GetAll -> Get to retrieve credentials from credential helpers#840
GetAll -> Get to retrieve credentials from credential helpers#840vdemeester merged 2 commits intodocker:masterfrom
Conversation
Codecov Report
@@ Coverage Diff @@
## master #840 +/- ##
==========================================
+ Coverage 52.93% 53.02% +0.08%
==========================================
Files 245 244 -1
Lines 15848 15829 -19
==========================================
+ Hits 8389 8393 +4
+ Misses 6905 6884 -21
+ Partials 554 552 -2 |
dnephin
left a comment
dnephin
left a comment
There was a problem hiding this comment.
Thanks! In general it probably makes sense to only query for the specific credentials.
I have a couple questions about this change.
cli/config/configfile/file.go
Outdated
| stripped = strings.TrimPrefix(serverAddress, "http://") | ||
| } else if strings.HasPrefix(serverAddress, "https://") { | ||
| stripped = strings.TrimPrefix(serverAddress, "https://") | ||
| } |
There was a problem hiding this comment.
This should probably use registry.ConvertToHostname(), although I'm not sure this is the correct place to do the convert.
How is this related to the rest of the change?
cli/config/configfile/file.go
Outdated
|
|
||
| // Auth configs from a registry-specific helper should override those from the default store. | ||
| for registryHostname := range configFile.CredentialHelpers { | ||
| serverAddress := "https://" + registryHostname |
There was a problem hiding this comment.
Why is this necessary? From what I can tell other callers of GetAuthConfig() seem to be calling it with a url that doesn't have a scheme.
There was a problem hiding this comment.
Keys in configFile.CredentialHelpers field are schemeless, whereas keys in configFile.AuthConfigs (and which back the default file store) contain the scheme. I see that the file store is now stripping the scheme from the auths entries with registry.ConvertToHostname() in file_store, so I'll remove this code here.
|
Done... |
cli/config/configfile/file_test.go
Outdated
| configFile.AuthConfigs["https://"+testFileStoreServerAddress] = expectedFileStoreAuth | ||
|
|
||
| newNativeStore = func(configFile *ConfigFile, helperSuffix string) credentials.Store { | ||
| return NewMockNativeStore(map[string]types.AuthConfig{testCredHelperServerAddress: expectedCredHelperAuth}) |
There was a problem hiding this comment.
I think this probably contain some extra key/values so that the test shows that not everything is being returned.
| } | ||
|
|
||
| func (c *mockNativeStore) GetAll() (map[string]types.AuthConfig, error) { | ||
| c.GetAllCallCount = c.GetAllCallCount + 1 |
There was a problem hiding this comment.
It looks like this field isn't being checked in the tests. I assume you want to check it is 0.
| assert.Equal(t, expected, authConfigs) | ||
| } | ||
|
|
||
| func TestGetAllCredentialsCredStoreAndCredHelper(t *testing.T) { |
There was a problem hiding this comment.
I think this one test might cover all the behaviour, but I guess it doesn't hurt to have the other ones. They should be pretty fast.
cli/config/configfile/file_test.go
Outdated
| GetAllCallCount int | ||
| EraseCalls []string | ||
| GetCalls []string | ||
| StoreCalls []string |
There was a problem hiding this comment.
These Calls fields are also unused. They can be removed.
|
@thaJeztah do you know who is familiar with the credential helpers and could help review this? |
|
Done. |
|
ping @n4ss PTAL |
| assert.Equal(t, 0, testCredHelper.(*mockNativeStore).GetAllCallCount) | ||
| } | ||
|
|
||
| func TestGetAllCredentialsCredStoreAndCredHelper(t *testing.T) { |
There was a problem hiding this comment.
Is this testing anything that isn't already covered by TestGetAllCredentialsCredHelperOverridesDefaultStore ?
There was a problem hiding this comment.
It tests that values from both are returned, if they don't conflict, rather than just one of the other. TestGetAllCredentialsCredHelperOverridesDefaultStore tests for the conflicting case.
cli/config/configfile/file_test.go
Outdated
| Password: "cred_helper_pass", | ||
| } | ||
|
|
||
| testCredHelper := NewMockNativeStore(map[string]types.AuthConfig{testServerAddress: expectedCredHelperAuth}) |
There was a problem hiding this comment.
I think my previous comment wasn't clear. This map[string]types.AuthConfig should contain more than a single item. It should have extra items that you don't expect to get returned. Otherwise the implementation could return everything (the behaviour you're trying to fix) and the test would still pass.
cli/config/configfile/file.go
Outdated
| addAll(newAuths) | ||
|
|
||
| // Auth configs from a registry-specific helper should override those from the default store. | ||
| for serverAddress := range configFile.CredentialHelpers { |
There was a problem hiding this comment.
nit: serverAdress is a bit too vague as a var name. Can we keep registry or registryAddr (same in the tests)?
dnephin
left a comment
dnephin
left a comment
There was a problem hiding this comment.
A test table, or extracting some of the common parts into setup functions might help reduce the duplication in the tests, but I think it will do as-is.
| testCredHelper := NewMockNativeStore(map[string]types.AuthConfig{testServerAddress: expectedCredHelperAuth}) | ||
| testCredsStore := NewMockNativeStore(map[string]types.AuthConfig{testServerAddress: unexpectedCredStoreAuth}) | ||
|
|
||
| newNativeStore = func(configFile *ConfigFile, helperSuffix string) credentials.Store { |
There was a problem hiding this comment.
I guess there should be a defer to restore this to the original value when the test exits.
|
Gentle ping :) |
|
ping @n4ss could you have another look To reviewers: don't merge yet, as this may need some squashing once review is complete 🤗 |
|
@thaJeztah already reviewed & LGTM'd in a comment that got nested, sorry #840 (comment) |
…lpers. Signed-off-by: Jake Sanders <jsand@google.com>
|
squished |
|
Bump <3 |
Signed-off-by: Jake Sanders <jsand@google.com>
|
Added a fix for a small style nit, should let Jenkins and Codecov execute properly again as well. |
|
ping :) |
GetAll -> Get to retrieve credentials from credential helpers Upstream-commit: 69432c4 Component: cli
7 participants
- What I did
Improved
docker buildtimes.- How I did it
Only request credentials for the configured registry from the corresponding credential helper, rather than doing a GetAll for each one.
- How to verify it
Build some toy image with several credential helpers configured...
- Description for the changelog
docker buildnow runs faster when registry-specific credential helper(s) are configured.