def testAuthorizeOnlyStaleEntry(self):
initial_entry = {
constants.DEFAULT_REGISTRY: {
'email': _EMAIL,
'auth':
base64.b64encode(b'another-user:another-token').decode()
}
}
docker.WriteDockerAuthConfig(initial_entry)
self.Run('docker --authorize-only')
self.AssertErrContains(constants.DEFAULT_REGISTRY)
# Check that we Refresh explicitly regardless of Load refreshing
self.assertTrue(self.refreshed)
# Make sure that the stale, schemeless entry has been removed and that
# we are left with the default https-prefixed entries.
self.CheckDockerConfig(
dict(('https://' + registry, {
'email':
_EMAIL,
'auth':
base64.b64encode((_ACCESS_TOKEN_USERNAME + ':' +
_TOKEN).encode()).decode()
}) for registry in constants.DEFAULT_REGISTRIES_TO_AUTHENTICATE))
def testAuthorizeOnlyAllowRegionalRegistries(self):
initial_entry = {
'https://' + constants.DEFAULT_REGISTRY: {
'email':
_EMAIL,
'auth':
base64.b64encode(
(_ACCESS_TOKEN_USERNAME + ':' + _TOKEN).encode()).decode()
}
}
docker.WriteDockerAuthConfig(initial_entry)
registry = constants.REGIONAL_GCR_REGISTRIES[0]
self.Run('docker --server {registry} '
'--authorize-only'.format(registry=registry))
self.AssertErrContains(registry)
# Check that we Refresh explicitly regardless of Load refreshing
self.assertTrue(self.refreshed)
self.CheckDockerConfig(
dict(
list(initial_entry.items()) + list({
'https://' + registry: {
'email':
_EMAIL,
'auth':
base64.b64encode((_ACCESS_TOKEN_USERNAME + ':' +
_TOKEN).encode()).decode()
}
}.items())))
def testAuthorizeOnlyDefaultRegistryWithScheme(self):
self.TouchNewDockerConfig()
initial_entry = {
'https://' + constants.DEFAULT_REGISTRY: {
'email': _EMAIL,
'auth':
base64.b64encode(b'another-user:another-token').decode()
}
}
docker.WriteDockerAuthConfig(initial_entry)
registry = 'test://' + constants.DEFAULT_REGISTRY
self.Run('docker --server {registry} '
'--authorize-only'.format(registry=registry))
self.AssertErrContains('non-default')
self.AssertErrContains(registry)
# Check that we Refresh explicitly regardless of Load refreshing
self.assertTrue(self.refreshed)
self.CheckDockerConfig(
dict(
list(initial_entry.items()) + list({
registry: {
'email':
_EMAIL,
'auth':
base64.b64encode((_ACCESS_TOKEN_USERNAME + ':' +
_TOKEN).encode()).decode()
}
}.items())))
def testAuthorizeOnly(self):
docker.WriteDockerAuthConfig({})
self.Run('docker --authorize-only')
self.AssertErrContains(constants.DEFAULT_REGISTRY)
# Check that we Refresh explicitly regardless of Load refreshing
self.assertTrue(self.refreshed)
self.CheckDockerConfig(
dict(('https://' + registry, {
'email':
_EMAIL,
'auth':
base64.b64encode((_ACCESS_TOKEN_USERNAME + ':' +
_TOKEN).encode()).decode()
}) for registry in constants.DEFAULT_REGISTRIES_TO_AUTHENTICATE))
def testAuthorizeOnlyAllowDefaultRegistry(self):
# {"auths":{}}
docker.WriteDockerAuthConfig({})
registry = constants.DEFAULT_REGISTRY
self.Run('docker --server {registry} '
'--authorize-only'.format(registry=registry))
self.AssertErrContains(registry)
# Check that we Refresh explicitly regardless of Load refreshing
self.assertTrue(self.refreshed)
self.CheckDockerConfig({
'https://' + registry: {
'email':
'*****@*****.**',
'auth':
base64.b64encode(
(_ACCESS_TOKEN_USERNAME + ':' + _TOKEN).encode()).decode()
}
})
def testAuthorizeOnlyCustomServerWithScheme(self):
self.TouchNewDockerConfig()
initial_entry = {
'https://' + constants.DEFAULT_REGISTRY: {
'email': _EMAIL,
'auth':
base64.b64encode(b'another-user:another-token').decode()
}
}
docker.WriteDockerAuthConfig(initial_entry)
registry = 'https://foo.bar.google.com'
self.get_process_mock.side_effect = self.AssertRegistryLogin(
registry=registry)
self.Run('docker --server {registry} '
'--authorize-only'.format(registry=registry))
self.AssertErrContains('non-default')
self.AssertErrContains(registry)
# Check that we Refresh explicitly regardless of Load refreshing
self.assertTrue(self.refreshed)
def testRoundtrip(self):
docker.WriteDockerAuthConfig({})
self.CheckDockerConfigAuths({})