From fac161a9c36de1344ca6c5d0a77a62db258f8273 Mon Sep 17 00:00:00 2001 From: Christopher Hlubek Date: Tue, 14 Jul 2020 20:28:55 +0200 Subject: [PATCH] Bugfix: Do not use nil credentials in watcher addJob --- trigger/poll/watcher.go | 4 ++-- trigger/poll/watcher_test.go | 46 ++++++++++++++++++++++++++++++++++-- 2 files changed, 46 insertions(+), 4 deletions(-) diff --git a/trigger/poll/watcher.go b/trigger/poll/watcher.go index 9f8e55ac..fe1517d9 100644 --- a/trigger/poll/watcher.go +++ b/trigger/poll/watcher.go @@ -242,8 +242,8 @@ func (w *RepositoryWatcher) addJob(ti *types.TrackedImage, schedule string) erro log.WithFields(log.Fields{ "error": err, "image": ti.Image.String(), - "username": creds.Username, - "password": strings.Repeat("*", len(creds.Password)), + "username": registryOpts.Username, + "password": strings.Repeat("*", len(registryOpts.Password)), }).Error("trigger.poll.RepositoryWatcher.addJob: failed to get image digest") return err } diff --git a/trigger/poll/watcher_test.go b/trigger/poll/watcher_test.go index 0825027f..8f55121a 100644 --- a/trigger/poll/watcher_test.go +++ b/trigger/poll/watcher_test.go @@ -2,6 +2,7 @@ package poll import ( "context" + "errors" "os" "testing" @@ -33,6 +34,8 @@ type fakeRegistryClient struct { digestToReturn string + digestErrToReturn error + tagsToReturn []string } @@ -46,7 +49,7 @@ func (c *fakeRegistryClient) Get(opts registry.Opts) (*registry.Repository, erro func (c *fakeRegistryClient) Digest(opts registry.Opts) (digest string, err error) { c.opts = opts - return c.digestToReturn, nil + return c.digestToReturn, c.digestErrToReturn } // ======== fake provider for testing ======= @@ -356,11 +359,14 @@ type fakeCredentialsHelper struct { // credentials to return creds *types.Credentials + + // error to return + error error } func (fch *fakeCredentialsHelper) GetCredentials(image *types.TrackedImage) (*types.Credentials, error) { fch.getImageRequest = image - return fch.creds, nil + return fch.creds, fch.error } func (fch *fakeCredentialsHelper) IsEnabled() bool { return true } @@ -414,6 +420,42 @@ func TestWatchTagJobCheckCredentials(t *testing.T) { } } +func TestWatchWithAuthenticationError(t *testing.T) { + + fakeHelper := &fakeCredentialsHelper{ + creds: nil, + error: errors.New("no credentials found"), + } + + credentialshelper.RegisterCredentialsHelper("fake", fakeHelper) + defer credentialshelper.UnregisterCredentialsHelper("fake") + + fp := &fakeProvider{} + store, teardown := newTestingUtils() + defer teardown() + am := approvals.New(&approvals.Opts{ + Store: store, + }) + + providers := provider.New([]provider.Provider{fp}, am) + + frc := &fakeRegistryClient{ + digestErrToReturn: errors.New("authentication failed"), + } + + watcher := NewRepositoryWatcher(providers, frc) + + tracked := []*types.TrackedImage{ + mustParse("private.registry.com/v2-namespace/hello-world:1.1.1", "@every 10m"), + } + + err := watcher.Watch(tracked...) + + if err == nil { + t.Fatalf("expected error with faild authentication, but got nil") + } +} + func TestWatchTagJobLatestECR(t *testing.T) { if os.Getenv("AWS_ACCESS_KEY_ID") == "" { t.Skip()