From 24cf0fd6a3ab72cca63b88e335a3fb47750e5b51 Mon Sep 17 00:00:00 2001 From: Simon Aronsson Date: Sun, 22 Nov 2020 19:03:10 +0100 Subject: [PATCH] fix tests, simplify and integrate credentials properly --- internal/actions/mocks/container.go | 30 ++++++++++++++ pkg/container/client.go | 2 +- pkg/logger/logger.go | 42 ------------------- pkg/registry/auth/auth.go | 57 ++++++++++++++------------ pkg/registry/auth/auth_test.go | 45 +++++++++++--------- pkg/registry/digest/digest.go | 56 ++++++++++++++++--------- pkg/registry/digest/digest_test.go | 33 ++++++++------- pkg/registry/manifest/manifest.go | 38 ++++++++++++----- pkg/registry/manifest/manifest_test.go | 19 ++++++--- pkg/registry/trust.go | 2 +- pkg/types/container.go | 26 ++++++++++++ 11 files changed, 209 insertions(+), 141 deletions(-) delete mode 100644 pkg/logger/logger.go create mode 100644 pkg/types/container.go diff --git a/internal/actions/mocks/container.go b/internal/actions/mocks/container.go index e92ee1c..10e97ed 100644 --- a/internal/actions/mocks/container.go +++ b/internal/actions/mocks/container.go @@ -17,6 +17,7 @@ func CreateMockContainer(id string, name string, image string, created time.Time Created: created.String(), }, Config: &container2.Config{ + Image: image, Labels: make(map[string]string), }, } @@ -24,9 +25,38 @@ func CreateMockContainer(id string, name string, image string, created time.Time &content, &types.ImageInspect{ ID: image, + RepoDigests: []string{ + image, + }, }, ) } +// CreateMockContainerWithImageInfo should only be used for testing +func CreateMockContainerWithImageInfo(id string, name string, image string, created time.Time, imageInfo types.ImageInspect) container.Container { + content := types.ContainerJSON{ + ContainerJSONBase: &types.ContainerJSONBase{ + ID: id, + Image: image, + Name: name, + Created: created.String(), + }, + Config: &container2.Config{ + Image: image, + Labels: make(map[string]string), + }, + } + return *container.NewContainer( + &content, + &imageInfo, + ) +} + +// CreateMockContainerWithDigest should only be used for testing +func CreateMockContainerWithDigest(id string, name string, image string, created time.Time, digest string) container.Container { + c := CreateMockContainer(id, name, image, created) + c.ImageInfo().RepoDigests = []string{digest} + return c +} // CreateMockContainerWithConfig creates a container substitute valid for testing func CreateMockContainerWithConfig(id string, name string, image string, created time.Time, config *container2.Config) container.Container { diff --git a/pkg/container/client.go b/pkg/container/client.go index aea3f6d..8482e83 100644 --- a/pkg/container/client.go +++ b/pkg/container/client.go @@ -294,7 +294,7 @@ func (client dockerClient) PullImage(ctx context.Context, container Container) e log.WithFields(fields).Debugf("Checking if pull is needed") - if match, err := digest.CompareDigest(ctx, *container.ImageInfo(), nil); err != nil { + if match, err := digest.CompareDigest(ctx, container, opts.RegistryAuth); err != nil { log.Info("Could not do a head request, falling back to regulara pull.") log.Debugf("Reason: %s", err.Error()) } else if match { diff --git a/pkg/logger/logger.go b/pkg/logger/logger.go deleted file mode 100644 index 2efcab8..0000000 --- a/pkg/logger/logger.go +++ /dev/null @@ -1,42 +0,0 @@ -package logger - -import ( - "context" - "github.com/sirupsen/logrus" -) - -type contextKeyType string - -const contextKey = contextKeyType("LogrusLoggerContext") - -// GetLogger returns a logger from the context if one is available, otherwise a default logger -func GetLogger(ctx context.Context) *logrus.Logger { - if logger, ok := ctx.Value(contextKey).(logrus.Logger); ok { - return &logger - } - return newLogger(&logrus.JSONFormatter{}, logrus.InfoLevel) -} - -// AddLogger adds a logger to the passed context -func AddLogger(ctx context.Context) context.Context { - return setLogger(ctx, &logrus.JSONFormatter{}, logrus.InfoLevel) -} - -// AddDebugLogger adds a text-formatted debug logger to the passed context -func AddDebugLogger(ctx context.Context) context.Context { - return setLogger(ctx, &logrus.TextFormatter{}, logrus.DebugLevel) -} - -// SetLogger adds a logger to the supplied context -func setLogger(ctx context.Context, fmt logrus.Formatter, level logrus.Level) context.Context { - log := newLogger(fmt, level) - return context.WithValue(ctx, contextKey, log) -} - -func newLogger(fmt logrus.Formatter, level logrus.Level) *logrus.Logger { - log := logrus.New() - - log.SetFormatter(fmt) - log.SetLevel(level) - return log -} diff --git a/pkg/registry/auth/auth.go b/pkg/registry/auth/auth.go index eb275fb..3e2448d 100644 --- a/pkg/registry/auth/auth.go +++ b/pkg/registry/auth/auth.go @@ -5,11 +5,9 @@ import ( "encoding/json" "errors" "fmt" - "github.com/containrrr/watchtower/pkg/logger" "github.com/containrrr/watchtower/pkg/registry/helpers" "github.com/containrrr/watchtower/pkg/types" "github.com/docker/distribution/reference" - apiTypes "github.com/docker/docker/api/types" "github.com/sirupsen/logrus" "io/ioutil" "net/http" @@ -21,22 +19,21 @@ import ( const ChallengeHeader = "WWW-Authenticate" // GetToken fetches a token for the registry hosting the provided image -func GetToken(ctx context.Context, image apiTypes.ImageInspect, credentials *types.RegistryCredentials) (string, error) { +func GetToken(ctx context.Context, container types.Container, registryAuth string) (string, error) { var err error - log := logger.GetLogger(ctx) - img := strings.Split(image.RepoTags[0], ":")[0] var url url2.URL - if url, err = GetChallengeURL(img); err != nil { + if url, err = GetChallengeURL(container.ImageName()); err != nil { return "", err } + logrus.WithField("url", url.String()).Debug("Building challenge URL") var req *http.Request if req, err = GetChallengeRequest(url); err != nil { return "", err } - var client = http.Client{} + client := &http.Client{} var res *http.Response if res, err = client.Do(req); err != nil { return "", err @@ -44,17 +41,21 @@ func GetToken(ctx context.Context, image apiTypes.ImageInspect, credentials *typ v := res.Header.Get(ChallengeHeader) - log.WithFields(logrus.Fields{ + logrus.WithFields(logrus.Fields{ "status": res.Status, "header": v, }).Debug("Got response to challenge request") + challenge := strings.ToLower(v) if strings.HasPrefix(challenge, "basic") { - return "", errors.New("basic auth not implemented yet") + if registryAuth == "" { + return "", fmt.Errorf("no credentials available") + } + + return fmt.Sprintf("Basic %s", registryAuth), nil } if strings.HasPrefix(challenge, "bearer") { - log.Debug("Fetching bearer token") - return GetBearerToken(ctx, challenge, img, err, credentials) + return GetBearerHeader(ctx, challenge, container.ImageName(), err, registryAuth) } return "", errors.New("unsupported challenge type from registry") @@ -62,7 +63,6 @@ func GetToken(ctx context.Context, image apiTypes.ImageInspect, credentials *typ // GetChallengeRequest creates a request for getting challenge instructions func GetChallengeRequest(url url2.URL) (*http.Request, error) { - req, err := http.NewRequest("GET", url.String(), nil) if err != nil { return nil, err @@ -72,12 +72,14 @@ func GetChallengeRequest(url url2.URL) (*http.Request, error) { return req, nil } -// GetBearerToken tries to fetch a bearer token from the registry based on the challenge instructions -func GetBearerToken(ctx context.Context, challenge string, img string, err error, credentials *types.RegistryCredentials) (string, error) { - log := logger.GetLogger(ctx) +// GetBearerHeader tries to fetch a bearer token from the registry based on the challenge instructions +func GetBearerHeader(ctx context.Context, challenge string, img string, err error, registryAuth string) (string, error) { client := http.Client{} - + if strings.Contains(img, ":") { + img = strings.Split(img, ":")[0] + } authURL, err := GetAuthURL(challenge, img) + if err != nil { return "", err } @@ -87,11 +89,11 @@ func GetBearerToken(ctx context.Context, challenge string, img string, err error return "", err } - if credentials != nil && credentials.Username != "" && credentials.Password != "" { - log.WithField("credentials", credentials).Debug("Found credentials. Adding basic auth.") - r.SetBasicAuth(credentials.Username, credentials.Password) + if registryAuth != "" { + logrus.WithField("credentials", registryAuth).Debug("Credentials found.") + r.Header.Add("Authorization", fmt.Sprintf("Basic %s", registryAuth)) } else { - log.Debug("No credentials found. Doing an anonymous request.") + logrus.Debug("No credentials found.") } var authResponse *http.Response @@ -107,7 +109,7 @@ func GetBearerToken(ctx context.Context, challenge string, img string, err error return "", err } - return tokenResponse.Token, nil + return fmt.Sprintf("Bearer %s", tokenResponse.Token), nil } // GetAuthURL from the instructions in the challenge @@ -124,11 +126,12 @@ func GetAuthURL(challenge string, img string) (*url2.URL, error) { val := strings.Trim(kv[1], "\"") values[key] = val } + logrus.WithFields(logrus.Fields{ + "realm": values["realm"], + "service": values["service"], + }).Debug("Checking challenge header content") if values["realm"] == "" || values["service"] == "" { - logrus.WithFields(logrus.Fields{ - "realm": values["realm"], - "service": values["service"], - }).Debug("Checking challenge header content") + return nil, fmt.Errorf("challenge header did not include all values needed to construct an auth url") } @@ -140,6 +143,7 @@ func GetAuthURL(challenge string, img string) (*url2.URL, error) { scopeImage = "library/" + scopeImage } scope := fmt.Sprintf("repository:%s:pull", scopeImage) + logrus.WithFields(logrus.Fields{"scope": scope, "image": img}).Debug("Setting scope for auth token") q.Add("scope", scope) authURL.RawQuery = q.Encode() @@ -148,8 +152,9 @@ func GetAuthURL(challenge string, img string) (*url2.URL, error) { // GetChallengeURL creates a URL object based on the image info func GetChallengeURL(img string) (url2.URL, error) { + normalizedNamed, _ := reference.ParseNormalizedNamed(img) - host, err := helpers.NormalizeRegistry(normalizedNamed.Name()) + host, err := helpers.NormalizeRegistry(normalizedNamed.String()) if err != nil { return url2.URL{}, err } diff --git a/pkg/registry/auth/auth_test.go b/pkg/registry/auth/auth_test.go index 97a29b8..f68c08f 100644 --- a/pkg/registry/auth/auth_test.go +++ b/pkg/registry/auth/auth_test.go @@ -1,14 +1,16 @@ -package auth +package auth_test import ( "context" + "fmt" + "github.com/containrrr/watchtower/internal/actions/mocks" + "github.com/containrrr/watchtower/pkg/registry/auth" "net/url" "os" "testing" + "time" - "github.com/containrrr/watchtower/pkg/logger" wtTypes "github.com/containrrr/watchtower/pkg/types" - "github.com/docker/docker/api/types" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" ) @@ -37,21 +39,24 @@ var GHCRCredentials = &wtTypes.RegistryCredentials{ } var _ = Describe("the auth module", func() { - var ctx = logger.AddDebugLogger(context.Background()) - var ghImage = types.ImageInspect{ - ID: "sha256:6972c414f322dfa40324df3c503d4b217ccdec6d576e408ed10437f508f4181b", - RepoTags: []string{ - "ghcr.io/k6io/operator:latest", - }, - RepoDigests: []string{ - "ghcr.io/k6io/operator@sha256:d68e1e532088964195ad3a0a71526bc2f11a78de0def85629beb75e2265f0547", - }, - } + mockId := "mock-id" + mockName := "mock-container" + mockImage := "ghcr.io/k6io/operator:latest" + mockCreated := time.Now() + mockDigest := "ghcr.io/k6io/operator@sha256:d68e1e532088964195ad3a0a71526bc2f11a78de0def85629beb75e2265f0547" + + mockContainer := mocks.CreateMockContainerWithDigest( + mockId, + mockName, + mockImage, + mockCreated, + mockDigest) When("getting an auth url", func() { It("should parse the token from the response", SkipIfCredentialsEmpty(GHCRCredentials, func() { - token, err := GetToken(ctx, ghImage, GHCRCredentials) + creds := fmt.Sprintf("%s:%s", GHCRCredentials.Username, GHCRCredentials.Password) + token, err := auth.GetToken(context.Background(), mockContainer, creds) Expect(err).NotTo(HaveOccurred()) Expect(token).NotTo(Equal("")) }), @@ -65,13 +70,13 @@ var _ = Describe("the auth module", func() { Path: "/token", RawQuery: "scope=repository%3Acontainrrr%2Fwatchtower%3Apull&service=ghcr.io", } - res, err := GetAuthURL(input, "containrrr/watchtower") + res, err := auth.GetAuthURL(input, "containrrr/watchtower") Expect(err).NotTo(HaveOccurred()) Expect(res).To(Equal(expected)) }) It("should create a valid auth url object based on the challenge header supplied", func() { input := `bearer realm="https://ghcr.io/token"` - res, err := GetAuthURL(input, "containrrr/watchtower") + res, err := auth.GetAuthURL(input, "containrrr/watchtower") Expect(err).To(HaveOccurred()) Expect(res).To(BeNil()) }) @@ -79,16 +84,16 @@ var _ = Describe("the auth module", func() { When("getting a challenge url", func() { It("should create a valid challenge url object based on the image ref supplied", func() { expected := url.URL{Host: "ghcr.io", Scheme: "https", Path: "/v2/"} - Expect(GetChallengeURL("ghcr.io/containrrr/watchtower:latest")).To(Equal(expected)) + Expect(auth.GetChallengeURL("ghcr.io/containrrr/watchtower:latest")).To(Equal(expected)) }) It("should assume dockerhub if the image ref is not fully qualified", func() { expected := url.URL{Host: "index.docker.io", Scheme: "https", Path: "/v2/"} - Expect(GetChallengeURL("containrrr/watchtower:latest")).To(Equal(expected)) + Expect(auth.GetChallengeURL("containrrr/watchtower:latest")).To(Equal(expected)) }) It("should convert legacy dockerhub hostnames to index.docker.io", func() { expected := url.URL{Host: "index.docker.io", Scheme: "https", Path: "/v2/"} - Expect(GetChallengeURL("docker.io/containrrr/watchtower:latest")).To(Equal(expected)) - Expect(GetChallengeURL("registry-1.docker.io/containrrr/watchtower:latest")).To(Equal(expected)) + Expect(auth.GetChallengeURL("docker.io/containrrr/watchtower:latest")).To(Equal(expected)) + Expect(auth.GetChallengeURL("registry-1.docker.io/containrrr/watchtower:latest")).To(Equal(expected)) }) }) }) diff --git a/pkg/registry/digest/digest.go b/pkg/registry/digest/digest.go index e2c7e77..7b81570 100644 --- a/pkg/registry/digest/digest.go +++ b/pkg/registry/digest/digest.go @@ -2,13 +2,14 @@ package digest import ( "context" + "crypto/tls" + "encoding/base64" + "encoding/json" "errors" "fmt" - "github.com/containrrr/watchtower/pkg/logger" "github.com/containrrr/watchtower/pkg/registry/auth" "github.com/containrrr/watchtower/pkg/registry/manifest" "github.com/containrrr/watchtower/pkg/types" - apiTypes "github.com/docker/docker/api/types" "github.com/sirupsen/logrus" "net/http" "strings" @@ -18,34 +19,31 @@ import ( const ContentDigestHeader = "Docker-Content-Digest" // CompareDigest ... -func CompareDigest(ctx context.Context, image apiTypes.ImageInspect, credentials *types.RegistryCredentials) (bool, error) { +func CompareDigest(ctx context.Context, container types.Container, registryAuth string) (bool, error) { var digest string - token, err := auth.GetToken(ctx, image, credentials) + + registryAuth = TransformAuth(registryAuth) + token, err := auth.GetToken(ctx, container, registryAuth) if err != nil { return false, err } - digestURL, err := manifest.BuildManifestURL(image) + digestURL, err := manifest.BuildManifestURL(container) if err != nil { return false, err } - if digest, err = GetDigest(ctx, digestURL, token); err != nil { + if digest, err = GetDigest(digestURL, token); err != nil { return false, err } logrus.WithField("remote", digest).Debug("Found a remote digest to compare with") - if image.ID == digest { - return true, nil - } - - for _, dig := range image.RepoDigests { + for _, dig := range container.ImageInfo().RepoDigests { localDigest := strings.Split(dig, "@")[1] - logrus.WithFields(logrus.Fields{ - "local": localDigest, - "remote": digest, - }).Debug("Comparing") + fields := logrus.Fields{"local": localDigest, "remote": digest} + logrus.WithFields(fields).Debug("Comparing") + if localDigest == digest { logrus.Debug("Found a match") return true, nil @@ -55,18 +53,36 @@ func CompareDigest(ctx context.Context, image apiTypes.ImageInspect, credentials return false, nil } +// TransformAuth from a base64 encoded json object to base64 encoded string +func TransformAuth(registryAuth string) string { + b, _ := base64.StdEncoding.DecodeString(registryAuth) + credentials := &types.RegistryCredentials{} + _ = json.Unmarshal(b, credentials) + + if credentials.Username != "" && credentials.Password != "" { + ba := []byte(fmt.Sprintf("%s:%s", credentials.Username, credentials.Password)) + registryAuth = base64.StdEncoding.EncodeToString(ba) + } + + return registryAuth +} + // GetDigest from registry using a HEAD request to prevent rate limiting -func GetDigest(ctx context.Context, url string, token string) (string, error) { - client := &http.Client{} - log := logger.GetLogger(ctx).WithField("fun", "GetDigest") +func GetDigest(url string, token string) (string, error) { + tr := &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, + } + client := &http.Client{Transport: tr} + if token != "" { - log.WithField("token", token).Debug("Setting request bearer token") + logrus.WithField("token", token).Trace("Setting request token") } else { return "", errors.New("could not fetch token") } req, _ := http.NewRequest("HEAD", url, nil) - req.Header.Add("Authorization", "Bearer "+token) + req.Header.Add("Authorization", token) + req.Header.Add("Accept", "application/vnd.docker.distribution.manifest.v2+json") req.Header.Add("Accept", "*/*") logrus.WithField("url", url).Debug("Doing a HEAD request to fetch a digest") diff --git a/pkg/registry/digest/digest_test.go b/pkg/registry/digest/digest_test.go index 534a6fb..5e9a2a2 100644 --- a/pkg/registry/digest/digest_test.go +++ b/pkg/registry/digest/digest_test.go @@ -1,15 +1,16 @@ -package digest +package digest_test import ( "context" "fmt" - "github.com/containrrr/watchtower/pkg/logger" + "github.com/containrrr/watchtower/internal/actions/mocks" + "github.com/containrrr/watchtower/pkg/registry/digest" wtTypes "github.com/containrrr/watchtower/pkg/types" - "github.com/docker/docker/api/types" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" "os" "testing" + "time" ) func TestDigest(t *testing.T) { @@ -18,16 +19,6 @@ func TestDigest(t *testing.T) { RunSpecs(GinkgoT(), "Digest Suite") } -var ghImage = types.ImageInspect{ - ID: "sha256:6972c414f322dfa40324df3c503d4b217ccdec6d576e408ed10437f508f4181b", - RepoTags: []string{ - "ghcr.io/k6io/operator:latest", - }, - RepoDigests: []string{ - "ghcr.io/k6io/operator@sha256:d68e1e532088964195ad3a0a71526bc2f11a78de0def85629beb75e2265f0547", - }, -} - var DockerHubCredentials = &wtTypes.RegistryCredentials{ Username: os.Getenv("CI_INTEGRATION_TEST_REGISTRY_DH_USERNAME"), Password: os.Getenv("CI_INTEGRATION_TEST_REGISTRY_DH_PASSWORD"), @@ -52,12 +43,24 @@ func SkipIfCredentialsEmpty(credentials *wtTypes.RegistryCredentials, fn func()) } var _ = Describe("Digests", func() { - var ctx = logger.AddDebugLogger(context.Background()) + mockId := "mock-id" + mockName := "mock-container" + mockImage := "ghcr.io/k6io/operator:latest" + mockCreated := time.Now() + mockDigest := "ghcr.io/k6io/operator@sha256:d68e1e532088964195ad3a0a71526bc2f11a78de0def85629beb75e2265f0547" + + mockContainer := mocks.CreateMockContainerWithDigest( + mockId, + mockName, + mockImage, + mockCreated, + mockDigest) When("a digest comparison is done", func() { It("should return true if digests match", SkipIfCredentialsEmpty(GHCRCredentials, func() { - matches, err := CompareDigest(ctx, ghImage, GHCRCredentials) + creds := fmt.Sprintf("%s:%s", GHCRCredentials.Username, GHCRCredentials.Password) + matches, err := digest.CompareDigest(context.Background(), mockContainer, creds) Expect(err).NotTo(HaveOccurred()) Expect(matches).To(Equal(true)) }), diff --git a/pkg/registry/manifest/manifest.go b/pkg/registry/manifest/manifest.go index 1938ee4..837bc3f 100644 --- a/pkg/registry/manifest/manifest.go +++ b/pkg/registry/manifest/manifest.go @@ -3,21 +3,31 @@ package manifest import ( "fmt" "github.com/containrrr/watchtower/pkg/registry/helpers" + "github.com/containrrr/watchtower/pkg/types" ref "github.com/docker/distribution/reference" - apiTypes "github.com/docker/docker/api/types" + "github.com/sirupsen/logrus" url2 "net/url" "strings" ) // BuildManifestURL from raw image data -func BuildManifestURL(image apiTypes.ImageInspect) (string, error) { - img, tag := extractImageAndTag(image) - hostName, err := ref.ParseNormalizedNamed(img) +func BuildManifestURL(container types.Container) (string, error) { + + normalizedName, err := ref.ParseNormalizedNamed(container.ImageName()) if err != nil { return "", err } - host, err := helpers.NormalizeRegistry(hostName.Name()) + host, err := helpers.NormalizeRegistry(normalizedName.String()) + img, tag := extractImageAndTag(strings.TrimPrefix(container.ImageName(), host+"/")) + + logrus.WithFields(logrus.Fields{ + "image": img, + "tag": tag, + "normalized": normalizedName, + "host": host, + }).Debug("Parsing image ref") + if err != nil { return "", err } @@ -33,15 +43,21 @@ func BuildManifestURL(image apiTypes.ImageInspect) (string, error) { return url.String(), nil } -func extractImageAndTag(image apiTypes.ImageInspect) (string, string) { +func extractImageAndTag(imageName string) (string, string) { var img string var tag string - if strings.Contains(image.RepoTags[0], ":") { - parts := strings.Split(image.RepoTags[0], ":") - img = parts[0] - tag = parts[1] + + if strings.Contains(imageName, ":") { + parts := strings.Split(imageName, ":") + if len(parts) > 2 { + img = fmt.Sprintf("%s%s", parts[0], parts[1]) + tag = parts[3] + } else { + img = parts[0] + tag = parts[1] + } } else { - img = image.RepoTags[0] + img = imageName tag = "latest" } return img, tag diff --git a/pkg/registry/manifest/manifest_test.go b/pkg/registry/manifest/manifest_test.go index 5325c3c..3b86f90 100644 --- a/pkg/registry/manifest/manifest_test.go +++ b/pkg/registry/manifest/manifest_test.go @@ -1,11 +1,13 @@ package manifest_test import ( + "github.com/containrrr/watchtower/internal/actions/mocks" "github.com/containrrr/watchtower/pkg/registry/manifest" apiTypes "github.com/docker/docker/api/types" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" "testing" + "time" ) func TestManifest(t *testing.T) { @@ -14,17 +16,20 @@ func TestManifest(t *testing.T) { } var _ = Describe("the manifest module", func() { + mockId := "mock-id" + mockName := "mock-container" + mockCreated := time.Now() When("building a manifest url", func() { It("should return a valid url given a fully qualified image", func() { expected := "https://ghcr.io/v2/containrrr/watchtower/manifests/latest" imageInfo := apiTypes.ImageInspect{ RepoTags: []string{ - "ghcr.io/containrrr/watchtower:latest", + "ghcr.io/k6io/operator:latest", }, } - - res, err := manifest.BuildManifestURL(imageInfo) + mock := mocks.CreateMockContainerWithImageInfo(mockId, mockName, "ghcr.io/containrrr/watchtower:latest", mockCreated, imageInfo) + res, err := manifest.BuildManifestURL(mock) Expect(err).NotTo(HaveOccurred()) Expect(res).To(Equal(expected)) }) @@ -36,19 +41,23 @@ var _ = Describe("the manifest module", func() { }, } - res, err := manifest.BuildManifestURL(imageInfo) + mock := mocks.CreateMockContainerWithImageInfo(mockId, mockName, "containrrr/watchtower:latest", mockCreated, imageInfo) + res, err := manifest.BuildManifestURL(mock) Expect(err).NotTo(HaveOccurred()) Expect(res).To(Equal(expected)) }) It("should assume latest for images that lack an explicit tag", func() { expected := "https://index.docker.io/v2/containrrr/watchtower/manifests/latest" imageInfo := apiTypes.ImageInspect{ + RepoTags: []string{ "containrrr/watchtower", }, } - res, err := manifest.BuildManifestURL(imageInfo) + mock := mocks.CreateMockContainerWithImageInfo(mockId, mockName, "containrrr/watchtower", mockCreated, imageInfo) + + res, err := manifest.BuildManifestURL(mock) Expect(err).NotTo(HaveOccurred()) Expect(res).To(Equal(expected)) }) diff --git a/pkg/registry/trust.go b/pkg/registry/trust.go index 937d2c3..c2bf7da 100644 --- a/pkg/registry/trust.go +++ b/pkg/registry/trust.go @@ -66,7 +66,7 @@ func EncodedConfigAuth(ref string) (string, error) { auth, _ := credStore.Get(server) // returns (types.AuthConfig{}) if server not in credStore if auth == (types.AuthConfig{}) { - log.Debugf("No credentials for %s in %s", server, configFile.Filename) + log.WithField("config_file", configFile.Filename).Debugf("No credentials for %s found", server) return "", nil } log.Debugf("Loaded auth credentials for user %s, on registry %s, from file %s", auth.Username, ref, configFile.Filename) diff --git a/pkg/types/container.go b/pkg/types/container.go new file mode 100644 index 0000000..50baac6 --- /dev/null +++ b/pkg/types/container.go @@ -0,0 +1,26 @@ +package types + +import "github.com/docker/docker/api/types" + +// Container is a docker container running an image +type Container interface { + ContainerInfo() *types.ContainerJSON + ID() string + IsRunning() bool + Name() string + ImageID() string + ImageName() string + Enabled() (bool, bool) + IsMonitorOnly() bool + Scope() (string, bool) + Links() []string + ToRestart() bool + IsWatchtower() bool + StopSignal() string + HasImageInfo() bool + ImageInfo() *types.ImageInspect + GetLifecyclePreCheckCommand() string + GetLifecyclePostCheckCommand() string + GetLifecyclePreUpdateCommand() string + GetLifecyclePostUpdateCommand() string +}