Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

use designated domains in tests (RFC2606) #274

Draft
wants to merge 3 commits into
base: master
Choose a base branch
from

Conversation

thaJeztah
Copy link
Member

@thaJeztah thaJeztah commented May 27, 2023

Update domains used in tests to used domains that are designated for this
purpose as described in RFC2606, section 3

@codecov-commenter
Copy link

codecov-commenter commented May 27, 2023

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 50.72%. Comparing base (6b9df3e) to head (b737c5a).

Additional details and impacted files
@@            Coverage Diff             @@
##           master     #274      +/-   ##
==========================================
- Coverage   55.28%   50.72%   -4.57%     
==========================================
  Files           9        8       -1     
  Lines         624      483     -141     
==========================================
- Hits          345      245     -100     
+ Misses        234      201      -33     
+ Partials       45       37       -8     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@thaJeztah
Copy link
Member Author

oh! found some more; hold on a minute

hm.. also interested why CI fails; need to check

@crazy-max
Copy link
Member

oh! found some more; hold on a minute

hm.. also interested why CI fails; need to check

Hum yes it seems path query is not taken into account anymore https://github.com/docker/docker-credential-helpers/actions/runs/5098464489/jobs/9165620051?pr=274#step:7:66

=== RUN   TestWinCredHelperStoreRetrieve
    wincred_windows_test.go:230: Error: expected username user-7, got username user-6 for URL: https://foobar.example.com:2376/some/other/path?foo=bar
    wincred_windows_test.go:233: Error: expected secret secret-7, got secret secret-6 for URL: https://foobar.example.com:2376/some/other/path?foo=bar

@crazy-max
Copy link
Member

crazy-max commented May 27, 2023

It should exact match properly though

return serverURL.String() == target.String()

@thaJeztah
Copy link
Member Author

Yeah; want to give it a look indeed.

Also change these tests into subtests probably

@thaJeztah thaJeztah force-pushed the use_designated_domains branch from d65e2ae to 1337780 Compare May 27, 2023 11:29
@thaJeztah
Copy link
Member Author

(only addressed the "found some more" - not looked at the failures yet)

@thaJeztah thaJeztah marked this pull request as draft May 27, 2023 15:23
@thaJeztah thaJeztah force-pushed the use_designated_domains branch from 1337780 to 614056f Compare May 27, 2023 15:23
@thaJeztah
Copy link
Member Author

thaJeztah commented May 27, 2023

I rebased this PR on top of the other PR that adds subtests;

=== RUN   TestWinCredHelperStoreRetrieve/https://foobar.example.com:2376/some/other/path?foo=bar
    wincred_windows_test.go:274: Error: expected username user-7, got username user-6 for URL: https://foobar.example.com:2376/some/other/path?foo=bar
    wincred_windows_test.go:277: Error: expected secret secret-7, got secret secret-6 for URL: https://foobar.example.com:2376/some/other/path?foo=bar

The test that's failing uses the same domain and path as the test before it, but differs in query parameters

{url: "https://foobar.docker.io:2376/some/other/path"},
{url: "https://foobar.docker.io:2376/some/other/path?foo=bar"},

And the test is using a test-table, which adds the credentials as part of the table for each test, but does not delete the credentials after testing;

for i, te := range tests {
c := &credentials.Credentials{
ServerURL: te.url,
Username: fmt.Sprintf("user-%d", i),
Secret: fmt.Sprintf("secret-%d", i),
}
if err := helper.Add(c); err != nil {
t.Errorf("Error: failed to store secret for URL: %s: %s", te.url, err)
continue
}
user, secret, err := helper.Get(te.url)
if err != nil {
t.Errorf("Error: failed to read secret for URL %q: %s", te.url, err)
continue
}
if user != c.Username {
t.Errorf("Error: expected username %s, got username %s for URL: %s", c.Username, user, te.url)
}
if secret != c.Secret {
t.Errorf("Error: expected secret %s, got secret %s for URL: %s", c.Secret, secret, te.url)
}
}

I wonder if the issue is if

  • wincred.Add() possibly update secrets if it already found an existing one for the given host / URL?
  • and if it considers https://foobar.docker.io:2376/some/other/path to be the same as https://foobar.docker.io:2376/some/other/path?foo=bar
  • ^^ and because of that, doesn't update the credentials

The .Add() is designed to effectively be an "Upsert" (create if not exists, otherwise update). For the macOS keychain helper, I noticed that there's an explicit Delete() at the start;

// Add adds new credentials to the keychain.
func (h Osxkeychain) Add(creds *credentials.Credentials) error {
_ = h.Delete(creds.ServerURL) // ignore errors as existing credential may not exist.

The wincred.Add() inmplementation does not have that;

// Add adds new credentials to the windows credentials manager.
func (h Wincred) Add(creds *credentials.Credentials) error {
credsLabels := []byte(credentials.CredsLabel)
g := winc.NewGenericCredential(creds.ServerURL)
g.UserName = creds.Username
g.CredentialBlob = []byte(creds.Secret)
g.Persist = winc.PersistLocalMachine
g.Attributes = []winc.CredentialAttribute{{Keyword: "label", Value: credsLabels}}
return g.Write()
}

Some of the other tests call a Delete() as part of the test, e.g. TestWinCredHelperRetrieveAliases;

So, I suspect what happens is that;

  • the https://foobar.docker.io:2376/some/other/path test runs (succesfully), which adds credentials for that URL
  • the https://foobar.docker.io:2376/some/other/path?foo=bar test runs; does an Add(), but the credentials store already has an entry for https://foobar.docker.io:2376/some/other/path, and doesn't actually update?
  • question is: why does it fail NOW ? All I changed in this PR is the domain (https://foobar.docker.io:2376 -> https://foobar.example.com:2376), which should not matter for this test.

Comment on lines 235 to 236
// {url: "https://foobar.example.com:2376/some/other/path"},
{url: "https://foobar.example.com:2376/some/other/path?foo=bar"},
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, so skipping one of the tests makes CI pass, so it's indeed due to state left behind from the previous test in the test-table, and it looks like that's a bug somewhere (see my comment)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you try with foo.com instead of example.com?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can try when I'm back at my keyboard.

You're thinking it may be because docker.io sorts before example.com or something?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@thaJeztah thaJeztah force-pushed the use_designated_domains branch 2 times, most recently from 5b501f2 to 7239abf Compare May 28, 2023 16:04
@thaJeztah thaJeztah force-pushed the use_designated_domains branch from 7239abf to 50fdece Compare June 26, 2023 11:58
@thaJeztah thaJeztah force-pushed the use_designated_domains branch from 50fdece to c02f1be Compare June 27, 2023 11:49
thaJeztah added 3 commits May 13, 2024 12:10
Update domains used in tests to used domains that are designated for this
purpose as described in [RFC2606, section 3][1]

[1]: https://www.rfc-editor.org/rfc/rfc2606.html#section-3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This reverts commit c02f1be.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah thaJeztah force-pushed the use_designated_domains branch from 834fe12 to b737c5a Compare May 13, 2024 10:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants