From 869c633b3c477879d8d92d04acfd66f895ae0302 Mon Sep 17 00:00:00 2001
From: Kosh <koshatul@users.noreply.github.com>
Date: Fri, 1 Nov 2019 13:32:52 +1000
Subject: [PATCH] added default credential store support and unit test

---
 Makefile                                      |  2 +-
 pkg/docker/config/config.go                   |  6 ++
 pkg/docker/config/config_test.go              | 67 +++++++++++++++++++
 .../testdata/docker-credential-imagetest      | 16 +++++
 pkg/docker/config/testdata/helper.json        |  6 ++
 5 files changed, 96 insertions(+), 1 deletion(-)
 create mode 100755 pkg/docker/config/testdata/docker-credential-imagetest
 create mode 100644 pkg/docker/config/testdata/helper.json

diff --git a/Makefile b/Makefile
index 234adbc77a..f81a27038d 100644
--- a/Makefile
+++ b/Makefile
@@ -63,7 +63,7 @@ clean:
 	rm -rf tools.timestamp $(MANPAGES)
 
 test:
-	@$(GPGME_ENV) GO111MODULE="on" go test $(BUILDFLAGS) -cover ./...
+	@PATH="$(PATH):$(shell pwd)/pkg/docker/config/testdata" $(GPGME_ENV) GO111MODULE="on" go test $(BUILDFLAGS) -cover ./...
 
 # This is not run as part of (make all), but Travis CI does run this.
 # Demonstrating a working version of skopeo (possibly with modified SKOPEO_REPO/SKOPEO_BRANCH, e.g.
diff --git a/pkg/docker/config/config.go b/pkg/docker/config/config.go
index b7dddd0d69..55494a1567 100644
--- a/pkg/docker/config/config.go
+++ b/pkg/docker/config/config.go
@@ -24,6 +24,7 @@ type dockerAuthConfig struct {
 type dockerConfigFile struct {
 	AuthConfigs map[string]dockerAuthConfig `json:"auths"`
 	CredHelpers map[string]string           `json:"credHelpers,omitempty"`
+	CredStore   string                      `json:"credsStore,omitempty"`
 }
 
 type authPath struct {
@@ -305,6 +306,11 @@ func findAuthentication(registry, path string, legacyFormat bool) (string, strin
 		return getAuthFromCredHelper(ch, registry)
 	}
 
+	// Second try default credential store
+	if cs := auths.CredStore; cs != "" {
+		return getAuthFromCredHelper(cs, registry)
+	}
+
 	// I'm feeling lucky
 	if val, exists := auths.AuthConfigs[registry]; exists {
 		return decodeDockerAuth(val.Auth)
diff --git a/pkg/docker/config/config_test.go b/pkg/docker/config/config_test.go
index aebe1cb766..4e279a73a1 100644
--- a/pkg/docker/config/config_test.go
+++ b/pkg/docker/config/config_test.go
@@ -225,6 +225,73 @@ func TestGetAuth(t *testing.T) {
 	}
 }
 
+func TestGetHelperAuth(t *testing.T) {
+	origXDG := os.Getenv("XDG_RUNTIME_DIR")
+	tmpDir1, err := ioutil.TempDir("", "test_docker_client_get_auth")
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Logf("using temporary XDG_RUNTIME_DIR directory: %q", tmpDir1)
+	// override XDG_RUNTIME_DIR
+	os.Setenv("XDG_RUNTIME_DIR", tmpDir1)
+	defer func() {
+		err := os.RemoveAll(tmpDir1)
+		if err != nil {
+			t.Logf("failed to cleanup temporary home directory %q: %v", tmpDir1, err)
+		}
+		os.Setenv("XDG_RUNTIME_DIR", origXDG)
+	}()
+
+	origHomeDir := homedir.Get()
+	tmpDir2, err := ioutil.TempDir("", "test_docker_client_get_auth")
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Logf("using temporary home directory: %q", tmpDir2)
+	//override homedir
+	os.Setenv(homedir.Key(), tmpDir2)
+	defer func() {
+		err := os.RemoveAll(tmpDir2)
+		if err != nil {
+			t.Logf("failed to cleanup temporary home directory %q: %v", tmpDir2, err)
+		}
+		os.Setenv(homedir.Key(), origHomeDir)
+	}()
+
+	configDir1 := filepath.Join(tmpDir1, "containers")
+	if err := os.MkdirAll(configDir1, 0700); err != nil {
+		t.Fatal(err)
+	}
+	configDir2 := filepath.Join(tmpDir2, ".docker")
+	if err := os.MkdirAll(configDir2, 0700); err != nil {
+		t.Fatal(err)
+	}
+	configPath := filepath.Join(configDir2, "config.json")
+
+	if err := os.RemoveAll(configPath); err != nil {
+		t.Fatal(err)
+	}
+
+	helperPath := filepath.Join("testdata", "helper.json")
+
+	helperContents, err := ioutil.ReadFile(helperPath)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	t.Run("test auth helper", func(t *testing.T) {
+		if err := ioutil.WriteFile(configPath, helperContents, 0640); err != nil {
+			t.Fatal(err)
+		}
+		var sys *types.SystemContext
+		username, password, err := GetAuthentication(sys, "foobar.example.org")
+		assert.Equal(t, nil, err)
+		assert.Equal(t, "foo", username)
+		assert.Equal(t, "bar", password)
+	})
+
+}
+
 func TestGetAuthFromLegacyFile(t *testing.T) {
 	origHomeDir := homedir.Get()
 	tmpDir, err := ioutil.TempDir("", "test_docker_client_get_auth")
diff --git a/pkg/docker/config/testdata/docker-credential-imagetest b/pkg/docker/config/testdata/docker-credential-imagetest
new file mode 100755
index 0000000000..b54f1971c1
--- /dev/null
+++ b/pkg/docker/config/testdata/docker-credential-imagetest
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+ACTION="${1}"
+shift
+
+case "${ACTION}" in
+get)
+    read DOCKER_REGISTRY
+    echo "{\"ServerURL\":\"${DOCKER_REGISTRY}\",\"Username\":\"foo\",\"Secret\":\"bar\"}"
+    exit 0
+    ;;
+*)
+    echo "not implemented"
+    exit 1
+    ;;
+esac
diff --git a/pkg/docker/config/testdata/helper.json b/pkg/docker/config/testdata/helper.json
new file mode 100644
index 0000000000..29f34c8301
--- /dev/null
+++ b/pkg/docker/config/testdata/helper.json
@@ -0,0 +1,6 @@
+{
+    "auths": {
+        "foobar.example.org": {}
+    },
+    "credsStore": "imagetest"
+}
\ No newline at end of file