net/http"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"testing"
|
||||
|
||||
"github.com/GoogleContainerTools/kaniko/pkg/config"
|
||||
"github.com/GoogleContainerTools/kaniko/testutil"
|
||||
"github.com/google/go-containerregistry/pkg/authn"
|
||||
"github.com/google/go-containerregistry/pkg/name"
|
||||
"github.com/google/go-containerregistry/pkg/v1/layout"
|
||||
"github.com/google/go-containerregistry/pkg/v1/random"
|
||||
|
|
@ -307,3 +309,73 @@ func Test_makeTransport(t *testing.T) {
|
|||
})
|
||||
}
|
||||
}
|
||||
|
||||
var called = false
|
||||
|
||||
func fakeExecCommand(command string, args ...string) *exec.Cmd {
|
||||
called = true
|
||||
cs := []string{"-test.run=TestHelperProcess", "--", command}
|
||||
cs = append(cs, args...)
|
||||
cmd := exec.Command(os.Args[0], cs...)
|
||||
cmd.Env = []string{"GO_WANT_HELPER_PROCESS=1"}
|
||||
return cmd
|
||||
}
|
||||
|
||||
func fakeCheckPushPermission(ref name.Reference, kc authn.Keychain, t http.RoundTripper) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func TestCheckPushPermissionsGCR(t *testing.T) {
|
||||
execCommand = fakeExecCommand
|
||||
checkRemotePushPermission = fakeCheckPushPermission
|
||||
defer func() { called = false }()
|
||||
|
||||
opts := config.KanikoOptions{
|
||||
Destinations: []string{"gcr.io/test-image"},
|
||||
}
|
||||
fs = afero.NewMemMapFs()
|
||||
//afero.WriteFile(fs, "/kaniko/.docker/config.json", []byte(""), os.FileMode(0644))
|
||||
CheckPushPermissions(&opts)
|
||||
if called != true {
|
||||
t.Error("execCommand should have been called")
|
||||
}
|
||||
}
|
||||
|
||||
func TestCheckPushPermissionsGCRExistingDockerConf(t *testing.T) {
|
||||
execCommand = fakeExecCommand
|
||||
checkRemotePushPermission = fakeCheckPushPermission
|
||||
defer func() { called = false }()
|
||||
|
||||
opts := config.KanikoOptions{
|
||||
Destinations: []string{"gcr.io/test-image"},
|
||||
}
|
||||
fs = afero.NewMemMapFs()
|
||||
afero.WriteFile(fs, "/kaniko/.docker/config.json", []byte(""), os.FileMode(0644))
|
||||
CheckPushPermissions(&opts)
|
||||
if called != false {
|
||||
t.Error("execCommand should not have been called")
|
||||
}
|
||||
}
|
||||
|
||||
func TestCheckPushPermissionsLocalRegistry(t *testing.T) {
|
||||
execCommand = fakeExecCommand
|
||||
checkRemotePushPermission = fakeCheckPushPermission
|
||||
defer func() { called = false }()
|
||||
|
||||
opts := config.KanikoOptions{
|
||||
Destinations: []string{"localhost:5000/test-image"},
|
||||
}
|
||||
fs = afero.NewMemMapFs()
|
||||
CheckPushPermissions(&opts)
|
||||
if called != false {
|
||||
t.Error("execCommand should not have been called")
|
||||
}
|
||||
}
|
||||
|
||||
func TestHelperProcess(t *testing.T) {
|
||||
if os.Getenv("GO_WANT_HELPER_PROCESS") != "1" {
|
||||
return
|
||||
}
|
||||
fmt.Fprintf(os.Stdout, "fake result")
|
||||
os.Exit(0)
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue