From bbab37eaa766805ab2d8aed29c814e6c322d1ef7 Mon Sep 17 00:00:00 2001 From: Tom Runyon Date: Tue, 27 Dec 2022 15:24:54 -0500 Subject: [PATCH] Save files after merge conflict resolution Signed-off-by: Tom Runyon --- cmd/helm/registry_login.go | 10 -- pkg/action/registry_login.go | 6 - pkg/getter/ocigetter.go | 5 - pkg/getter/ocigetter_test.go | 6 - pkg/pusher/ocipusher.go | 5 - pkg/pusher/ocipusher_test.go | 6 - pkg/pusher/pusher.go | 10 -- pkg/registry/client_http_test.go | 1 - pkg/registry/client_test.go | 190 +------------------------------ pkg/registry/utils_test.go | 2 +- 10 files changed, 2 insertions(+), 239 deletions(-) diff --git a/cmd/helm/registry_login.go b/cmd/helm/registry_login.go index 0d03318c5..0a268c4bf 100644 --- a/cmd/helm/registry_login.go +++ b/cmd/helm/registry_login.go @@ -43,10 +43,7 @@ type registryLoginOptions struct { certFile string keyFile string caFile string -<<<<<<< HEAD insecure bool -======= ->>>>>>> e676fd1c (Enable custom certificates option for OCI) } func newRegistryLoginCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { @@ -69,12 +66,8 @@ func newRegistryLoginCmd(cfg *action.Configuration, out io.Writer) *cobra.Comman return action.NewRegistryLogin(cfg).Run(out, hostname, username, password, action.WithCertFile(o.certFile), action.WithKeyFile(o.keyFile), -<<<<<<< HEAD action.WithCAFile(o.caFile), action.WithInsecure(o.insecure)) -======= - action.WithCAFile(o.caFile)) ->>>>>>> e676fd1c (Enable custom certificates option for OCI) }, } @@ -82,10 +75,7 @@ func newRegistryLoginCmd(cfg *action.Configuration, out io.Writer) *cobra.Comman f.StringVarP(&o.username, "username", "u", "", "registry username") f.StringVarP(&o.password, "password", "p", "", "registry password or identity token") f.BoolVarP(&o.passwordFromStdinOpt, "password-stdin", "", false, "read password or identity token from stdin") -<<<<<<< HEAD f.BoolVarP(&o.insecure, "insecure", "", false, "allow connections to TLS registry without certs") -======= ->>>>>>> e676fd1c (Enable custom certificates option for OCI) f.StringVar(&o.certFile, "cert-file", "", "identify registry client using this SSL certificate file") f.StringVar(&o.keyFile, "key-file", "", "identify registry client using this SSL key file") f.StringVar(&o.caFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle") diff --git a/pkg/action/registry_login.go b/pkg/action/registry_login.go index b39a95a23..a55f2de58 100644 --- a/pkg/action/registry_login.go +++ b/pkg/action/registry_login.go @@ -28,10 +28,7 @@ type RegistryLogin struct { certFile string keyFile string caFile string -<<<<<<< HEAD insecure bool -======= ->>>>>>> e676fd1c (Enable custom certificates option for OCI) } type RegistryLoginOpt func(*RegistryLogin) error @@ -86,9 +83,6 @@ func (a *RegistryLogin) Run(out io.Writer, hostname string, username string, pas return a.cfg.RegistryClient.Login( hostname, registry.LoginOptBasicAuth(username, password), -<<<<<<< HEAD registry.LoginOptInsecure(a.insecure), -======= ->>>>>>> e676fd1c (Enable custom certificates option for OCI) registry.LoginOptTLSClientConfig(a.certFile, a.keyFile, a.caFile)) } diff --git a/pkg/getter/ocigetter.go b/pkg/getter/ocigetter.go index 169e90395..1705fca91 100644 --- a/pkg/getter/ocigetter.go +++ b/pkg/getter/ocigetter.go @@ -122,13 +122,8 @@ func (g *OCIGetter) newRegistryClient() (*registry.Client, error) { } }) -<<<<<<< HEAD if (g.opts.certFile != "" && g.opts.keyFile != "") || g.opts.caFile != "" || g.opts.insecureSkipVerifyTLS { tlsConf, err := tlsutil.NewClientTLS(g.opts.certFile, g.opts.keyFile, g.opts.caFile, g.opts.insecureSkipVerifyTLS) -======= - if (g.opts.certFile != "" && g.opts.keyFile != "") || g.opts.caFile != "" { - tlsConf, err := tlsutil.NewClientTLS(g.opts.certFile, g.opts.keyFile, g.opts.caFile) ->>>>>>> e676fd1c (Enable custom certificates option for OCI) if err != nil { return nil, fmt.Errorf("can't create TLS config for client: %w", err) } diff --git a/pkg/getter/ocigetter_test.go b/pkg/getter/ocigetter_test.go index 3bfac3c4a..fa2fa67a5 100644 --- a/pkg/getter/ocigetter_test.go +++ b/pkg/getter/ocigetter_test.go @@ -39,10 +39,7 @@ func TestOCIGetter(t *testing.T) { ca, pub, priv := join(cd, "rootca.crt"), join(cd, "crt.pem"), join(cd, "key.pem") timeout := time.Second * 5 transport := &http.Transport{} -<<<<<<< HEAD insecureSkipTLSverify := false -======= ->>>>>>> e676fd1c (Enable custom certificates option for OCI) // Test with options g, err = NewOCIGetter( @@ -50,10 +47,7 @@ func TestOCIGetter(t *testing.T) { WithTLSClientConfig(pub, priv, ca), WithTimeout(timeout), WithTransport(transport), -<<<<<<< HEAD WithInsecureSkipVerifyTLS(insecureSkipTLSverify), -======= ->>>>>>> e676fd1c (Enable custom certificates option for OCI) ) if err != nil { t.Fatal(err) diff --git a/pkg/pusher/ocipusher.go b/pkg/pusher/ocipusher.go index 55b153d55..614141698 100644 --- a/pkg/pusher/ocipusher.go +++ b/pkg/pusher/ocipusher.go @@ -106,13 +106,8 @@ func NewOCIPusher(ops ...Option) (Pusher, error) { } func (pusher *OCIPusher) newRegistryClient() (*registry.Client, error) { -<<<<<<< HEAD if (pusher.opts.certFile != "" && pusher.opts.keyFile != "") || pusher.opts.caFile != "" || pusher.opts.insecureSkipTLSverify { tlsConf, err := tlsutil.NewClientTLS(pusher.opts.certFile, pusher.opts.keyFile, pusher.opts.caFile, pusher.opts.insecureSkipTLSverify) -======= - if (pusher.opts.certFile != "" && pusher.opts.keyFile != "") || pusher.opts.caFile != "" { - tlsConf, err := tlsutil.NewClientTLS(pusher.opts.certFile, pusher.opts.keyFile, pusher.opts.caFile) ->>>>>>> e676fd1c (Enable custom certificates option for OCI) if err != nil { return nil, errors.Wrap(err, "can't create TLS config for client") } diff --git a/pkg/pusher/ocipusher_test.go b/pkg/pusher/ocipusher_test.go index efdae90c6..9390710a0 100644 --- a/pkg/pusher/ocipusher_test.go +++ b/pkg/pusher/ocipusher_test.go @@ -35,18 +35,12 @@ func TestNewOCIPusher(t *testing.T) { cd := "../../testdata" join := filepath.Join ca, pub, priv := join(cd, "rootca.crt"), join(cd, "crt.pem"), join(cd, "key.pem") -<<<<<<< HEAD insecureSkipTLSverify := false -======= ->>>>>>> e676fd1c (Enable custom certificates option for OCI) // Test with options p, err = NewOCIPusher( WithTLSClientConfig(pub, priv, ca), -<<<<<<< HEAD WithInsecureSkipTLSVerify(insecureSkipTLSverify), -======= ->>>>>>> e676fd1c (Enable custom certificates option for OCI) ) if err != nil { t.Fatal(err) diff --git a/pkg/pusher/pusher.go b/pkg/pusher/pusher.go index f6dc73ce6..e325ce498 100644 --- a/pkg/pusher/pusher.go +++ b/pkg/pusher/pusher.go @@ -27,18 +27,11 @@ import ( // // Pushers may or may not ignore these parameters as they are passed in. type options struct { -<<<<<<< HEAD registryClient *registry.Client certFile string keyFile string caFile string insecureSkipTLSverify bool -======= - registryClient *registry.Client - certFile string - keyFile string - caFile string ->>>>>>> e676fd1c (Enable custom certificates option for OCI) } // Option allows specifying various settings configurable by the user for overriding the defaults @@ -61,7 +54,6 @@ func WithTLSClientConfig(certFile, keyFile, caFile string) Option { } } -<<<<<<< HEAD // WithInsecureSkipTLSVerify determines if a TLS Certificate will be checked func WithInsecureSkipTLSVerify(insecureSkipTLSVerify bool) Option { return func(opts *options) { @@ -69,8 +61,6 @@ func WithInsecureSkipTLSVerify(insecureSkipTLSVerify bool) Option { } } -======= ->>>>>>> e676fd1c (Enable custom certificates option for OCI) // Pusher is an interface to support upload to the specified URL. type Pusher interface { // Push file content by url string diff --git a/pkg/registry/client_http_test.go b/pkg/registry/client_http_test.go index 96ee8d882..94b1b73b3 100644 --- a/pkg/registry/client_http_test.go +++ b/pkg/registry/client_http_test.go @@ -36,7 +36,6 @@ func (suite *HTTPRegistryClientTestSuite) SetupSuite() { } func (suite *HTTPRegistryClientTestSuite) TearDownSuite() { - suite.Cancel() os.RemoveAll(suite.WorkspaceDir) } diff --git a/pkg/registry/client_test.go b/pkg/registry/client_test.go index 13d1648be..3bb4a991b 100644 --- a/pkg/registry/client_test.go +++ b/pkg/registry/client_test.go @@ -17,177 +17,11 @@ limitations under the License. package registry import ( -<<<<<<< HEAD -<<<<<<< HEAD - "bytes" - "context" - "fmt" - "io" - "io/ioutil" - "net" -======= - "fmt" ->>>>>>> dd5e82b5 (refactor to new test suite) - "os" - "path/filepath" -======= "fmt" "os" ->>>>>>> e676fd1c (Enable custom certificates option for OCI) "testing" "github.com/containerd/containerd/errdefs" -<<<<<<< HEAD - "github.com/distribution/distribution/v3/configuration" - "github.com/distribution/distribution/v3/registry" - "github.com/phayes/freeport" - "github.com/stretchr/testify/suite" - "golang.org/x/crypto/bcrypt" -) - -var ( - testWorkspaceDir = "helm-registry-test" - testHtpasswdFileBasename = "authtest.htpasswd" - testCACertFileName = "root.pem" - testCAKeyFileName = "root-key.pem" - testClientCertFileName = "client.pem" - testClientKeyFileName = "client-key.pem" - testUsername = "myuser" - testPassword = "mypass" -) - -type RegistryClientTestSuite struct { - suite.Suite - Out io.Writer - DockerRegistryHost string - CompromisedRegistryHost string - WorkspaceDir string - RegistryClient *Client - - PlainHTTPDockerRegistryHost string - TLSDockerRegistryHost string - TLSVerifyClientDockerRegistryHost string - - PlainHTTPRegistryClient *Client - InsecureRegistryClient *Client - RegistryClientWithCA *Client - RegistryClientWithCertKey *Client -} - -func (suite *RegistryClientTestSuite) SetupSuite() { - suite.WorkspaceDir = testWorkspaceDir - os.RemoveAll(suite.WorkspaceDir) - os.Mkdir(suite.WorkspaceDir, 0700) - - var out bytes.Buffer - suite.Out = &out - credentialsFile := filepath.Join(suite.WorkspaceDir, CredentialsFileBasename) - - // find the first non-local IP as the registry address - // or else, using localhost will always be insecure - var hostname string - addrs, err := net.InterfaceAddrs() - suite.Nil(err, "error getting IP addresses") - for _, address := range addrs { - if n, ok := address.(*net.IPNet); ok { - if n.IP.IsLinkLocalUnicast() || n.IP.IsLoopback() { - continue - } - hostname = n.IP.String() - break - } - } - suite.NotEmpty(hostname, "failed to get ip address as hostname") - - // generate self-sign CA cert/key and client cert/key - caCert, caKey, clientCert, clientKey, err := genCerts(hostname) - suite.Nil(err, "error generating certs") - caCertPath := filepath.Join(suite.WorkspaceDir, testCACertFileName) - err = ioutil.WriteFile(caCertPath, caCert, 0644) - suite.Nil(err, "error creating test ca cert file") - caKeyPath := filepath.Join(suite.WorkspaceDir, testCAKeyFileName) - err = ioutil.WriteFile(caKeyPath, caKey, 0644) - suite.Nil(err, "error creating test ca key file") - clientCertPath := filepath.Join(suite.WorkspaceDir, testClientCertFileName) - err = ioutil.WriteFile(clientCertPath, clientCert, 0644) - suite.Nil(err, "error creating test client cert file") - clientKeyPath := filepath.Join(suite.WorkspaceDir, testClientKeyFileName) - err = ioutil.WriteFile(clientKeyPath, clientKey, 0644) - suite.Nil(err, "error creating test client key file") - - // init test client - suite.RegistryClient, err = NewClient( - ClientOptDebug(true), - ClientOptEnableCache(true), - ClientOptWriter(suite.Out), - ClientOptCredentialsFile(credentialsFile), - ) - suite.Nil(err, "no error creating registry client") - - // init plain http client - suite.PlainHTTPRegistryClient, err = NewClient( - ClientOptDebug(true), - ClientOptEnableCache(true), - ClientOptWriter(suite.Out), - ClientOptCredentialsFile(credentialsFile), - ClientOptPlainHTTP(true), - ) - suite.Nil(err, "error creating plain http registry client") - - // init insecure client - suite.InsecureRegistryClient, err = NewClient( - ClientOptDebug(true), - ClientOptEnableCache(true), - ClientOptWriter(suite.Out), - ClientOptInsecureSkipVerifyTLS(true), - ) - suite.Nil(err, "error creating insecure registry client") - - // init client with CA cert - suite.RegistryClientWithCA, err = NewClient( - ClientOptDebug(true), - ClientOptEnableCache(true), - ClientOptWriter(suite.Out), - ClientOptCAFile(caCertPath), - ) - suite.Nil(err, "error creating registry client with CA cert") - - // init client with CA cert and client cert/key - suite.RegistryClientWithCertKey, err = NewClient( - ClientOptDebug(true), - ClientOptEnableCache(true), - ClientOptWriter(suite.Out), - ClientOptCAFile(caCertPath), - ClientOptCertKeyFiles(clientCertPath, clientKeyPath), - ) - suite.Nil(err, "error creating registry client with CA cert") - - // create htpasswd file (w BCrypt, which is required) - pwBytes, err := bcrypt.GenerateFromPassword([]byte(testPassword), bcrypt.DefaultCost) - suite.Nil(err, "no error generating bcrypt password for test htpasswd file") - htpasswdPath := filepath.Join(suite.WorkspaceDir, testHtpasswdFileBasename) - err = ioutil.WriteFile(htpasswdPath, []byte(fmt.Sprintf("%s:%s\n", testUsername, string(pwBytes))), 0644) - suite.Nil(err, "no error creating test htpasswd file") - - // Registry config - config := &configuration.Configuration{} - port, err := freeport.GetFreePort() - suite.Nil(err, "no error finding free port for test registry") - suite.DockerRegistryHost = fmt.Sprintf("localhost:%d", port) - config.HTTP.Addr = fmt.Sprintf("127.0.0.1:%d", port) - config.HTTP.DrainTimeout = time.Duration(10) * time.Second - config.Storage = map[string]configuration.Parameters{"inmemory": map[string]interface{}{}} - config.Auth = configuration.Auth{ - "htpasswd": configuration.Parameters{ - "realm": "localhost", - "path": htpasswdPath, - }, - } - dockerRegistry, err := registry.NewRegistry(context.Background(), config) - suite.Nil(err, "no error creating test registry") - - suite.CompromisedRegistryHost = initCompromisedRegistryTestServer() -======= "github.com/stretchr/testify/suite" ) @@ -197,29 +31,7 @@ type RegistryClientTestSuite struct { func (suite *RegistryClientTestSuite) SetupSuite() { // init test client - dockerRegistry := setup(&suite.TestSuite, false) ->>>>>>> e676fd1c (Enable custom certificates option for OCI) - - // plain http registry - plainHTTPConfig := &configuration.Configuration{} - plainHTTPPort, err := freeport.GetFreePort() - suite.Nil(err, "no error finding free port for test plain HTTP registry") - suite.PlainHTTPDockerRegistryHost = fmt.Sprintf("%s:%d", hostname, plainHTTPPort) - plainHTTPConfig.HTTP.Addr = fmt.Sprintf(":%d", plainHTTPPort) - plainHTTPConfig.Storage = map[string]configuration.Parameters{"inmemory": map[string]interface{}{}} - plainHTTPConfig.Auth = configuration.Auth{ - "htpasswd": configuration.Parameters{ - "realm": hostname, - "path": htpasswdPath, - }, - } - plainHTTPDockerRegistry, err := registry.NewRegistry(context.Background(), plainHTTPConfig) - suite.Nil(err, "no error creating test plain http registry") - - // init TLS registry with self-signed CA - tlsRegistryPort, err := freeport.GetFreePort() - suite.Nil(err, "no error finding free port for test TLS registry") - suite.TLSDockerRegistryHost = fmt.Sprintf("%s:%d", hostname, tlsRegistryPort) + dockerRegistry := setup(&suite.TestSuite, false, false) // Start Docker registry go dockerRegistry.ListenAndServe() diff --git a/pkg/registry/utils_test.go b/pkg/registry/utils_test.go index 1ed077721..9965fb987 100644 --- a/pkg/registry/utils_test.go +++ b/pkg/registry/utils_test.go @@ -66,7 +66,7 @@ type TestSuite struct { RegistryClient *Client } -func setup(suite *TestSuite, tlsEnabled bool) *registry.Registry { +func setup(suite *TestSuite, tlsEnabled bool, insecure bool) *registry.Registry { suite.WorkspaceDir = testWorkspaceDir os.RemoveAll(suite.WorkspaceDir) os.Mkdir(suite.WorkspaceDir, 0700)