auth support for tls endpoint

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2025-04-19 00:56:46 +00:00 · 2022-09-22 02:48:11 +02:00 · 2022-09-22 02:48:11 +02:00 · 1c2ad20e10
commit 1c2ad20e10
parent f5bc16b105
8 changed files with 239 additions and 16 deletions
--- a/tests/auth.test.ts
+++ b/tests/auth.test.ts
@ -0,0 +1,88 @@
+import {describe, expect, jest, test, beforeEach} from '@jest/globals';
+import * as fs from 'fs';
+import * as os from 'os';
+import * as path from 'path';
+import * as auth from '../src/auth';
+
+const tmpdir = fs.mkdtempSync(path.join(os.tmpdir(), 'docker-setup-buildx-jest')).split(path.sep).join(path.posix.sep);
+const dockerConfigHome = path.join(tmpdir, '.docker');
+const credsdir = path.join(dockerConfigHome, 'buildx', 'creds');
+
+describe('setCredentials', () => {
+  beforeEach(() => {
+    process.env = Object.keys(process.env).reduce((object, key) => {
+      if (!key.startsWith(auth.envPrefix)) {
+        object[key] = process.env[key];
+      }
+      return object;
+    }, {});
+  });
+
+  // prettier-ignore
+  test.each([
+    [
+      'mycontext',
+      'docker-container',
+      {},
+      [],
+      []
+    ],
+    [
+      'docker-container://mycontainer',
+      'docker-container',
+      {},
+      [],
+      []
+    ],
+    [
+      'tcp://graviton2:1234',
+      'remote',
+      {},
+      [],
+      []
+    ],
+    [
+      'tcp://graviton2:1234',
+      'remote',
+      {
+        'BUILDER_NODE_0_AUTH_TLS_CACERT': 'foo',
+        'BUILDER_NODE_0_AUTH_TLS_CERT': 'foo',
+        'BUILDER_NODE_0_AUTH_TLS_KEY': 'foo'
+      },
+      [
+        path.join(credsdir, 'cacert_graviton2-1234.pem'),
+        path.join(credsdir, 'cert_graviton2-1234.pem'),
+        path.join(credsdir, 'key_graviton2-1234.pem')
+      ],
+      [
+        `cacert=${path.join(credsdir, 'cacert_graviton2-1234.pem')}`,
+        `cert=${path.join(credsdir, 'cert_graviton2-1234.pem')}`,
+        `key=${path.join(credsdir, 'key_graviton2-1234.pem')}`
+      ]
+    ],
+    [
+      'tcp://graviton2:1234',
+      'docker-container',
+      {
+        'BUILDER_NODE_0_AUTH_TLS_CACERT': 'foo',
+        'BUILDER_NODE_0_AUTH_TLS_CERT': 'foo',
+        'BUILDER_NODE_0_AUTH_TLS_KEY': 'foo'
+      },
+      [
+        path.join(credsdir, 'cacert_graviton2-1234.pem'),
+        path.join(credsdir, 'cert_graviton2-1234.pem'),
+        path.join(credsdir, 'key_graviton2-1234.pem')
+      ],
+      []
+    ],
+  ])('given %p endpoint', async (endpoint: string, driver: string, envs: Record<string, string>, expectedFiles: Array<string>, expectedOpts: Array<string>) => {
+    fs.mkdirSync(credsdir, {recursive: true});
+    for (const [key, value] of Object.entries(envs)) {
+      process.env[key] = value;
+    }
+    expect(auth.setCredentials(credsdir, 0, driver, endpoint)).toEqual(expectedOpts);
+    expectedFiles.forEach( (file) => {
+      expect(fs.existsSync(file)).toBe(true);
+    });
+  });
+});
--- a/tests/buildx.test.ts
+++ b/tests/buildx.test.ts
@ -7,18 +7,14 @@ import * as context from '../src/context';
 import * as semver from 'semver';
 import * as exec from '@actions/exec';

-const tmpNameSync = path.join('/tmp/.docker-setup-buildx-jest', '.tmpname-jest').split(path.sep).join(path.posix.sep);
-
+const tmpdir = fs.mkdtempSync(path.join(os.tmpdir(), 'docker-setup-buildx-')).split(path.sep).join(path.posix.sep);
 jest.spyOn(context, 'tmpDir').mockImplementation((): string => {
-  const tmpDir = path.join('/tmp/.docker-setup-buildx-jest').split(path.sep).join(path.posix.sep);
-  if (!fs.existsSync(tmpDir)) {
-    fs.mkdirSync(tmpDir, {recursive: true});
-  }
-  return tmpDir;
+  return tmpdir;
 });

+const tmpname = path.join(tmpdir, '.tmpname').split(path.sep).join(path.posix.sep);
 jest.spyOn(context, 'tmpNameSync').mockImplementation((): string => {
-  return tmpNameSync;
+  return tmpname;
 });

 describe('isAvailable', () => {
@ -136,8 +132,8 @@ describe('getConfig', () => {
        config = await buildx.getConfigInline(val);
      }
      expect(true).toBe(!invalid);
-      expect(config).toEqual(`${tmpNameSync}`);
-      const configValue = fs.readFileSync(tmpNameSync, 'utf-8');
+      expect(config).toEqual(tmpname);
+      const configValue = fs.readFileSync(tmpname, 'utf-8');
      expect(configValue).toEqual(exValue);
    } catch (err) {
      // eslint-disable-next-line jest/no-conditional-expect
--- a/tests/context.test.ts
+++ b/tests/context.test.ts
@ -4,16 +4,13 @@ import * as os from 'os';
 import * as path from 'path';
 import * as context from '../src/context';

+const tmpdir = fs.mkdtempSync(path.join(os.tmpdir(), 'docker-setup-buildx-')).split(path.sep).join(path.posix.sep);
 jest.spyOn(context, 'tmpDir').mockImplementation((): string => {
-  const tmpDir = path.join('/tmp/.docker-setup-buildx-jest').split(path.sep).join(path.posix.sep);
-  if (!fs.existsSync(tmpDir)) {
-    fs.mkdirSync(tmpDir, {recursive: true});
-  }
-  return tmpDir;
+  return tmpdir;
 });

 jest.spyOn(context, 'tmpNameSync').mockImplementation((): string => {
-  return path.join('/tmp/.docker-setup-buildx-jest', '.tmpname-jest').split(path.sep).join(path.posix.sep);
+  return path.join(tmpdir, '.tmpname').split(path.sep).join(path.posix.sep);
 });

 describe('getInputList', () => {