From 6b9fd8d7ef85c371f0f0fb7988778949a96e7a7f Mon Sep 17 00:00:00 2001 From: Simon Aronsson Date: Sun, 15 Nov 2020 23:27:32 +0100 Subject: [PATCH] fix some tests, split up and refactor some wonky regression introduced by docker dependencies when running on darwin. see https://github.com/ory/dockertest/issues/212 for more info. will have a look at this next --- go.mod | 5 - go.sum | 30 +---- internal/actions/check.go | 2 +- pkg/logger/logger.go | 39 ++++++ pkg/registry/auth/auth.go | 144 ++++++++++++++++++++++ pkg/registry/digest/digest.go | 178 +++------------------------ pkg/registry/digest/digest_test.go | 97 ++++++++++----- pkg/registry/helpers/helpers.go | 38 ++++++ pkg/registry/helpers/helpers_test.go | 33 +++++ pkg/registry/manifest/manifest.go | 37 ++++++ pkg/types/registry_credentials.go | 6 + pkg/types/token_response.go | 5 + 12 files changed, 389 insertions(+), 225 deletions(-) create mode 100644 pkg/logger/logger.go create mode 100644 pkg/registry/auth/auth.go create mode 100644 pkg/registry/helpers/helpers.go create mode 100644 pkg/registry/helpers/helpers_test.go create mode 100644 pkg/registry/manifest/manifest.go create mode 100644 pkg/types/registry_credentials.go create mode 100644 pkg/types/token_response.go diff --git a/go.mod b/go.mod index 8646daf..471b659 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,6 @@ module github.com/containrrr/watchtower go 1.12 require ( - github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 // indirect github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d // indirect github.com/agl/ed25519 v0.0.0-20170116200512-5312a6153412 // indirect github.com/bitly/go-hostpool v0.0.0-20171023180738-a3a6125de932 // indirect @@ -19,8 +18,6 @@ require ( github.com/docker/distribution v2.7.1+incompatible github.com/docker/docker v1.4.2-0.20191219165747-a9416c67da9f github.com/docker/go v1.5.1-1 // indirect - github.com/docker/go-connections v0.4.0 // indirect - github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 // indirect github.com/gofrs/uuid v3.2.0+incompatible // indirect github.com/google/certificate-transparency-go v1.0.21 // indirect github.com/hailocab/go-hostpool v0.0.0-20160125115350-e80d13ce29ed // indirect @@ -34,7 +31,6 @@ require ( github.com/miekg/pkcs11 v0.0.0-20190401114359-553cfdd26aaa // indirect github.com/onsi/ginkgo v1.8.0 github.com/onsi/gomega v1.5.0 - github.com/opencontainers/runc v1.0.0-rc91 github.com/robfig/cron v0.0.0-20180505203441-b41be1df6967 github.com/sirupsen/logrus v1.7.0 github.com/spf13/cobra v0.0.3 @@ -47,5 +43,4 @@ require ( gopkg.in/dancannon/gorethink.v3 v3.0.5 // indirect gopkg.in/fatih/pool.v2 v2.0.0 // indirect gopkg.in/gorethink/gorethink.v3 v3.0.5 // indirect - gotest.tools v2.2.0+incompatible // indirect ) diff --git a/go.sum b/go.sum index 5a22d26..3e96011 100644 --- a/go.sum +++ b/go.sum @@ -7,9 +7,9 @@ github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7O github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/Microsoft/go-winio v0.4.12 h1:xAfWHN1IrQ0NJ9TBC0KBZoqLjzDTr1ML+4MywiUOryc= -github.com/Microsoft/go-winio v0.4.12/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= +github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5 h1:ygIc8M6trr62pF5DucadTWGdEB4mEyvzi0e2nbcmcyA= github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= +github.com/Microsoft/hcsshim v0.8.9 h1:VrfodqvztU8YSOvygU+DN1BGaSGxmrNfqOv5oOuX2Bk= github.com/Microsoft/hcsshim v0.8.9/go.mod h1:5692vkUqntj1idxauYlpoINNKeqCiG6Sg38RRsjT5y8= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs= @@ -55,15 +55,12 @@ github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on github.com/containerd/console v1.0.0/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE= github.com/containerd/containerd v1.3.2 h1:ForxmXkA6tPIvffbrDAcPUIB32QgXkt2XFj+F0UxetA= github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= -github.com/containerd/continuity v0.0.0-20181203112020-004b46473808 h1:4BX8f882bXEDKfWIf0wa8HRvpnBoPszJJXL+TVbBw4M= -github.com/containerd/continuity v0.0.0-20181203112020-004b46473808/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= +github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc h1:TP+534wVlf61smEIq1nwLLAjQVEK2EADoW3CX9AuT+8= github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0= github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o= github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc= -github.com/containers/image v1.5.1 h1:ssEuj1c24uJvdMkUa2IrawuEFZBP12p6WzrjNBTQxE0= -github.com/containers/image v3.0.2+incompatible h1:B1lqAE8MUPCrsBLE86J0gnXleeRq8zJnQryhiiGQNyE= github.com/containers/image/v5 v5.7.0 h1:fiTC8/Xbr+zEP6njGTZtPW/3UD7MC93nC9DbUoWdxkA= github.com/containers/image/v5 v5.7.0/go.mod h1:8aOy+YaItukxghRORkvhq5ibWttHErzDLy6egrKfKos= github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= @@ -90,25 +87,16 @@ github.com/docker/cli v0.0.0-20190327152802-57b27434ea29 h1:ciaXDHaWQda0nvevWqcj github.com/docker/cli v0.0.0-20190327152802-57b27434ea29/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v0.0.0-20190404075923-dbe4a30928d4 h1:34LfsqlE2kEvmGP9qbRoPvOWkmluYGzmlvWVTzwvT0A= -github.com/docker/docker v0.0.0-20190404075923-dbe4a30928d4/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v1.4.2-0.20191219165747-a9416c67da9f h1:Sm8iD2lifO31DwXfkGzq8VgA7rwxPjRsYmeo0K/dF9Y= github.com/docker/docker v1.4.2-0.20191219165747-a9416c67da9f/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v1.13.1 h1:IkZjBSIc8hBjLpqeAbeE5mca5mNgeatLHBy3GO78BWo= -github.com/docker/docker-credential-helpers v0.6.1 h1:Dq4iIfcM7cNtddhLVWe9h4QDjsi4OER3Z8voPu/I52g= -github.com/docker/docker-credential-helpers v0.6.1/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y= github.com/docker/docker-credential-helpers v0.6.3 h1:zI2p9+1NQYdnG6sMU26EX4aVGlqbInSQxQXLvzJ4RPQ= github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y= github.com/docker/go v1.5.1-1 h1:hr4w35acWBPhGBXlzPoHpmZ/ygPjnmFVxGxxGnMyP7k= github.com/docker/go v1.5.1-1/go.mod h1:CADgU4DSXK5QUlFslkQu2yW2TKzFZcXq/leZfM0UH5Q= github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= -github.com/docker/go-metrics v0.0.0-20181218153428-b84716841b82 h1:X0fj836zx99zFu83v/M79DuBn84IL/Syx1SY6Y5ZEMA= -github.com/docker/go-metrics v0.0.0-20181218153428-b84716841b82/go.mod h1:/u0gXw0Gay3ceNrsHubL3BtdOL2fHf93USgMTe0W5dI= github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8= github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw= -github.com/docker/go-units v0.3.3 h1:Xk8S3Xj5sLGlG5g67hJmYMmUgXv5N4PhkjJHHqrwnTk= -github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw= github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 h1:UhxFibDNY/bfvqU5CAUmr9zpesgbU6SWc8/B4mflAE4= @@ -139,6 +127,7 @@ github.com/gogo/protobuf v1.2.1 h1:/s5zKNz0uPFCZ5hddgPdo2TK2TVrUNMn0OOX8/aZMTE= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls= github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1 h1:G5FRp8JnTd7RQH5kemVNlMeyXQAztQ3mOWV95KxsXH8= @@ -165,8 +154,6 @@ github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OI github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= -github.com/gorilla/mux v1.7.0 h1:tOSd0UKHQd6urX6ApfOn4XdBMY6Sh1MfxV3kmaazO+U= -github.com/gorilla/mux v1.7.0/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.7.4 h1:VuZ8uybHlWmqV03+zRzdwKL4tUnIp1MAQtp1mIFE1bc= github.com/gorilla/mux v1.7.4/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= @@ -213,8 +200,6 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o github.com/klauspost/compress v1.11.1/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s= -github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= @@ -248,8 +233,6 @@ github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/morikuni/aec v0.0.0-20170113033406-39771216ff4c h1:nXxl5PrvVm2L/wCy8dQu6DMTwH4oIuGN8GJDAlqDdVE= -github.com/morikuni/aec v0.0.0-20170113033406-39771216ff4c/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/mreiferson/go-httpclient v0.0.0-20160630210159-31f0106b4474/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8= @@ -275,8 +258,6 @@ github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zM github.com/opencontainers/image-spec v1.0.2-0.20190823105129-775207bd45b6 h1:yN8BPXVwMBAm3Cuvh1L5XE8XpvYRMdsVLd82ILprhUU= github.com/opencontainers/image-spec v1.0.2-0.20190823105129-775207bd45b6/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= -github.com/opencontainers/runc v0.1.1 h1:GlxAyO6x8rfZYN9Tt0Kti5a/cP41iuiO2yYT0IJGY8Y= -github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v1.0.0-rc91/go.mod h1:3Sm6Dt7OT8z88EbdQqqcRN2oCT54jbi72tT/HqgflT8= github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.3-0.20200520003142-237cc4f519e2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= @@ -425,7 +406,6 @@ golang.org/x/net v0.0.0-20190522155817-f3200d17e092 h1:4QSRKanuywn15aTZvI/mIDEgP golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191116160921-f9c825593386 h1:ktbWvQrW08Txdxno1PiDpSxPXG6ndGsfnJjRRtkM0LQ= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e h1:3G+cUijn7XD+S4eJFddp53Pv7+slrESplyjG25HgL+k= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -472,6 +452,7 @@ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 h1:SvFZT6jyqRaOeXpc5h/JSfZenJ2O330aBsf7JfSUXmQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqGHIWVuyCkGJLwGh9JJFs= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -508,6 +489,7 @@ gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLks gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/dancannon/gorethink.v3 v3.0.5 h1:/g7PWP7zUS6vSNmHSDbjCHQh1Rqn8Jy6zSMQxAsBSMQ= gopkg.in/dancannon/gorethink.v3 v3.0.5/go.mod h1:GXsi1e3N2OcKhcP6nsYABTiUejbWMFO4GY5a4pEaeEc= diff --git a/internal/actions/check.go b/internal/actions/check.go index 56a9fc4..aeff0cd 100644 --- a/internal/actions/check.go +++ b/internal/actions/check.go @@ -10,7 +10,7 @@ import ( "github.com/containrrr/watchtower/pkg/filters" "github.com/containrrr/watchtower/pkg/sorter" - "github.com/opencontainers/runc/Godeps/_workspace/src/github.com/Sirupsen/logrus" + "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus" diff --git a/pkg/logger/logger.go b/pkg/logger/logger.go new file mode 100644 index 0000000..1ec3f4b --- /dev/null +++ b/pkg/logger/logger.go @@ -0,0 +1,39 @@ +package logger + +import ( + "context" + "github.com/sirupsen/logrus" +) + +const ContextKey = "LogrusLoggerContext" + +// GetLogger returns a logger from the context if one is available, otherwise a default logger +func GetLogger(ctx context.Context) *logrus.Logger { + if logger, ok := ctx.Value(ContextKey).(logrus.Logger); ok { + return &logger + } else { + return newLogger(&logrus.JSONFormatter{}, logrus.InfoLevel) + } +} + +func AddLogger(ctx context.Context) { + setLogger(ctx, &logrus.JSONFormatter{}, logrus.InfoLevel) +} + +func AddDebugLogger(ctx context.Context) { + setLogger(ctx, &logrus.TextFormatter{}, logrus.DebugLevel) +} + +// SetLogger adds a logger to the supplied context +func setLogger(ctx context.Context, fmt logrus.Formatter, level logrus.Level) { + log := newLogger(fmt, level) + context.WithValue(ctx, ContextKey, log) +} + +func newLogger(fmt logrus.Formatter, level logrus.Level) *logrus.Logger { + log := logrus.New() + + log.SetFormatter(fmt) + log.SetLevel(level) + return log +} \ No newline at end of file diff --git a/pkg/registry/auth/auth.go b/pkg/registry/auth/auth.go new file mode 100644 index 0000000..dac5f92 --- /dev/null +++ b/pkg/registry/auth/auth.go @@ -0,0 +1,144 @@ +package auth + +import ( + "context" + "encoding/json" + "errors" + "fmt" + ref "github.com/containers/image/v5/docker/reference" + "github.com/containrrr/watchtower/pkg/logger" + "github.com/containrrr/watchtower/pkg/registry/helpers" + "github.com/containrrr/watchtower/pkg/types" + apiTypes "github.com/docker/docker/api/types" + "github.com/sirupsen/logrus" + "io/ioutil" + "net/http" + url2 "net/url" + "strings" +) + +const ChallengeHeader = "WWW-Authenticate" + + + + +func GetToken(ctx context.Context, image apiTypes.ImageInspect, credentials *types.RegistryCredentials) (string, error) { + var err error + log := logger.GetLogger(ctx) + + img := strings.Split(image.RepoTags[0], ":")[0] + var url url2.URL + if url, err = GetChallengeURL(img); err != nil { + return "", err + } + + var req *http.Request + if req, err = GetChallengeRequest(url); err != nil { + return "", err + } + + var client = http.Client{} + var res *http.Response + if res, err = client.Do(req); err != nil { + return "", err + } + + v := res.Header.Get(ChallengeHeader) + + log.WithFields(logrus.Fields{ + "status": res.Status, + "header": v, + }).Debug("Got response to challenge request") + challenge := strings.ToLower(v) + if strings.HasPrefix(challenge, "basic") { + return "", errors.New("basic auth not implemented yet") + } + if strings.HasPrefix(challenge, "bearer") { + log.Debug("Fetching bearer token") + return GetBearerToken(ctx, challenge, img, err, credentials) + } + + return "", errors.New("unsupported challenge type from registry") +} + +func GetChallengeRequest(url url2.URL) (*http.Request, error) { + + req, err := http.NewRequest("GET", url.String(), nil) + if err != nil { + return nil, err + } + req.Header.Set("Accept", "*/*") + req.Header.Set("User-Agent", "Watchtower (Docker)") + return req, nil +} + +func GetBearerToken(ctx context.Context, challenge string, img string, err error, credentials *types.RegistryCredentials) (string, error) { + log := logger.GetLogger(ctx) + client := http.Client{} + authURL := GetAuthURL(challenge, img) + + var r *http.Request + if r, err = http.NewRequest("GET", authURL.String(), nil); err != nil { + return "", err + } + + if credentials.Username != "" && credentials.Password != "" { + log.WithField("credentials", credentials).Debug("Found credentials. Adding basic auth.") + r.SetBasicAuth(credentials.Username, credentials.Password) + } else { + log.Debug("No credentials found. Doing an anonymous request.") + } + + var authResponse *http.Response + if authResponse, err = client.Do(r); err != nil { + return "", err + } + + body, _ := ioutil.ReadAll(authResponse.Body) + tokenResponse := &types.TokenResponse{} + + err = json.Unmarshal(body, tokenResponse) + if err != nil { + return "", err + } + + return tokenResponse.Token, nil +} + +func GetAuthURL(challenge string, img string) *url2.URL { + raw := strings.TrimPrefix(challenge, "bearer") + pairs := strings.Split(raw, ",") + values := make(map[string]string, 0) + for _, pair := range pairs { + trimmed := strings.Trim(pair, " ") + kv := strings.Split(trimmed, "=") + key := kv[0] + val := strings.Trim(kv[1], "\"") + values[key] = val + } + + authURL, _ := url2.Parse(fmt.Sprintf("%s", values["realm"])) + q := authURL.Query() + q.Add("service", values["service"]) + scopeImage := strings.TrimPrefix(img, values["service"]) + scope := fmt.Sprintf("repository:%s:pull", scopeImage) + q.Add("scope", scope) + + authURL.RawQuery = q.Encode() + return authURL +} + +func GetChallengeURL(img string) (url2.URL, error) { + normalizedNamed, _ := ref.ParseNormalizedNamed(img) + host, err := helpers.NormalizeRegistry(normalizedNamed.Name()) + if err != nil { + return url2.URL{}, err + } + + url := url2.URL{ + Scheme: "https", + Host: host , + Path: "/v2/", + } + return url, nil +} \ No newline at end of file diff --git a/pkg/registry/digest/digest.go b/pkg/registry/digest/digest.go index 81f43c7..48fbcb1 100644 --- a/pkg/registry/digest/digest.go +++ b/pkg/registry/digest/digest.go @@ -1,40 +1,38 @@ package digest import ( - "encoding/json" + "context" "errors" "fmt" - ref "github.com/containers/image/v5/docker/reference" + "github.com/containrrr/watchtower/pkg/logger" + "github.com/containrrr/watchtower/pkg/registry/auth" + "github.com/containrrr/watchtower/pkg/registry/manifest" + "github.com/containrrr/watchtower/pkg/types" apiTypes "github.com/docker/docker/api/types" - log "github.com/sirupsen/logrus" - - "io/ioutil" "net/http" - url2 "net/url" "strings" ) const ( ManifestListV2ContentType = "application/vnd.docker.distribution.manifest.list.v2+json" - ChallengeHeader = "WWW-Authenticate" ContentDigestHeader = "Docker-Content-Digest" ) // CompareDigest ... -func CompareDigest(image apiTypes.ImageInspect, credentials *RegistryCredentials) (bool, error) { +func CompareDigest(ctx context.Context, image apiTypes.ImageInspect, credentials *types.RegistryCredentials) (bool, error) { var digest string - - token, err := GetToken(image, credentials) + log := logger.GetLogger(ctx).WithField("fun", "CompareDigest") + token, err := auth.GetToken(ctx, image, credentials) if err != nil { return false, err } - digestURL, err := BuildManifestURL(image) + digestURL, err := manifest.BuildManifestURL(image) if err != nil { return false, err } - if digest, err = GetDigest(digestURL, token); err != nil { + if digest, err = GetDigest(ctx, digestURL, token); err != nil { return false, err } @@ -49,15 +47,16 @@ func CompareDigest(image apiTypes.ImageInspect, credentials *RegistryCredentials localDigest := strings.Split(dig, "@")[1] log.WithField("Local Digest", localDigest).Debug("Comparing with local digest") if localDigest == digest { - return true,nil + return true, nil } } return false, nil } -func GetDigest(url string, token string) (string, error) { +func GetDigest(ctx context.Context, url string, token string) (string, error) { client := &http.Client{} + log := logger.GetLogger(ctx).WithField("fun", "GetDigest") if token != "" { log.WithField("token", token).Debug("Setting request bearer token") } else { @@ -65,10 +64,10 @@ func GetDigest(url string, token string) (string, error) { } req, _ := http.NewRequest("HEAD", url, nil) - req.Header.Add("Authorization", "Bearer " + token) - req.Header.Add("Accept", ManifestListV2ContentType) - log.WithField("url", url) + req.Header.Add("Authorization", "Bearer "+token) + req.Header.Add("Accept", "*") + log.WithField("url", url).Debug("Doing a HEAD request to fetch a digest") res, err := client.Do(req) if err != nil { return "", err @@ -81,148 +80,3 @@ func GetDigest(url string, token string) (string, error) { return res.Header.Get(ContentDigestHeader), nil } -func GetToken(image apiTypes.ImageInspect, credentials *RegistryCredentials) (string, error){ - img := strings.Split(image.RepoTags[0], ":")[0] - url := GetChallengeURL(img) - - res, err := DoChallengeRequest(url) - if err != nil { - return "", err - } - - v := res.Header.Get(ChallengeHeader) - challenge := strings.ToLower(v) - if strings.HasPrefix(challenge, "basic") { - return "", errors.New("basic auth not implemented yet") - } - if strings.HasPrefix(challenge, "bearer") { - return GetBearerToken(challenge, img, err, credentials) - } - - return "", errors.New("unsupported challenge type from registry") -} - -func DoChallengeRequest(url url2.URL) (*http.Response, error) { - req, _ := http.NewRequest("GET", url.String(), nil) - req.Header.Set("Accept", "*/*") - req.Header.Set("User-Agent", "Watchtower (Docker)") - client := http.Client{} - return client.Do(req) -} - -func GetBearerToken(challenge string, img string, err error, credentials *RegistryCredentials) (string, error) { - client := http.Client{} - authURL := GetAuthURL(challenge, img) - - var r *http.Request - if r, err = http.NewRequest("GET", authURL.String(), nil); err != nil { - return "", err - } - - if credentials.Username != "" && credentials.Password != "" { - r.SetBasicAuth(credentials.Username, credentials.Password) - } - - var authResponse *http.Response - if authResponse, err = client.Do(r); err != nil { - return "", err - } - - body, _ := ioutil.ReadAll(authResponse.Body) - tokenResponse := &TokenResponse{} - - err = json.Unmarshal(body, tokenResponse) - if err != nil { - return "", err - } - - return tokenResponse.Token, nil -} - -func GetAuthURL(challenge string, img string) *url2.URL { - raw := strings.TrimPrefix(challenge, "bearer") - pairs := strings.Split(raw, ",") - values := make(map[string]string, 0) - for _, pair := range pairs { - trimmed := strings.Trim(pair, " ") - kv := strings.Split(trimmed, "=") - key := kv[0] - val := strings.Trim(kv[1], "\"") - values[key] = val - } - - authURL, _ := url2.Parse(fmt.Sprintf("%s", values["realm"])) - q := authURL.Query() - q.Add("service", values["service"]) - scopeImage := strings.TrimPrefix(img, values["service"]) - scope := fmt.Sprintf("repository:%s:pull", scopeImage) - q.Add("scope", scope) - - authURL.RawQuery = q.Encode() - return authURL -} - -func GetChallengeURL(img string) url2.URL { - normalizedNamed, _ := ref.ParseNormalizedNamed(img) - - url := url2.URL{ - Scheme: "https", - Host: normalizeRegistry(normalizedNamed.Name()), - Path: "/v2/", - } - return url -} - -type TokenResponse struct { - Token string `json:"token"` -} - -type RegistryCredentials struct { - Username string - Password string // usually a token rather than an actual password -} - -func BuildManifestURL(image apiTypes.ImageInspect) (string, error) { - parts := strings.Split(image.RepoTags[0], ":") - img := parts[0] - tag := parts[1] - - hostName, err := ref.ParseNormalizedNamed(img) - if err != nil { - return "", err - } - - host := normalizeRegistry(hostName.Name()) - img = strings.TrimPrefix(img, host) - url := url2.URL{ - Scheme: "https", - Host: host, - Path: fmt.Sprintf("/v2/%s/manifests/%s", img, tag), - } - return url.String(), nil -} - - -// Copied from github.com/docker/docker/registry/auth.go -func convertToHostname(url string) string { - stripped := url - if strings.HasPrefix(url, "http://") { - stripped = strings.TrimPrefix(url, "http://") - } else if strings.HasPrefix(url, "https://") { - stripped = strings.TrimPrefix(url, "https://") - } - - nameParts := strings.SplitN(stripped, "/", 2) - - return nameParts[0] -} - -// Copied from https://github.com/containers/image/pkg/docker/config/config.go -func normalizeRegistry(registry string) string { - normalized := convertToHostname(registry) - switch normalized { - case "registry-1.docker.io", "docker.io": - return "index.docker.io" - } - return normalized -} \ No newline at end of file diff --git a/pkg/registry/digest/digest_test.go b/pkg/registry/digest/digest_test.go index 9fb92d7..0946d82 100644 --- a/pkg/registry/digest/digest_test.go +++ b/pkg/registry/digest/digest_test.go @@ -1,64 +1,95 @@ package digest import ( + "context" + "fmt" + "github.com/containrrr/watchtower/pkg/logger" + "github.com/containrrr/watchtower/pkg/registry/auth" + wtTypes "github.com/containrrr/watchtower/pkg/types" "github.com/docker/docker/api/types" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" - log "github.com/sirupsen/logrus" "os" "testing" ) func TestDigest(t *testing.T) { - log.SetLevel(log.DebugLevel) RegisterFailHandler(Fail) RunSpecs(t, "Digest Suite") } -var image = types.ImageInspect{ +var ghImage = types.ImageInspect{ ID: "sha256:6972c414f322dfa40324df3c503d4b217ccdec6d576e408ed10437f508f4181b", - RepoTags: []string { + RepoTags: []string{ "ghcr.io/k6io/operator:latest", }, - RepoDigests: []string { + RepoDigests: []string{ "ghcr.io/k6io/operator@sha256:d68e1e532088964195ad3a0a71526bc2f11a78de0def85629beb75e2265f0547", }, } -var ( - DH_USERNAME = os.Getenv("CI_INTEGRATION_TEST_REGISTRY_DH_USERNAME") - DH_PASSWORD = os.Getenv("CI_INTEGRATION_TEST_REGISTRY_DH_PASSWORD") - GH_USERNAME = os.Getenv("CI_INTEGRATION_TEST_REGISTRY_DH_USERNAME") - GH_PASSWORD = os.Getenv("CI_INTEGRATION_TEST_REGISTRY_DH_PASSWORD") -) +var DockerHubCredentials = &wtTypes.RegistryCredentials{ + Username: os.Getenv("CI_INTEGRATION_TEST_REGISTRY_DH_USERNAME"), + Password: os.Getenv("CI_INTEGRATION_TEST_REGISTRY_DH_PASSWORD"), +} +var GHCRCredentials = &wtTypes.RegistryCredentials{ + Username: os.Getenv("CI_INTEGRATION_TEST_REGISTRY_GH_USERNAME"), + Password: os.Getenv("CI_INTEGRATION_TEST_REGISTRY_GH_PASSWORD"), +} + +func SkipIfCredentialsEmpty(credentials *wtTypes.RegistryCredentials, fn func()) func() { + if credentials.Username == "" { + return func() { + Skip("Username missing. Skipping integration test") + } + } else if credentials.Password == "" { + return func() { + Skip("Password missing. Skipping integration test") + } + } else { + return fn + } +} var _ = Describe("Digests", func() { - When("fetching a bearer token", func() { - It("should parse the token from the response", func() { - token, err := GetToken(image, DH_USERNAME, DH_PASSWORD) - Expect(err).NotTo(HaveOccurred()) - Expect(token).NotTo(Equal("")) - }) - }) - When("a digest comparison is done", func() { - It("should return true if digests match", func() { - matches, err := CompareDigest(image, DH_USERNAME, DH_PASSWORD) - Expect(err).NotTo(HaveOccurred()) - Expect(matches).To(Equal(true)) - }) - It("should return false if digests differ", func() { + When("fetching a bearer token", func() { + It("should parse the token from the response", + SkipIfCredentialsEmpty(GHCRCredentials, func() { + ctx := context.Background() + logger.AddDebugLogger(ctx) + token, err := auth.GetToken(ctx, ghImage, GHCRCredentials) + Expect(err).NotTo(HaveOccurred()) + Expect(token).NotTo(Equal("")) + }), + ) }) - It("should return an error if the registry isn't available", func() { + When("a digest comparison is done", func() { + It("should return true if digests match", + SkipIfCredentialsEmpty(GHCRCredentials, func() { + ctx := context.Background() + logger.AddDebugLogger(ctx) + matches, err := CompareDigest(ctx, ghImage, GHCRCredentials) + Expect(err).NotTo(HaveOccurred()) + Expect(matches).To(Equal(true)) + }), + ) - }) - }) - When("using different registries", func() { - It("should work with DockerHub", func() { + It("should return false if digests differ", func() { - }) - It("should work with GitHub Container Registry", func() { + }) + It("should return an error if the registry isn't available", func() { + }) + }) + When("using different registries", func() { + It("should work with DockerHub", func() { + + }) + It("should work with GitHub Container Registry", + SkipIfCredentialsEmpty(GHCRCredentials, func() { + fmt.Println(GHCRCredentials != nil) // to avoid crying linters + }), + ) }) - }) }) diff --git a/pkg/registry/helpers/helpers.go b/pkg/registry/helpers/helpers.go new file mode 100644 index 0000000..bf1591a --- /dev/null +++ b/pkg/registry/helpers/helpers.go @@ -0,0 +1,38 @@ +package helpers + +import ( + "fmt" + url2 "net/url" +) + +// ConvertToHostname strips a url from everything but the hostname part +func ConvertToHostname(url string) (string, string, error) { + urlWithSchema := fmt.Sprintf("x://%s", url) + u, err := url2.Parse(urlWithSchema) + if err != nil { + return "", "", err + } + fmt.Println(url, err) + hostName := u.Hostname() + port := u.Port() + + + return hostName, port, err +} + +// NormalizeRegistry makes sure variations of DockerHubs registry +func NormalizeRegistry(registry string) (string, error) { + hostName, port, err := ConvertToHostname(registry) + if err != nil { + return "", err + } + + if hostName == "registry-1.docker.io" || hostName == "docker.io" { + hostName = "index.docker.io" + } + + if port != "" { + return fmt.Sprintf("%s:%s", hostName, port), nil + } + return hostName, nil +} diff --git a/pkg/registry/helpers/helpers_test.go b/pkg/registry/helpers/helpers_test.go new file mode 100644 index 0000000..5267ea6 --- /dev/null +++ b/pkg/registry/helpers/helpers_test.go @@ -0,0 +1,33 @@ +package helpers + +import ( + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" + log "github.com/sirupsen/logrus" + "testing" +) + +func TestDigest(t *testing.T) { + log.SetLevel(log.DebugLevel) + RegisterFailHandler(Fail) + RunSpecs(t, "Digest Suite") +} + +var _ = Describe("the helpers", func() { + + When("converting an url to a hostname", func() { + It("should return docker.io given docker.io/containrrr/watchtower:latest", func() { + host, port, err := ConvertToHostname("docker.io/containrrr/watchtower:latest") + Expect(err).NotTo(HaveOccurred()) + Expect(host).To(Equal("docker.io")) + Expect(port).To(BeEmpty()) + }) + }) + When("normalizing the registry information", func() { + It("should return index.docker.io given docker.io", func() { + out, err := NormalizeRegistry("docker.io/containrrr/watchtower:latest") + Expect(err).NotTo(HaveOccurred()) + Expect(out).To(Equal("index.docker.io")) + }) + }) +}) \ No newline at end of file diff --git a/pkg/registry/manifest/manifest.go b/pkg/registry/manifest/manifest.go new file mode 100644 index 0000000..0df0982 --- /dev/null +++ b/pkg/registry/manifest/manifest.go @@ -0,0 +1,37 @@ +package manifest + +import ( + "fmt" + ref "github.com/containers/image/v5/docker/reference" + "github.com/containrrr/watchtower/pkg/registry/helpers" + apiTypes "github.com/docker/docker/api/types" + url2 "net/url" + "strings" +) + +// BuildManifestURL from raw image data +func BuildManifestURL(image apiTypes.ImageInspect) (string, error) { + parts := strings.Split(image.RepoTags[0], ":") + img := parts[0] + tag := parts[1] + + hostName, err := ref.ParseNormalizedNamed(img) + fmt.Println(hostName) + if err != nil { + return "", err + } + + + host, err := helpers.NormalizeRegistry(hostName.Name()) + if err != nil { + return "", err + } + img = strings.TrimPrefix(img, host) + url := url2.URL{ + Scheme: "https", + Host: host, + Path: fmt.Sprintf("/v2/%s/manifests/%s", img, tag), + } + return url.String(), nil +} + diff --git a/pkg/types/registry_credentials.go b/pkg/types/registry_credentials.go new file mode 100644 index 0000000..443c835 --- /dev/null +++ b/pkg/types/registry_credentials.go @@ -0,0 +1,6 @@ +package types + +type RegistryCredentials struct { + Username string + Password string // usually a token rather than an actual password +} diff --git a/pkg/types/token_response.go b/pkg/types/token_response.go new file mode 100644 index 0000000..81bc436 --- /dev/null +++ b/pkg/types/token_response.go @@ -0,0 +1,5 @@ +package types + +type TokenResponse struct { + Token string `json:"token"` +} \ No newline at end of file