def test_get_docker_credentials(self, mock_requests_get, mock_requests_post, mock_get_registry_by_name, mock_get_raw_token):
cmd = mock.MagicMock()
cmd.cli_ctx = TestCli()
registry = Registry(location='westus', sku=Sku(name='Standard'))
registry.login_server = 'testregistry.azurecr.io'
mock_get_registry_by_name.return_value = registry, None
# Set up challenge response
challenge_response = mock.MagicMock()
challenge_response.headers = {
'WWW-Authenticate': 'Bearer realm="https://testregistry.azurecr.io/oauth2/token",service="testregistry.azurecr.io"'
}
challenge_response.status_code = 401
mock_requests_get.return_value = challenge_response
# Set up refresh/access token response
refresh_token_response = mock.MagicMock()
refresh_token_response.headers = {}
refresh_token_response.status_code = 200
refresh_token_response.content = json.dumps({
'refresh_token': 'testrefreshtoken',
'access_token': 'testaccesstoken'}).encode()
mock_requests_post.return_value = refresh_token_response
# Set up AAD token with only access token
mock_get_raw_token.return_value = ('Bearer', 'aadaccesstoken', {}), 'testsubscription', 'testtenant'
get_login_credentials(cmd.cli_ctx, 'testregistry')
mock_requests_get.assert_called_with('https://testregistry.azurecr.io/v2/', verify=mock.ANY)
mock_requests_post.assert_called_with(
'https://testregistry.azurecr.io/oauth2/exchange',
urlencode({
'grant_type': 'access_token',
'service': 'testregistry.azurecr.io',
'tenant': 'testtenant',
'access_token': 'aadaccesstoken'
}),
headers={'Content-Type': 'application/x-www-form-urlencoded'},
verify=mock.ANY)
get_access_credentials(cmd.cli_ctx, 'testregistry', repository='testrepository', permission='*')
mock_requests_post.assert_called_with(
'https://testregistry.azurecr.io/oauth2/token',
urlencode({
'grant_type': 'refresh_token',
'service': 'testregistry.azurecr.io',
'scope': 'repository:testrepository:*',
'refresh_token': 'testrefreshtoken'
}),
headers={'Content-Type': 'application/x-www-form-urlencoded'},
verify=mock.ANY)
def _core_token_scenarios(self, mock_get_raw_token, mock_requests_get,
mock_requests_post, mock_get_registry_by_name,
registry_exists, registry_name, login_server,
tenant_suffix):
cmd = self._setup_cmd()
if registry_exists:
registry = Registry(location='westus', sku=Sku(name='Standard'))
registry.login_server = login_server
mock_get_registry_by_name.return_value = registry, None
else:
# Mock the registry could not be found
mock_get_registry_by_name.side_effect = ResourceNotFound(
'The resource could not be found.')
self._setup_mock_token_requests(mock_get_raw_token, mock_requests_get,
mock_requests_post, login_server)
# Test get refresh token
get_login_credentials(cmd, registry_name, tenant_suffix=tenant_suffix)
self._validate_refresh_token_request(mock_requests_get,
mock_requests_post, login_server)
# Test get access token for container image repository
get_access_credentials(
cmd,
registry_name,
tenant_suffix=tenant_suffix,
repository=TEST_REPOSITORY,
permission=RepoAccessTokenPermission.METADATA_READ.value)
self._validate_access_token_request(
mock_requests_get, mock_requests_post, login_server,
'repository:{}:{}'.format(
TEST_REPOSITORY,
RepoAccessTokenPermission.METADATA_READ.value))
# Test get access token for artifact image repository
get_access_credentials(cmd,
registry_name,
tenant_suffix=tenant_suffix,
artifact_repository=TEST_REPOSITORY,
permission=HelmAccessTokenPermission.PULL.value)
self._validate_access_token_request(
mock_requests_get, mock_requests_post, login_server,
'artifact-repository:{}:{}'.format(
TEST_REPOSITORY, HelmAccessTokenPermission.PULL.value))
def _core_token_scenarios(self, mock_get_raw_token, mock_requests_get, mock_requests_post, mock_get_registry_by_name, registry_exists, registry_name, login_server, tenant_suffix):
cmd = self._setup_cmd()
if registry_exists:
registry = Registry(location='westus', sku=Sku(name='Standard'))
registry.login_server = login_server
mock_get_registry_by_name.return_value = registry, None
else:
# Mock the registry could not be found
mock_get_registry_by_name.side_effect = ResourceNotFound('The resource could not be found.')
self._setup_mock_token_requests(mock_get_raw_token, mock_requests_get, mock_requests_post, login_server)
# Test get refresh token
get_login_credentials(cmd, registry_name, tenant_suffix=tenant_suffix)
self._validate_refresh_token_request(mock_requests_get, mock_requests_post, login_server)
# Test get access token for container image repository
get_access_credentials(cmd, registry_name, tenant_suffix=tenant_suffix, repository=TEST_REPOSITORY, permission='pull')
self._validate_access_token_request(mock_requests_get, mock_requests_post, login_server, 'repository:{}:pull'.format(TEST_REPOSITORY))
# Test get access token for artifact image repository
get_access_credentials(cmd, registry_name, tenant_suffix=tenant_suffix, artifact_repository=TEST_REPOSITORY, permission='pull')
self._validate_access_token_request(mock_requests_get, mock_requests_post, login_server, 'artifact-repository:{}:pull'.format(TEST_REPOSITORY))
