osxkeychain/osxkeychain_darwin_test.go - external/github.com/docker/docker-credential-helpers - Git at Google

 package osxkeychain

 import (
 	"fmt"
 	"testing"

 	"github.com/docker/docker-credential-helpers/credentials"
 )

 func TestOSXKeychainHelper(t *testing.T) {
 	creds := &credentials.Credentials{
 		ServerURL: "https://foobar.docker.io:2376/v1",
 		Username:  "foobar",
 		Secret:    "foobarbaz",
 	}
 	creds1 := &credentials.Credentials{
 		ServerURL: "https://foobar.docker.io:2376/v2",
 		Username:  "foobarbaz",
 		Secret:    "foobar",
 	}
 	helper := Osxkeychain{}
 	if err := helper.Add(creds); err != nil {
 		t.Fatal(err)
 	}

 	username, secret, err := helper.Get(creds.ServerURL)
 	if err != nil {
 		t.Fatal(err)
 	}

 	if username != "foobar" {
 		t.Fatalf("expected %s, got %s\n", "foobar", username)
 	}

 	if secret != "foobarbaz" {
 		t.Fatalf("expected %s, got %s\n", "foobarbaz", secret)
 	}

 	auths, err := helper.List()
 	if err != nil || len(auths) == 0 {
 		t.Fatal(err)
 	}

 	helper.Add(creds1)
 	defer helper.Delete(creds1.ServerURL)
 	newauths, err := helper.List()
 	if len(newauths)-len(auths) != 1 {
 		if err == nil {
 			t.Fatalf("Error: len(newauths): %d, len(auths): %d", len(newauths), len(auths))
 		}
 		t.Fatalf("Error: len(newauths): %d, len(auths): %d\n Error= %v", len(newauths), len(auths), err)
 	}

 	if err := helper.Delete(creds.ServerURL); err != nil {
 		t.Fatal(err)
 	}
 }

 // TestOSXKeychainHelperRetrieveAliases verifies that secrets can be accessed
 // through variations on the URL
 func TestOSXKeychainHelperRetrieveAliases(t *testing.T) {
 	tests := []struct {
 		storeURL string
 		readURL  string
 	}{
 		// stored with port, retrieved without
 		{"https://foobar.docker.io:2376", "https://foobar.docker.io"},

 		// stored as https, retrieved without scheme
 		{"https://foobar.docker.io:2376", "foobar.docker.io"},

 		// stored with path, retrieved without
 		{"https://foobar.docker.io:1234/one/two", "https://foobar.docker.io:1234"},
 	}

 	helper := Osxkeychain{}
 	defer func() {
 		for _, te := range tests {
 			helper.Delete(te.storeURL)
 		}
 	}()

 	// Clean store before testing.
 	for _, te := range tests {
 		helper.Delete(te.storeURL)
 	}

 	for _, te := range tests {
 		c := &credentials.Credentials{ServerURL: te.storeURL, Username: "hello", Secret: "world"}
 		if err := helper.Add(c); err != nil {
 			t.Errorf("Error: failed to store secret for URL %q: %s", te.storeURL, err)
 			continue
 		}
 		if _, _, err := helper.Get(te.readURL); err != nil {
 			t.Errorf("Error: failed to read secret for URL %q using %q", te.storeURL, te.readURL)
 		}
 		helper.Delete(te.storeURL)
 	}
 }

 // TestOSXKeychainHelperRetrieveStrict verifies that only matching secrets are
 // returned.
 func TestOSXKeychainHelperRetrieveStrict(t *testing.T) {
 	tests := []struct {
 		storeURL string
 		readURL  string
 	}{
 		// stored as https, retrieved using http
 		{"https://foobar.docker.io:2376", "http://foobar.docker.io:2376"},

 		// stored as http, retrieved using https
 		{"http://foobar.docker.io:2376", "https://foobar.docker.io:2376"},

 		// same: stored as http, retrieved without a scheme specified (hence, using the default https://)
 		{"http://foobar.docker.io", "foobar.docker.io:5678"},

 		// non-matching ports
 		{"https://foobar.docker.io:1234", "https://foobar.docker.io:5678"},

 		// non-matching ports TODO is this desired behavior? The other way round does work
 		//{"https://foobar.docker.io", "https://foobar.docker.io:5678"},

 		// non-matching paths
 		{"https://foobar.docker.io:1234/one/two", "https://foobar.docker.io:1234/five/six"},
 	}

 	helper := Osxkeychain{}
 	defer func() {
 		for _, te := range tests {
 			helper.Delete(te.storeURL)
 		}
 	}()

 	// Clean store before testing.
 	for _, te := range tests {
 		helper.Delete(te.storeURL)
 	}

 	for _, te := range tests {
 		c := &credentials.Credentials{ServerURL: te.storeURL, Username: "hello", Secret: "world"}
 		if err := helper.Add(c); err != nil {
 			t.Errorf("Error: failed to store secret for URL %q: %s", te.storeURL, err)
 			continue
 		}
 		if _, _, err := helper.Get(te.readURL); err == nil {
 			t.Errorf("Error: managed to read secret for URL %q using %q, but should not be able to", te.storeURL, te.readURL)
 		}
 		helper.Delete(te.storeURL)
 	}
 }

 // TestOSXKeychainHelperStoreRetrieve verifies that secrets stored in the
 // the keychain can be read back using the URL that was used to store them.
 func TestOSXKeychainHelperStoreRetrieve(t *testing.T) {
 	tests := []struct {
 		url string
 	}{
 		{url: "foobar.docker.io"},
 		{url: "foobar.docker.io:2376"},
 		{url: "//foobar.docker.io:2376"},
 		{url: "https://foobar.docker.io:2376"},
 		{url: "http://foobar.docker.io:2376"},
 		{url: "https://foobar.docker.io:2376/some/path"},
 		{url: "https://foobar.docker.io:2376/some/other/path"},
 		{url: "https://foobar.docker.io:2376/some/other/path?foo=bar"},
 	}

 	helper := Osxkeychain{}
 	defer func() {
 		for _, te := range tests {
 			helper.Delete(te.url)
 		}
 	}()

 	// Clean store before testing.
 	for _, te := range tests {
 		helper.Delete(te.url)
 	}

 	// Note that we don't delete between individual tests here, to verify that
 	// subsequent stores/overwrites don't affect storing / retrieving secrets.
 	for i, te := range tests {
 		c := &credentials.Credentials{
 			ServerURL: te.url,
 			Username:  fmt.Sprintf("user-%d", i),
 			Secret:    fmt.Sprintf("secret-%d", i),
 		}

 		if err := helper.Add(c); err != nil {
 			t.Errorf("Error: failed to store secret for URL: %s: %s", te.url, err)
 			continue
 		}
 		user, secret, err := helper.Get(te.url)
 		if err != nil {
 			t.Errorf("Error: failed to read secret for URL %q: %s", te.url, err)
 			continue
 		}
 		if user != c.Username {
 			t.Errorf("Error: expected username %s, got username %s for URL: %s", c.Username, user, te.url)
 		}
 		if secret != c.Secret {
 			t.Errorf("Error: expected secret %s, got secret %s for URL: %s", c.Secret, secret, te.url)
 		}
 	}
 }

 func TestMissingCredentials(t *testing.T) {
 	helper := Osxkeychain{}
 	_, _, err := helper.Get("https://adsfasdf.wrewerwer.com/asdfsdddd")
 	if !credentials.IsErrCredentialsNotFound(err) {
 		t.Fatalf("expected ErrCredentialsNotFound, got %v", err)
 	}
 }
	package osxkeychain

	import (
	"fmt"
	"testing"

	"github.com/docker/docker-credential-helpers/credentials"
	)

	func TestOSXKeychainHelper(t *testing.T) {
	creds := &credentials.Credentials{
	ServerURL: "https://foobar.docker.io:2376/v1",
	Username: "foobar",
	Secret: "foobarbaz",
	}
	creds1 := &credentials.Credentials{
	ServerURL: "https://foobar.docker.io:2376/v2",
	Username: "foobarbaz",
	Secret: "foobar",
	}
	helper := Osxkeychain{}
	if err := helper.Add(creds); err != nil {
	t.Fatal(err)
	}

	username, secret, err := helper.Get(creds.ServerURL)
	if err != nil {
	t.Fatal(err)
	}

	if username != "foobar" {
	t.Fatalf("expected %s, got %s\n", "foobar", username)
	}

	if secret != "foobarbaz" {
	t.Fatalf("expected %s, got %s\n", "foobarbaz", secret)
	}

	auths, err := helper.List()
	if err != nil \|\| len(auths) == 0 {
	t.Fatal(err)
	}

	helper.Add(creds1)
	defer helper.Delete(creds1.ServerURL)
	newauths, err := helper.List()
	if len(newauths)-len(auths) != 1 {
	if err == nil {
	t.Fatalf("Error: len(newauths): %d, len(auths): %d", len(newauths), len(auths))
	}
	t.Fatalf("Error: len(newauths): %d, len(auths): %d\n Error= %v", len(newauths), len(auths), err)
	}

	if err := helper.Delete(creds.ServerURL); err != nil {
	t.Fatal(err)
	}
	}

	// TestOSXKeychainHelperRetrieveAliases verifies that secrets can be accessed
	// through variations on the URL
	func TestOSXKeychainHelperRetrieveAliases(t *testing.T) {
	tests := []struct {
	storeURL string
	readURL string
	}{
	// stored with port, retrieved without
	{"https://foobar.docker.io:2376", "https://foobar.docker.io"},

	// stored as https, retrieved without scheme
	{"https://foobar.docker.io:2376", "foobar.docker.io"},

	// stored with path, retrieved without
	{"https://foobar.docker.io:1234/one/two", "https://foobar.docker.io:1234"},
	}

	helper := Osxkeychain{}
	defer func() {
	for _, te := range tests {
	helper.Delete(te.storeURL)
	}
	}()

	// Clean store before testing.
	for _, te := range tests {
	helper.Delete(te.storeURL)
	}

	for _, te := range tests {
	c := &credentials.Credentials{ServerURL: te.storeURL, Username: "hello", Secret: "world"}
	if err := helper.Add(c); err != nil {
	t.Errorf("Error: failed to store secret for URL %q: %s", te.storeURL, err)
	continue
	}
	if _, _, err := helper.Get(te.readURL); err != nil {
	t.Errorf("Error: failed to read secret for URL %q using %q", te.storeURL, te.readURL)
	}
	helper.Delete(te.storeURL)
	}
	}

	// TestOSXKeychainHelperRetrieveStrict verifies that only matching secrets are
	// returned.
	func TestOSXKeychainHelperRetrieveStrict(t *testing.T) {
	tests := []struct {
	storeURL string
	readURL string
	}{
	// stored as https, retrieved using http
	{"https://foobar.docker.io:2376", "http://foobar.docker.io:2376"},

	// stored as http, retrieved using https
	{"http://foobar.docker.io:2376", "https://foobar.docker.io:2376"},

	// same: stored as http, retrieved without a scheme specified (hence, using the default https://)
	{"http://foobar.docker.io", "foobar.docker.io:5678"},

	// non-matching ports
	{"https://foobar.docker.io:1234", "https://foobar.docker.io:5678"},

	// non-matching ports TODO is this desired behavior? The other way round does work
	//{"https://foobar.docker.io", "https://foobar.docker.io:5678"},

	// non-matching paths
	{"https://foobar.docker.io:1234/one/two", "https://foobar.docker.io:1234/five/six"},
	}

	helper := Osxkeychain{}
	defer func() {
	for _, te := range tests {
	helper.Delete(te.storeURL)
	}
	}()

	// Clean store before testing.
	for _, te := range tests {
	helper.Delete(te.storeURL)
	}

	for _, te := range tests {
	c := &credentials.Credentials{ServerURL: te.storeURL, Username: "hello", Secret: "world"}
	if err := helper.Add(c); err != nil {
	t.Errorf("Error: failed to store secret for URL %q: %s", te.storeURL, err)
	continue
	}
	if _, _, err := helper.Get(te.readURL); err == nil {
	t.Errorf("Error: managed to read secret for URL %q using %q, but should not be able to", te.storeURL, te.readURL)
	}
	helper.Delete(te.storeURL)
	}
	}

	// TestOSXKeychainHelperStoreRetrieve verifies that secrets stored in the
	// the keychain can be read back using the URL that was used to store them.
	func TestOSXKeychainHelperStoreRetrieve(t *testing.T) {
	tests := []struct {
	url string
	}{
	{url: "foobar.docker.io"},
	{url: "foobar.docker.io:2376"},
	{url: "//foobar.docker.io:2376"},
	{url: "https://foobar.docker.io:2376"},
	{url: "http://foobar.docker.io:2376"},
	{url: "https://foobar.docker.io:2376/some/path"},
	{url: "https://foobar.docker.io:2376/some/other/path"},
	{url: "https://foobar.docker.io:2376/some/other/path?foo=bar"},
	}

	helper := Osxkeychain{}
	defer func() {
	for _, te := range tests {
	helper.Delete(te.url)
	}
	}()

	// Clean store before testing.
	for _, te := range tests {
	helper.Delete(te.url)
	}

	// Note that we don't delete between individual tests here, to verify that
	// subsequent stores/overwrites don't affect storing / retrieving secrets.
	for i, te := range tests {
	c := &credentials.Credentials{
	ServerURL: te.url,
	Username: fmt.Sprintf("user-%d", i),
	Secret: fmt.Sprintf("secret-%d", i),
	}

	if err := helper.Add(c); err != nil {
	t.Errorf("Error: failed to store secret for URL: %s: %s", te.url, err)
	continue
	}
	user, secret, err := helper.Get(te.url)
	if err != nil {
	t.Errorf("Error: failed to read secret for URL %q: %s", te.url, err)
	continue
	}
	if user != c.Username {
	t.Errorf("Error: expected username %s, got username %s for URL: %s", c.Username, user, te.url)
	}
	if secret != c.Secret {
	t.Errorf("Error: expected secret %s, got secret %s for URL: %s", c.Secret, secret, te.url)
	}
	}
	}

	func TestMissingCredentials(t *testing.T) {
	helper := Osxkeychain{}
	_, _, err := helper.Get("https://adsfasdf.wrewerwer.com/asdfsdddd")
	if !credentials.IsErrCredentialsNotFound(err) {
	t.Fatalf("expected ErrCredentialsNotFound, got %v", err)
	}
	}