Path: blob/main/components/image-builder-mk3/pkg/auth/auth_test.go
2500 views
// Copyright (c) 2023 Gitpod GmbH. All rights reserved.1// Licensed under the GNU Affero General Public License (AGPL).2// See License.AGPL.txt in the project root for license information.34package auth56import (7"encoding/base64"8"testing"910"github.com/google/go-cmp/cmp"11)1213func TestIsECRRegistry(t *testing.T) {14tests := []struct {15Registry string16Expectation bool17}{18{Registry: "422899872803.dkr.ecr.eu-central-1.amazonaws.com/private-repo-demo:latest", Expectation: true},19{Registry: "422899872803.dkr.ecr.eu-central-1.amazonaws.com", Expectation: true},20{Registry: "index.docker.io/foo:bar", Expectation: false},21}2223for _, test := range tests {24t.Run(test.Registry, func(t *testing.T) {25act := isECRRegistry(test.Registry)2627if diff := cmp.Diff(test.Expectation, act); diff != "" {28t.Errorf("isECRRegistry() mismatch (-want +got):\n%s", diff)29}30})31}32}3334func TestAdditionalAuth(t *testing.T) {35tests := []struct {36name string37domain string38additionalMap map[string]string39expectedAuth *Authentication40}{41{42name: "standard host:token",43domain: "myregistry.com",44additionalMap: map[string]string{45"myregistry.com": base64.StdEncoding.EncodeToString([]byte("myregistry.com:mytoken")),46},47expectedAuth: &Authentication{48Username: "myregistry.com",49Password: "mytoken",50Auth: base64.StdEncoding.EncodeToString([]byte("myregistry.com:mytoken")),51},52},53{54name: "buggy host:port:token",55domain: "myregistry.com:5000",56additionalMap: map[string]string{57"myregistry.com:5000": base64.StdEncoding.EncodeToString([]byte("myregistry.com:5000:mytoken")),58},59expectedAuth: &Authentication{60Username: "myregistry.com:5000",61Password: "mytoken",62Auth: base64.StdEncoding.EncodeToString([]byte("myregistry.com:5000:mytoken")),63},64},65{66name: "only username, no password/token (single segment)",67domain: "useronly.com",68additionalMap: map[string]string{69"useronly.com": base64.StdEncoding.EncodeToString([]byte("justauser")),70},71expectedAuth: &Authentication{72Auth: base64.StdEncoding.EncodeToString([]byte("justauser")),73},74},75{76name: "empty auth string",77domain: "emptyauth.com",78additionalMap: map[string]string{79"emptyauth.com": base64.StdEncoding.EncodeToString([]byte("")),80},81expectedAuth: &Authentication{82Auth: base64.StdEncoding.EncodeToString([]byte("")),83},84},85{86name: "domain not in map",87domain: "notfound.com",88additionalMap: map[string]string{"someother.com": base64.StdEncoding.EncodeToString([]byte("someauth"))},89expectedAuth: nil,90},91{92name: "invalid base64 string",93domain: "invalidbase64.com",94additionalMap: map[string]string{95"invalidbase64.com": "!!!INVALID_BASE64!!!",96},97expectedAuth: &Authentication{98Auth: "!!!INVALID_BASE64!!!",99},100},101{102name: "standard host:token where username in cred is different from domain key",103domain: "docker.io",104additionalMap: map[string]string{105"docker.io": base64.StdEncoding.EncodeToString([]byte("user1:pass1")),106},107expectedAuth: &Authentication{108Username: "user1",109Password: "pass1",110Auth: base64.StdEncoding.EncodeToString([]byte("user1:pass1")),111},112},113}114115for _, tt := range tests {116t.Run(tt.name, func(t *testing.T) {117aaf := AllowedAuthFor{118Additional: tt.additionalMap,119}120actualAuth := aaf.additionalAuth(tt.domain)121122if diff := cmp.Diff(tt.expectedAuth, actualAuth); diff != "" {123t.Errorf("additionalAuth() mismatch (-want +got):\n%s", diff)124}125})126}127}128129130