fn: tests for private repo auth and rename DOCKER_AUTH (#1134)

Renamed DOCKER_AUTH with FN_ prefix to clarify the purpose. Docker does not use this variable. New tests to clarify the repo/auth-config behavior.
2022-10-28 21:29:17 +03:00 · 2018-07-24 15:19:59 -07:00
parent 7c778dba90
commit 2706323cec
3 changed files with 64 additions and 8 deletions
--- a/api/agent/drivers/docker/registry.go
+++ b/api/agent/drivers/docker/registry.go
@@ -14,12 +14,9 @@ var (
 )

 func registryFromEnv() (map[string]driverAuthConfig, error) {
-	drvAuths := make(map[string]driverAuthConfig)
-
 	var auths *docker.AuthConfigurations
 	var err error
-	if reg := os.Getenv("DOCKER_AUTH"); reg != "" {
-		// TODO docker does not use this itself, we should get rid of env docker config (nor is this documented..)
+	if reg := os.Getenv("FN_DOCKER_AUTH"); reg != "" {
 		auths, err = docker.NewAuthConfigurations(strings.NewReader(reg))
 	} else {
 		auths, err = docker.NewAuthConfigurationsFromDockerCfg()
@@ -27,9 +24,15 @@ func registryFromEnv() (map[string]driverAuthConfig, error) {

 	if err != nil {
 		logrus.WithError(err).Info("no docker auths from config files found (this is fine)")
-		return drvAuths, nil
+		return map[string]driverAuthConfig{}, nil
 	}

+	return preprocessAuths(auths)
+}
+
+func preprocessAuths(auths *docker.AuthConfigurations) (map[string]driverAuthConfig, error) {
+	drvAuths := make(map[string]driverAuthConfig)
+
 	for key, v := range auths.Configs {

 		u, err := url.Parse(v.ServerAddress)
@@ -42,7 +45,6 @@ func registryFromEnv() (map[string]driverAuthConfig, error) {
 			subdomains: getSubdomains(u.Host),
 		}
 	}
-
 	return drvAuths, nil
 }

--- a/api/agent/drivers/docker/registry_test.go
+++ b/api/agent/drivers/docker/registry_test.go
@@ -1,7 +1,10 @@
 package docker

 import (
+	"strings"
 	"testing"
+
+	"github.com/fsouza/go-dockerclient"
 )

 func verify(expected []string, checks map[string]bool) bool {
@@ -57,3 +60,54 @@ func TestRegistrySubDomains(t *testing.T) {
 		t.Fatalf("subdomain results failed expected[%+v] != results[%+v]", exp, res)
 	}
 }
+
+func TestRegistryEnv(t *testing.T) {
+
+	testCfg := `{
+	"auths":{
+		"https://my.registry.com":{"auth":"Y29jbzpjaGVlc2UK"},
+		"https://my.registry.com:5000":{"auth":"Y29jbzpjaGVlc2UK"},
+		"https://index.docker.io/v2/":{"auth":"Y29jbzpjaGVlc2UK"}
+	}}`
+
+	auths, err := docker.NewAuthConfigurations(strings.NewReader(testCfg))
+	if err != nil {
+		t.Fatalf("parsing test cfg failed: %s", err)
+	}
+
+	drvAuths, err := preprocessAuths(auths)
+	if err != nil {
+		t.Fatalf("preprocess test cfg failed: %s", err)
+	}
+
+	res := findRegistryConfig("", drvAuths)
+	if res == nil || res.ServerAddress != "https://index.docker.io/v2/" {
+		t.Fatalf("empty registry should pickup docker %v", res)
+	}
+
+	res = findRegistryConfig("docker.io", drvAuths)
+	if res == nil || res.ServerAddress != "https://index.docker.io/v2/" {
+		t.Fatalf("docker.io registry should pickup docker %v", res)
+	}
+
+	res = findRegistryConfig("localhost", drvAuths)
+	if res == nil || res.ServerAddress != "" {
+		t.Fatalf("localhost registry should pickup a default (empty) cfg %v", res)
+	}
+
+	res = findRegistryConfig("registry.com", drvAuths)
+	if res == nil || res.ServerAddress != "https://my.registry.com" {
+		t.Fatalf("registry.com registry should pickup my.registry.com cfg %v", res)
+	}
+
+	res = findRegistryConfig("my.registry.com", drvAuths)
+	if res == nil || res.ServerAddress != "https://my.registry.com" {
+		t.Fatalf("my.registry.com registry should pickup my.registry.com cfg %v", res)
+	}
+
+	res = findRegistryConfig("registry.com:5000", drvAuths)
+	if res == nil || res.ServerAddress != "https://my.registry.com:5000" {
+		t.Fatalf("registry.com:5000 registry should pickup my.registry.com:5000 cfg %v", res)
+	}
+
+}
--- a/docs/operating/private_registries.md
+++ b/docs/operating/private_registries.md
@@ -4,10 +4,10 @@ For local development, or a team that wishes to keep their images off of the pub
 registry may be useful. This can be hosted on your own server or local machine. See the Docker docs [here](https://docs.docker.com/registry/) for information on setting this up. A registry on localhost may greatly speed up iterative development in environments where the network is constrained.

 To set up your fn service with authentication for any registry, you must
-provide fn with `DOCKER_AUTH` env var:
+provide fn with `FN_DOCKER_AUTH` env var:

 ```
-DOCKER_AUTH='{"auths":{"http://my.registry.com:80":{"auth":"yourauthbase64here"}}}'
+FN_DOCKER_AUTH='{"auths":{"http://my.registry.com:80":{"auth":"yourauthbase64here"}}}'
 ```

 You may provide multiple auths in this way, it's also possible to run the `fn`