-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GetAll -> Get to retrieve credentials from credential helpers #840
Conversation
Codecov Report
@@ Coverage Diff @@
## master #840 +/- ##
==========================================
+ Coverage 52.93% 53.02% +0.08%
==========================================
Files 245 244 -1
Lines 15848 15829 -19
==========================================
+ Hits 8389 8393 +4
+ Misses 6905 6884 -21
+ Partials 554 552 -2 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! In general it probably makes sense to only query for the specific credentials.
I have a couple questions about this change.
cli/config/configfile/file.go
Outdated
stripped = strings.TrimPrefix(serverAddress, "http://") | ||
} else if strings.HasPrefix(serverAddress, "https://") { | ||
stripped = strings.TrimPrefix(serverAddress, "https://") | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should probably use registry.ConvertToHostname()
, although I'm not sure this is the correct place to do the convert.
How is this related to the rest of the change?
cli/config/configfile/file.go
Outdated
|
||
// Auth configs from a registry-specific helper should override those from the default store. | ||
for registryHostname := range configFile.CredentialHelpers { | ||
serverAddress := "https://" + registryHostname |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is this necessary? From what I can tell other callers of GetAuthConfig()
seem to be calling it with a url that doesn't have a scheme.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Keys in configFile.CredentialHelpers field are schemeless, whereas keys in configFile.AuthConfigs (and which back the default file store) contain the scheme. I see that the file store is now stripping the scheme from the auths
entries with registry.ConvertToHostname() in file_store, so I'll remove this code here.
Done... |
cli/config/configfile/file_test.go
Outdated
configFile.AuthConfigs["https://"+testFileStoreServerAddress] = expectedFileStoreAuth | ||
|
||
newNativeStore = func(configFile *ConfigFile, helperSuffix string) credentials.Store { | ||
return NewMockNativeStore(map[string]types.AuthConfig{testCredHelperServerAddress: expectedCredHelperAuth}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this probably contain some extra key/values so that the test shows that not everything is being returned.
cli/config/configfile/file_test.go
Outdated
} | ||
|
||
func (c *mockNativeStore) GetAll() (map[string]types.AuthConfig, error) { | ||
c.GetAllCallCount = c.GetAllCallCount + 1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks like this field isn't being checked in the tests. I assume you want to check it is 0.
cli/config/configfile/file_test.go
Outdated
assert.Equal(t, expected, authConfigs) | ||
} | ||
|
||
func TestGetAllCredentialsCredStoreAndCredHelper(t *testing.T) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this one test might cover all the behaviour, but I guess it doesn't hurt to have the other ones. They should be pretty fast.
cli/config/configfile/file_test.go
Outdated
GetAllCallCount int | ||
EraseCalls []string | ||
GetCalls []string | ||
StoreCalls []string |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These Calls
fields are also unused. They can be removed.
@thaJeztah do you know who is familiar with the credential helpers and could help review this? |
Done. |
ping @n4ss PTAL |
assert.Equal(t, 0, testCredHelper.(*mockNativeStore).GetAllCallCount) | ||
} | ||
|
||
func TestGetAllCredentialsCredStoreAndCredHelper(t *testing.T) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this testing anything that isn't already covered by TestGetAllCredentialsCredHelperOverridesDefaultStore
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It tests that values from both are returned, if they don't conflict, rather than just one of the other. TestGetAllCredentialsCredHelperOverridesDefaultStore
tests for the conflicting case.
cli/config/configfile/file_test.go
Outdated
Password: "cred_helper_pass", | ||
} | ||
|
||
testCredHelper := NewMockNativeStore(map[string]types.AuthConfig{testServerAddress: expectedCredHelperAuth}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think my previous comment wasn't clear. This map[string]types.AuthConfig
should contain more than a single item. It should have extra items that you don't expect to get returned. Otherwise the implementation could return everything (the behaviour you're trying to fix) and the test would still pass.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, roger.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
cli/config/configfile/file.go
Outdated
defaultStore := configFile.GetCredentialsStore("") | ||
newAuths, err := defaultStore.GetAll() | ||
if err != nil { | ||
return nil, err | ||
} | ||
addAll(newAuths) | ||
|
||
// Auth configs from a registry-specific helper should override those from the default store. | ||
for serverAddress := range configFile.CredentialHelpers { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: serverAdress
is a bit too vague as a var name. Can we keep registry
or registryAddr
(same in the tests)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM besides this
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
registryHostname? Done.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A test table, or extracting some of the common parts into setup functions might help reduce the duplication in the tests, but I think it will do as-is.
cli/config/configfile/file_test.go
Outdated
testCredHelper := NewMockNativeStore(map[string]types.AuthConfig{testServerAddress: expectedCredHelperAuth}) | ||
testCredsStore := NewMockNativeStore(map[string]types.AuthConfig{testServerAddress: unexpectedCredStoreAuth}) | ||
|
||
newNativeStore = func(configFile *ConfigFile, helperSuffix string) credentials.Store { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess there should be a defer
to restore this to the original value when the test exits.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Gentle ping :) |
ping @n4ss could you have another look To reviewers: don't merge yet, as this may need some squashing once review is complete 🤗 |
@thaJeztah already reviewed & LGTM'd in a comment that got nested, sorry #840 (comment) |
…lpers. Signed-off-by: Jake Sanders <jsand@google.com>
squished |
Bump <3 |
Signed-off-by: Jake Sanders <jsand@google.com>
Added a fix for a small style nit, should let Jenkins and Codecov execute properly again as well. |
ping :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 🐯
- What I did
Improved
docker build
times.- How I did it
Only request credentials for the configured registry from the corresponding credential helper, rather than doing a GetAll for each one.
- How to verify it
Build some toy image with several credential helpers configured...
- Description for the changelog
docker build
now runs faster when registry-specific credential helper(s) are configured.