mirror of
https://github.com/imjasonh/krust
synced 2026-07-07 22:35:25 +00:00
implement auth
Signed-off-by: Jason Hall <jason@chainguard.dev>
This commit is contained in:
parent
9d788792ca
commit
5d730a36da
8 changed files with 410 additions and 27 deletions
|
|
@ -31,16 +31,25 @@ fn test_auth_integration_with_docker_config() -> Result<()> {
|
|||
// Set HOME to temp directory
|
||||
std::env::set_var("HOME", temp_dir.path());
|
||||
|
||||
// TODO: Implement actual credential resolution from Docker config
|
||||
// For now, all auth resolves to anonymous until we implement the actual credential logic
|
||||
|
||||
// Test GitHub Container Registry auth (currently returns anonymous)
|
||||
// Test GitHub Container Registry auth (should resolve from config)
|
||||
let ghcr_auth = resolve_auth("ghcr.io/user/image:tag")?;
|
||||
assert!(matches!(ghcr_auth, RegistryAuth::Anonymous));
|
||||
match ghcr_auth {
|
||||
RegistryAuth::Basic { username, password } => {
|
||||
assert_eq!(username, "test");
|
||||
assert_eq!(password, "test123");
|
||||
}
|
||||
_ => panic!("Expected Basic auth for ghcr.io, got: {:?}", ghcr_auth),
|
||||
}
|
||||
|
||||
// Test Docker Hub auth (currently returns anonymous)
|
||||
// Test Docker Hub auth (should resolve from config)
|
||||
let docker_auth = resolve_auth("docker.io/library/ubuntu:latest")?;
|
||||
assert!(matches!(docker_auth, RegistryAuth::Anonymous));
|
||||
match docker_auth {
|
||||
RegistryAuth::Basic { username, password } => {
|
||||
assert_eq!(username, "testuser");
|
||||
assert_eq!(password, "testpass");
|
||||
}
|
||||
_ => panic!("Expected Basic auth for docker.io, got: {:?}", docker_auth),
|
||||
}
|
||||
|
||||
// Test unknown registry returns anonymous
|
||||
let unknown_auth = resolve_auth("unknown.registry.io/image:tag")?;
|
||||
|
|
|
|||
|
|
@ -100,10 +100,15 @@ fn test_resolve_auth_from_config() -> Result<()> {
|
|||
env::remove_var("XDG_RUNTIME_DIR");
|
||||
env::set_var("HOME", tmp_dir.path());
|
||||
|
||||
// TODO: Implement actual credential resolution from Docker config
|
||||
// For now, should resolve to anonymous auth
|
||||
// Should resolve credentials from config
|
||||
let auth = resolve_auth("test.registry.io/myimage")?;
|
||||
assert!(matches!(auth, RegistryAuth::Anonymous));
|
||||
match auth {
|
||||
RegistryAuth::Basic { username, password } => {
|
||||
assert_eq!(username, "testuser");
|
||||
assert_eq!(password, "testpass");
|
||||
}
|
||||
_ => panic!("Expected Basic auth for test.registry.io, got: {:?}", auth),
|
||||
}
|
||||
|
||||
// Restore env vars
|
||||
if let Some(val) = old_docker_config {
|
||||
|
|
@ -158,10 +163,14 @@ fn test_resolve_auth_bearer_token() -> Result<()> {
|
|||
env::remove_var("XDG_RUNTIME_DIR");
|
||||
env::set_var("HOME", tmp_dir.path());
|
||||
|
||||
// TODO: Implement actual credential resolution from Docker config
|
||||
// For now, should resolve to anonymous auth
|
||||
// Should resolve bearer token from config
|
||||
let auth = resolve_auth("ghcr.io/user/image")?;
|
||||
assert!(matches!(auth, RegistryAuth::Anonymous));
|
||||
match auth {
|
||||
RegistryAuth::Bearer { token } => {
|
||||
assert_eq!(token, "test-bearer-token");
|
||||
}
|
||||
_ => panic!("Expected Bearer token auth for ghcr.io, got: {:?}", auth),
|
||||
}
|
||||
|
||||
// Restore env vars
|
||||
if let Some(val) = old_docker_config {
|
||||
|
|
|
|||
34
tests/testdata/auth_base64.txt
vendored
Normal file
34
tests/testdata/auth_base64.txt
vendored
Normal file
|
|
@ -0,0 +1,34 @@
|
|||
# Test base64 encoded auth from Docker config
|
||||
|
||||
# Create a test project
|
||||
-- Cargo.toml --
|
||||
[package]
|
||||
name = "auth-b64-test"
|
||||
version = "0.1.0"
|
||||
edition = "2021"
|
||||
|
||||
[dependencies]
|
||||
-- src/main.rs --
|
||||
fn main() {
|
||||
println!("Testing base64 auth");
|
||||
}
|
||||
|
||||
# Create Docker config with base64 auth (testuser:testpass = dGVzdHVzZXI6dGVzdHBhc3M=)
|
||||
mkdir .docker
|
||||
-- .docker/config.json --
|
||||
{
|
||||
"auths": {
|
||||
"ghcr.io": {
|
||||
"auth": "dGVzdHVzZXI6dGVzdHBhc3M="
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Set HOME to use our config
|
||||
env HOME=$WORK
|
||||
env RUST_LOG=debug
|
||||
|
||||
# Try to build (will fail at registry, but auth should be resolved)
|
||||
! exec ./krust build --platform linux/amd64 --image ghcr.io/user/app:latest .
|
||||
stderr 'Resolving auth'
|
||||
stderr 'ghcr.io'
|
||||
62
tests/testdata/auth_credential_helper.txt
vendored
Normal file
62
tests/testdata/auth_credential_helper.txt
vendored
Normal file
|
|
@ -0,0 +1,62 @@
|
|||
# Test credential helper execution
|
||||
|
||||
# Create a mock credential helper that logs when it's called
|
||||
-- docker-credential-mock --
|
||||
#!/bin/sh
|
||||
# Mock credential helper that logs execution and returns test credentials
|
||||
|
||||
# Log that we were called
|
||||
echo "MOCK_HELPER_CALLED" >&2
|
||||
|
||||
case "$1" in
|
||||
get)
|
||||
# Read registry from stdin
|
||||
read registry
|
||||
echo "MOCK_HELPER_REGISTRY=$registry" >&2
|
||||
|
||||
# Return credentials
|
||||
cat <<EOF
|
||||
{
|
||||
"Username": "helper-user",
|
||||
"Secret": "helper-pass"
|
||||
}
|
||||
EOF
|
||||
;;
|
||||
*)
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
-- Cargo.toml --
|
||||
[package]
|
||||
name = "cred-helper-test"
|
||||
version = "0.1.0"
|
||||
edition = "2021"
|
||||
|
||||
[dependencies]
|
||||
-- src/main.rs --
|
||||
fn main() {
|
||||
println!("Testing credential helper");
|
||||
}
|
||||
|
||||
# Make the helper executable
|
||||
chmod +x docker-credential-mock
|
||||
|
||||
# Create Docker config that uses our mock helper
|
||||
mkdir .docker
|
||||
-- .docker/config.json --
|
||||
{
|
||||
"credHelpers": {
|
||||
"mock.registry.io": "mock"
|
||||
}
|
||||
}
|
||||
|
||||
# Add current dir to PATH and set HOME
|
||||
env HOME=$WORK
|
||||
env PATH=$WORK:$PATH
|
||||
env RUST_LOG=debug
|
||||
|
||||
# Try to push to mock.registry.io (will fail at network level, but should call helper)
|
||||
# Using --no-push to avoid actual network call
|
||||
! exec ./krust build --platform linux/amd64 --image mock.registry.io/test:latest .
|
||||
# Should see the helper being attempted
|
||||
stderr 'credential helper'
|
||||
36
tests/testdata/auth_docker_config_basic.txt
vendored
Normal file
36
tests/testdata/auth_docker_config_basic.txt
vendored
Normal file
|
|
@ -0,0 +1,36 @@
|
|||
# Test basic auth from Docker config
|
||||
|
||||
# Create a test project
|
||||
-- Cargo.toml --
|
||||
[package]
|
||||
name = "auth-basic-test"
|
||||
version = "0.1.0"
|
||||
edition = "2021"
|
||||
|
||||
[dependencies]
|
||||
-- src/main.rs --
|
||||
fn main() {
|
||||
println!("Testing basic auth");
|
||||
}
|
||||
|
||||
# Create Docker config with username/password
|
||||
mkdir .docker
|
||||
-- .docker/config.json --
|
||||
{
|
||||
"auths": {
|
||||
"test.example.com": {
|
||||
"username": "myuser",
|
||||
"password": "mypass"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Set HOME to use our config
|
||||
env HOME=$WORK
|
||||
env RUST_LOG=debug
|
||||
|
||||
# Try to build and push (will fail at registry level, but auth should be resolved)
|
||||
# We can verify auth was read from config in debug logs
|
||||
! exec ./krust build --platform linux/amd64 --image test.example.com/app:latest .
|
||||
stderr 'Resolving auth'
|
||||
stderr 'test.example.com'
|
||||
Loading…
Add table
Add a link
Reference in a new issue