1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
// Copyright 2022 Google LLC All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package github
import (
"os"
"testing"
"github.com/google/go-containerregistry/pkg/authn"
)
// TestKeychain checks that the keychain resolves when $GITHUB_TOKEN is set and
// the request is for GHCR.
func TestKeychain(t *testing.T) {
username, tok := "octocat", "my-token"
os.Setenv("GITHUB_ACTOR", username)
os.Setenv("GITHUB_TOKEN", tok)
got, err := Keychain.Resolve(resource("ghcr.io/my/repo"))
if err != nil {
t.Fatalf("Resolve: %v", err)
}
if got == authn.Anonymous {
t.Fatalf("Got anonymous, wanted authenticator")
}
auth, err := got.Authorization()
if err != nil {
t.Fatalf("Authorization: %v", err)
}
if auth.Username != username {
t.Errorf("Got username %q, want %q", auth.Username, username)
}
if auth.Password != tok {
t.Errorf("Got password %q, want %q", auth.Password, tok)
}
}
// TestKeychainUsernameUnset checks that the keychain resolves an "unset"
// username when $GITHUB_ACTOR is not set.
func TestKeychainUsernameUnset(t *testing.T) {
tok := "my-token"
os.Unsetenv("GITHUB_ACTOR")
os.Setenv("GITHUB_TOKEN", tok)
got, err := Keychain.Resolve(resource("ghcr.io/my/repo"))
if err != nil {
t.Fatalf("Resolve: %v", err)
}
if got == authn.Anonymous {
t.Fatalf("Got anonymous, wanted authenticator")
}
auth, err := got.Authorization()
if err != nil {
t.Fatalf("Authorization: %v", err)
}
if auth.Username != "unset" {
t.Errorf("Got username %q, want unset", auth.Username)
}
if auth.Password != tok {
t.Errorf("Got password %q, want %q", auth.Password, tok)
}
}
// TestKeychainUnset checks that the keychain doesn't resolve when the
// environment variable is unset.
func TestKeychainUnset(t *testing.T) {
os.Unsetenv("GITHUB_TOKEN")
got, err := Keychain.Resolve(resource("ghcr.io/my/repo"))
if err != nil {
t.Fatalf("Resolve: %v", err)
}
if got != authn.Anonymous {
t.Errorf("Resolve(ghcr.io) got %v, want Anonymous", got)
}
}
// TestNoMatch checks that the keychain doesn't resolve for non-GHCR registries.
func TestNoMatch(t *testing.T) {
os.Setenv("GITHUB_TOKEN", "my-token")
for _, s := range []string{
"gcr.io",
"example.com",
"ghcr.io.example.com",
"invalid-domain-name -- %U)(@*)(%*)@(*#%@",
} {
got, err := Keychain.Resolve(resource(s))
if err != nil {
t.Fatalf("Resolve: %v", err)
}
if got != authn.Anonymous {
t.Errorf("Resolve(%q) got %v, want Anonymous", s, got)
}
}
}
type resource string
func (r resource) String() string { return string(r) }
func (r resource) RegistryStr() string { return string(r) }
|
