fix some tests, split up and refactor

some wonky regression introduced by docker dependencies when running on darwin. see https://github.com/ory/dockertest/issues/212 for more info. will have a look at this next
2025-12-27 12:18:48 +01:00 · 2020-11-15 23:27:32 +01:00 · 2020-11-15 23:27:32 +01:00 · 6b9fd8d7ef
commit 6b9fd8d7ef
parent 83aa420996
12 changed files with 389 additions and 225 deletions
--- a/pkg/registry/digest/digest.go
+++ b/pkg/registry/digest/digest.go
@ -1,40 +1,38 @@
 package digest

 import (
-	"encoding/json"
+	"context"
 	"errors"
 	"fmt"
-	ref "github.com/containers/image/v5/docker/reference"
+	"github.com/containrrr/watchtower/pkg/logger"
+	"github.com/containrrr/watchtower/pkg/registry/auth"
+	"github.com/containrrr/watchtower/pkg/registry/manifest"
+	"github.com/containrrr/watchtower/pkg/types"
 	apiTypes "github.com/docker/docker/api/types"
-	log "github.com/sirupsen/logrus"
-
-	"io/ioutil"
 	"net/http"
-	url2 "net/url"
 	"strings"
 )

 const (
 	ManifestListV2ContentType = "application/vnd.docker.distribution.manifest.list.v2+json"
-	ChallengeHeader           = "WWW-Authenticate"
 	ContentDigestHeader       = "Docker-Content-Digest"
 )

 // CompareDigest ...
-func CompareDigest(image apiTypes.ImageInspect, credentials *RegistryCredentials) (bool, error) {
+func CompareDigest(ctx context.Context, image apiTypes.ImageInspect, credentials *types.RegistryCredentials) (bool, error) {
 	var digest string
-
-	token, err := GetToken(image, credentials)
+	log := logger.GetLogger(ctx).WithField("fun", "CompareDigest")
+	token, err := auth.GetToken(ctx, image, credentials)
 	if err != nil {
 		return false, err
 	}

-	digestURL, err := BuildManifestURL(image)
+	digestURL, err := manifest.BuildManifestURL(image)
 	if err != nil {
 		return false, err
 	}

-	if digest, err = GetDigest(digestURL, token); err != nil {
+	if digest, err = GetDigest(ctx, digestURL, token); err != nil {
 		return false, err
 	}

@ -49,15 +47,16 @@ func CompareDigest(image apiTypes.ImageInspect, credentials *RegistryCredentials
 		localDigest := strings.Split(dig, "@")[1]
 		log.WithField("Local Digest", localDigest).Debug("Comparing with local digest")
 		if localDigest == digest {
-			return true,nil
+			return true, nil
 		}
 	}

 	return false, nil
 }

-func GetDigest(url string, token string) (string, error) {
+func GetDigest(ctx context.Context, url string, token string) (string, error) {
 	client := &http.Client{}
+	log := logger.GetLogger(ctx).WithField("fun", "GetDigest")
 	if token != "" {
 		log.WithField("token", token).Debug("Setting request bearer token")
 	} else {
@ -65,10 +64,10 @@ func GetDigest(url string, token string) (string, error) {
 	}

 	req, _ := http.NewRequest("HEAD", url, nil)
-	req.Header.Add("Authorization", "Bearer " + token)
-	req.Header.Add("Accept", ManifestListV2ContentType)
-	log.WithField("url", url)
+	req.Header.Add("Authorization", "Bearer "+token)
+	req.Header.Add("Accept", "*")

+	log.WithField("url", url).Debug("Doing a HEAD request to fetch a digest")
 	res, err := client.Do(req)
 	if err != nil {
 		return "", err
@ -81,148 +80,3 @@ func GetDigest(url string, token string) (string, error) {
 	return res.Header.Get(ContentDigestHeader), nil
 }

-func GetToken(image apiTypes.ImageInspect, credentials *RegistryCredentials) (string, error){
-	img := strings.Split(image.RepoTags[0], ":")[0]
-	url := GetChallengeURL(img)
-
-	res, err := DoChallengeRequest(url)
-	if err != nil {
-		return "", err
-	}
-
-	v := res.Header.Get(ChallengeHeader)
-	challenge := strings.ToLower(v)
-	if strings.HasPrefix(challenge, "basic") {
-		return "", errors.New("basic auth not implemented yet")
-	}
-	if strings.HasPrefix(challenge, "bearer") {
-		return GetBearerToken(challenge, img, err, credentials)
-	}
-
-	return "", errors.New("unsupported challenge type from registry")
-}
-
-func DoChallengeRequest(url url2.URL) (*http.Response, error) {
-	req, _ := http.NewRequest("GET", url.String(), nil)
-	req.Header.Set("Accept", "*/*")
-	req.Header.Set("User-Agent", "Watchtower (Docker)")
-	client := http.Client{}
-	return client.Do(req)
-}
-
-func GetBearerToken(challenge string, img string, err error, credentials *RegistryCredentials) (string, error) {
-	client := http.Client{}
-	authURL := GetAuthURL(challenge, img)
-
-	var r *http.Request
-	if r, err = http.NewRequest("GET", authURL.String(), nil); err != nil {
-		return "", err
-	}
-
-	if credentials.Username != "" && credentials.Password != "" {
-		r.SetBasicAuth(credentials.Username, credentials.Password)
-	}
-
-	var authResponse *http.Response
-	if authResponse, err = client.Do(r); err != nil {
-		return "", err
-	}
-
-	body, _ := ioutil.ReadAll(authResponse.Body)
-	tokenResponse := &TokenResponse{}
-
-	err = json.Unmarshal(body, tokenResponse)
-	if err != nil {
-		return "", err
-	}
-
-	return tokenResponse.Token, nil
-}
-
-func GetAuthURL(challenge string, img string) *url2.URL {
-	raw := strings.TrimPrefix(challenge, "bearer")
-	pairs := strings.Split(raw, ",")
-	values := make(map[string]string, 0)
-	for _, pair := range pairs {
-		trimmed := strings.Trim(pair, " ")
-		kv := strings.Split(trimmed, "=")
-		key := kv[0]
-		val := strings.Trim(kv[1], "\"")
-		values[key] = val
-	}
-
-	authURL, _ := url2.Parse(fmt.Sprintf("%s", values["realm"]))
-	q := authURL.Query()
-	q.Add("service", values["service"])
-	scopeImage := strings.TrimPrefix(img, values["service"])
-	scope := fmt.Sprintf("repository:%s:pull", scopeImage)
-	q.Add("scope", scope)
-
-	authURL.RawQuery = q.Encode()
-	return authURL
-}
-
-func GetChallengeURL(img string) url2.URL {
-	normalizedNamed, _ := ref.ParseNormalizedNamed(img)
-
-	url := url2.URL{
-		Scheme: "https",
-		Host:   normalizeRegistry(normalizedNamed.Name()),
-		Path:   "/v2/",
-	}
-	return url
-}
-
-type TokenResponse struct {
-	Token string `json:"token"`
-}
-
-type RegistryCredentials struct {
-	Username string
-	Password string // usually a token rather than an actual password
-}
-
-func BuildManifestURL(image apiTypes.ImageInspect) (string, error) {
-	parts := strings.Split(image.RepoTags[0], ":")
-	img := parts[0]
-	tag := parts[1]
-
-	hostName, err := ref.ParseNormalizedNamed(img)
-	if err != nil {
-		return "", err
-	}
-
-	host := normalizeRegistry(hostName.Name())
-	img = strings.TrimPrefix(img, host)
-	url := url2.URL{
-		Scheme: "https",
-		Host: host,
-		Path: fmt.Sprintf("/v2/%s/manifests/%s", img, tag),
-	}
-	return url.String(), nil
-}
-
-
-// Copied from github.com/docker/docker/registry/auth.go
-func convertToHostname(url string) string {
-	stripped := url
-	if strings.HasPrefix(url, "http://") {
-		stripped = strings.TrimPrefix(url, "http://")
-	} else if strings.HasPrefix(url, "https://") {
-		stripped = strings.TrimPrefix(url, "https://")
-	}
-
-	nameParts := strings.SplitN(stripped, "/", 2)
-
-	return nameParts[0]
-}
-
-// Copied from https://github.com/containers/image/pkg/docker/config/config.go
-func normalizeRegistry(registry string) string {
-	normalized := convertToHostname(registry)
-	switch normalized {
-	case "registry-1.docker.io", "docker.io":
-		return "index.docker.io"
-	}
-	return normalized
-}