-
Notifications
You must be signed in to change notification settings - Fork 169
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
improve tests and move pull secret stuff
- Loading branch information
Showing
5 changed files
with
200 additions
and
108 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
package pullsecret | ||
|
||
// Copyright (c) Microsoft Corporation. | ||
// Licensed under the Apache License 2.0. | ||
|
||
import ( | ||
"encoding/base64" | ||
"encoding/json" | ||
"errors" | ||
"fmt" | ||
"strings" | ||
) | ||
|
||
type UserPass struct { | ||
Username string | ||
Password string | ||
} | ||
|
||
func userPassFromBase64(secret string) (*UserPass, error) { | ||
decoded, err := base64.StdEncoding.DecodeString(secret) | ||
if err != nil { | ||
return nil, errors.New("malformed auth token") | ||
} | ||
|
||
split := strings.Split(string(decoded), ":") | ||
if len(split) != 2 { | ||
return nil, errors.New("auth token not in format of username:password") | ||
} | ||
|
||
return &UserPass{ | ||
Username: split[0], | ||
Password: split[1], | ||
}, nil | ||
} | ||
|
||
// Extract decodes a username and password for a given domain from a | ||
// JSON-encoded pull secret (e.g. from docker auth) | ||
func Extract(rawPullSecret, domain string) (*UserPass, error) { | ||
pullSecrets := &pullSecret{} | ||
err := json.Unmarshal([]byte(rawPullSecret), pullSecrets) | ||
if err != nil { | ||
return nil, errors.New("malformed pullsecret (invalid JSON)") | ||
} | ||
|
||
auth, ok := pullSecrets.Auths[domain] | ||
if !ok { | ||
return nil, fmt.Errorf("missing '%s' key in pullsecret", domain) | ||
} | ||
|
||
token, ok := auth["auth"] | ||
if !ok { | ||
return nil, errors.New("malformed pullsecret (no auth key)") | ||
} | ||
|
||
return userPassFromBase64(token.(string)) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
package pullsecret | ||
|
||
// Copyright (c) Microsoft Corporation. | ||
// Licensed under the Apache License 2.0. | ||
|
||
import ( | ||
"testing" | ||
|
||
. "github.com/onsi/ginkgo/v2" | ||
. "github.com/onsi/gomega" | ||
) | ||
|
||
var _ = Describe("Extract()", func() { | ||
It("correctly decodes a pullsecret", func() { | ||
pullSecret := "{\"auths\": {\"example.com\": {\"auth\": \"dGVzdHVzZXI6dGVzdHBhc3M=\"}}}" | ||
|
||
correctlyExtracted, err := Extract(pullSecret, "example.com") | ||
Expect(err).To(BeNil()) | ||
Expect(correctlyExtracted).To(Equal(&UserPass{Username: "testuser", Password: "testpass"})) | ||
}) | ||
|
||
It("errors if no pullsecret for that name exists", func() { | ||
pullSecret := "{\"auths\": {\"example.com\": {\"auth\": \"dGVzdHVzZXI6dGVzdHBhc3M=\"}}}" | ||
|
||
_, err := Extract(pullSecret, "missingexample.com") | ||
Expect(err).To(MatchError("missing 'missingexample.com' key in pullsecret")) | ||
}) | ||
|
||
It("errors if the json is invalid", func() { | ||
_, err := Extract("\"", "example.com") | ||
Expect(err).To(MatchError("malformed pullsecret (invalid JSON)")) | ||
}) | ||
|
||
It("errors if the base64 is invalid", func() { | ||
pullSecret := "{\"auths\": {\"example.com\": {\"auth\": \"5\"}}}" | ||
|
||
_, err := Extract(pullSecret, "example.com") | ||
Expect(err).To(MatchError("malformed auth token")) | ||
}) | ||
|
||
It("errors if the base64 does not contain a username and password", func() { | ||
pullSecret := "{\"auths\": {\"example.com\": {\"auth\": \"c29tZXRoaW5nZWxzZQ==\"}}}" | ||
|
||
_, err := Extract(pullSecret, "example.com") | ||
Expect(err).To(MatchError("auth token not in format of username:password")) | ||
}) | ||
|
||
It("errors if pullsecret has no auth key for domain", func() { | ||
pullSecret := "{\"auths\": {\"example.com\": {\"password\": \"dGVzdHVzZXI6dGVzdHBhc3M=\"}}}" | ||
|
||
_, err := Extract(pullSecret, "example.com") | ||
Expect(err).To(MatchError("malformed pullsecret (no auth key)")) | ||
}) | ||
}) | ||
|
||
func TestPullSecret(t *testing.T) { | ||
RegisterFailHandler(Fail) | ||
RunSpecs(t, "PullSecret Suite") | ||
} |