Merge pull request moby#3910 from nicks/nicks/auth

tonistiigi · web-flow · commit 60d134bf7671 · 2023-05-30T10:18:35.000-07:00
authprovider: fix a bug where registry-1.docker.io auth was always a cache miss
diff --git a/session/auth/authprovider/authprovider.go b/session/auth/authprovider/authprovider.go
@@ -29,6 +29,8 @@ import (
 )
 
 const defaultExpiration = 60
+const dockerHubConfigfileKey = "https://index.docker.io/v1/"
+const dockerHubRegistryHost = "registry-1.docker.io"
 
 func NewDockerAuthProvider(cfg *configfile.ConfigFile) session.Attachable {
 	return &authProvider{
@@ -183,10 +185,12 @@ func (ap *authProvider) VerifyTokenAuthority(ctx context.Context, req *auth.Veri
 func (ap *authProvider) getAuthConfig(host string) (*types.AuthConfig, error) {
 	ap.mu.Lock()
 	defer ap.mu.Unlock()
+
+	if host == dockerHubRegistryHost {
+		host = dockerHubConfigfileKey
+	}
+
 	if _, exists := ap.authConfigCache[host]; !exists {
-		if host == "registry-1.docker.io" {
-			host = "https://index.docker.io/v1/"
-		}
 		ac, err := ap.config.GetAuthConfig(host)
 		if err != nil {
 			return nil, err
diff --git a/session/auth/authprovider/authprovider_test.go b/session/auth/authprovider/authprovider_test.go
@@ -0,0 +1,31 @@
+package authprovider
+
+import (
+	"context"
+	"testing"
+
+	"github.com/docker/cli/cli/config/configfile"
+	"github.com/docker/cli/cli/config/types"
+	"github.com/moby/buildkit/session/auth"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestFetchTokenCaching(t *testing.T) {
+	cfg := &configfile.ConfigFile{
+		AuthConfigs: map[string]types.AuthConfig{
+			dockerHubConfigfileKey: {Username: "user", RegistryToken: "hunter2"},
+		},
+	}
+	p := NewDockerAuthProvider(cfg).(*authProvider)
+	res, err := p.FetchToken(context.Background(), &auth.FetchTokenRequest{Host: dockerHubRegistryHost})
+	require.NoError(t, err)
+	assert.Equal(t, "hunter2", res.Token)
+
+	cfg.AuthConfigs[dockerHubConfigfileKey] = types.AuthConfig{Username: "user", RegistryToken: "hunter3"}
+	res, err = p.FetchToken(context.Background(), &auth.FetchTokenRequest{Host: dockerHubRegistryHost})
+	require.NoError(t, err)
+
+	// Verify that we cached the result instead of returning hunter3.
+	assert.Equal(t, "hunter2", res.Token)
+}
