Skip to content

Commit

Permalink
fix(docker): use a HEAD request to the real resource auth. (renovateb…
Browse files Browse the repository at this point in the history 
…ot#14744)
  • Loading branch information
@vlagorce
vlagorce committed Apr 26, 2022
1 parent a809022 commit 07c1ee9
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 34 deletions.
61 changes: 30 additions & 31 deletions lib/modules/datasource/docker/index.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -176,10 +176,10 @@ describe('modules/datasource/docker/index', () => {
expect(headers).toBeNull();
});

it('use a HEAD request to the real resource and use the auth header values to get a token', async () => {
it('use resources URL and resolve scope in www-authenticate header', async () => {
httpMock
.scope('https://my.local.registry')
.head('/v2/my/node/resource')
.get('/v2/my/node/resource')
.reply(401, '', {
'www-authenticate':
'Bearer realm="https://my.local.registry/oauth2/token",service="my.local.registry",scope="repository:my/node:whatever"',
Expand All @@ -193,7 +193,6 @@ describe('modules/datasource/docker/index', () => {
http,
'https://my.local.registry',
'my/node/prefix',
'head',
'https://my.local.registry/v2/my/node/resource'
);

Expand Down Expand Up @@ -569,7 +568,7 @@ describe('modules/datasource/docker/index', () => {
it('returns null if no token', async () => {
httpMock
.scope(baseUrl)
.head('/library/node/tags/list?n=10000')
.get('/library/node/tags/list?n=10000')
.reply(200, '', {})
.get('/library/node/tags/list?n=10000')
.reply(403);
Expand All @@ -585,7 +584,7 @@ describe('modules/datasource/docker/index', () => {
const tags = ['1.0.0'];
httpMock
.scope('https://registry.company.com/v2')
.head('/node/tags/list?n=10000')
.get('/node/tags/list?n=10000')
.reply(200, '', {})
.get('/node/tags/list?n=10000')
.reply(
Expand Down Expand Up @@ -616,7 +615,7 @@ describe('modules/datasource/docker/index', () => {
const tags = ['1.0.0'];
httpMock
.scope('https://registry.company.com/v2')
.head('/node/tags/list?n=10000')
.get('/node/tags/list?n=10000')
.reply(200, '', {})
.get('/node/tags/list?n=10000')
.reply(200, { tags }, {})
Expand Down Expand Up @@ -674,7 +673,7 @@ describe('modules/datasource/docker/index', () => {
it('uses lower tag limit for ECR deps', async () => {
httpMock
.scope(amazonUrl)
.head('/node/tags/list?n=1000')
.get('/node/tags/list?n=1000')
.reply(200, '', {})
// The tag limit parameter `n` needs to be limited to 1000 for ECR
// See https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_DescribeRepositories.html#ECR-DescribeRepositories-request-maxResults
Expand All @@ -699,7 +698,7 @@ describe('modules/datasource/docker/index', () => {
it('resolves requests to ECR proxy', async () => {
httpMock
.scope('https://ecr-proxy.company.com/v2')
.head('/node/tags/list?n=10000')
.get('/node/tags/list?n=10000')
.reply(200, '', {})
.get('/node/tags/list?n=10000')
.reply(
Expand Down Expand Up @@ -763,7 +762,7 @@ describe('modules/datasource/docker/index', () => {

httpMock
.scope('https://ecr-proxy.company.com/v2')
.head('/node/tags/list?n=10000')
.get('/node/tags/list?n=10000')
.reply(200, '', {})
.get('/node/tags/list?n=10000')
.reply(405, maxResultsErrorBody, {
Expand All @@ -784,7 +783,7 @@ describe('modules/datasource/docker/index', () => {
it('returns null when the response code is not 405', async () => {
httpMock
.scope('https://ecr-proxy.company.com/v2')
.head('/node/tags/list?n=10000')
.get('/node/tags/list?n=10000')
.reply(200, '', {})
.get('/node/tags/list?n=10000')
.reply(
Expand Down Expand Up @@ -815,7 +814,7 @@ describe('modules/datasource/docker/index', () => {
it('returns null when no response headers are present', async () => {
httpMock
.scope('https://ecr-proxy.company.com/v2')
.head('/node/tags/list?n=10000')
.get('/node/tags/list?n=10000')
.reply(200, '', {})
.get('/node/tags/list?n=10000')
.reply(405, {
Expand All @@ -838,7 +837,7 @@ describe('modules/datasource/docker/index', () => {
it('returns null when the expected docker header is missing', async () => {
httpMock
.scope('https://ecr-proxy.company.com/v2')
.head('/node/tags/list?n=10000')
.get('/node/tags/list?n=10000')
.reply(200, '', {})
.get('/node/tags/list?n=10000')
.reply(
Expand Down Expand Up @@ -867,7 +866,7 @@ describe('modules/datasource/docker/index', () => {
it('returns null when the response body does not contain an errors object', async () => {
httpMock
.scope('https://ecr-proxy.company.com/v2')
.head('/node/tags/list?n=10000')
.get('/node/tags/list?n=10000')
.reply(200, '', {})
.get('/node/tags/list?n=10000')
.reply(
Expand All @@ -888,7 +887,7 @@ describe('modules/datasource/docker/index', () => {
it('returns null when the response body does not contain errors', async () => {
httpMock
.scope('https://ecr-proxy.company.com/v2')
.head('/node/tags/list?n=10000')
.get('/node/tags/list?n=10000')
.reply(200, '', {})
.get('/node/tags/list?n=10000')
.reply(
Expand All @@ -911,7 +910,7 @@ describe('modules/datasource/docker/index', () => {
it('returns null when the the response errors does not have a message property', async () => {
httpMock
.scope('https://ecr-proxy.company.com/v2')
.head('/node/tags/list?n=10000')
.get('/node/tags/list?n=10000')
.reply(200, '', {})
.get('/node/tags/list?n=10000')
.reply(
Expand All @@ -938,7 +937,7 @@ describe('modules/datasource/docker/index', () => {
it('returns null when the the error message does not have the expected max results error', async () => {
httpMock
.scope('https://ecr-proxy.company.com/v2')
.head('/node/tags/list?n=10000')
.get('/node/tags/list?n=10000')
.reply(200, '', {})
.get('/node/tags/list?n=10000')
.reply(
Expand Down Expand Up @@ -968,7 +967,7 @@ describe('modules/datasource/docker/index', () => {
const tags = ['1.0.0'];
httpMock
.scope(baseUrl)
.head('/library/node/tags/list?n=10000')
.get('/library/node/tags/list?n=10000')
.reply(401, '', {
'www-authenticate':
'Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="repository:library/node:pull "',
Expand Down Expand Up @@ -996,7 +995,7 @@ describe('modules/datasource/docker/index', () => {
const tags = ['1.0.0'];
httpMock
.scope(baseUrl)
.head('/library/node/tags/list?n=10000')
.get('/library/node/tags/list?n=10000')
.reply(401, '', {
'www-authenticate':
'Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="repository:library/node:pull "',
Expand Down Expand Up @@ -1024,7 +1023,7 @@ describe('modules/datasource/docker/index', () => {
const tags = ['1.0.0'];
httpMock
.scope('https://k8s.gcr.io/v2/')
.head('/kubernetes-dashboard-amd64/tags/list?n=10000')
.get('/kubernetes-dashboard-amd64/tags/list?n=10000')
.reply(401, '', {
'www-authenticate':
'Bearer realm="https://k8s.gcr.io/v2/token",service="k8s.gcr.io"',
Expand All @@ -1049,7 +1048,7 @@ describe('modules/datasource/docker/index', () => {
it('returns null on error', async () => {
httpMock
.scope(baseUrl)
.head('/my/node/tags/list?n=10000')
.get('/my/node/tags/list?n=10000')
.reply(200, null)
.get('/my/node/tags/list?n=10000')
.replyWithError('error');
Expand All @@ -1063,7 +1062,7 @@ describe('modules/datasource/docker/index', () => {
it('strips trailing slash from registry', async () => {
httpMock
.scope(baseUrl)
.head('/my/node/tags/list?n=10000')
.get('/my/node/tags/list?n=10000')
.reply(401, '', {
'www-authenticate':
'Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="repository:my/node:pull "',
Expand All @@ -1090,7 +1089,7 @@ describe('modules/datasource/docker/index', () => {
hostRules.find.mockReturnValue({});
httpMock
.scope(baseUrl)
.head('/library/node/tags/list?n=10000')
.get('/library/node/tags/list?n=10000')
.reply(401, undefined, {
'www-authenticate': 'Basic realm="My Private Docker Registry Server"',
});
Expand All @@ -1107,7 +1106,7 @@ describe('modules/datasource/docker/index', () => {
.get('/')
.times(2)
.reply(200)
.head('/node/tags/list?n=10000')
.get('/node/tags/list?n=10000')
.reply(200)
.get('/node/tags/list?n=10000')
.reply(200, {
Expand Down Expand Up @@ -1172,7 +1171,7 @@ describe('modules/datasource/docker/index', () => {
.get('/')
.times(3)
.reply(200)
.head('/node/tags/list?n=10000')
.get('/node/tags/list?n=10000')
.reply(200)
.get('/node/tags/list?n=10000')
.reply(200, { tags: ['abc'] })
Expand Down Expand Up @@ -1213,7 +1212,7 @@ describe('modules/datasource/docker/index', () => {
.scope('https://registry.company.com/v2')
.get('/')
.reply(200)
.head('/node/tags/list?n=10000')
.get('/node/tags/list?n=10000')
.reply(200)
.get('/node/tags/list?n=10000')
.reply(200, { tags: ['latest'] })
Expand All @@ -1238,7 +1237,7 @@ describe('modules/datasource/docker/index', () => {
.scope('https://registry.company.com/v2')
.get('/')
.reply(200)
.head('/node/tags/list?n=10000')
.get('/node/tags/list?n=10000')
.reply(200)
.get('/node/tags/list?n=10000')
.reply(200, { tags: ['latest'] })
Expand All @@ -1262,7 +1261,7 @@ describe('modules/datasource/docker/index', () => {
.scope('https://registry.company.com/v2')
.get('/')
.reply(200)
.head('/node/tags/list?n=10000')
.get('/node/tags/list?n=10000')
.reply(200)
.get('/node/tags/list?n=10000')
.reply(200, { tags: ['latest'] })
Expand All @@ -1284,7 +1283,7 @@ describe('modules/datasource/docker/index', () => {
.get('/')
.times(3)
.reply(200)
.head('/node/tags/list?n=10000')
.get('/node/tags/list?n=10000')
.reply(200)
.get('/node/tags/list?n=10000')
.reply(200, { tags: ['1'] })
Expand Down Expand Up @@ -1330,7 +1329,7 @@ describe('modules/datasource/docker/index', () => {
.get('/')
.times(3)
.reply(200)
.head('/node/tags/list?n=10000')
.get('/node/tags/list?n=10000')
.reply(200)
.get('/node/tags/list?n=10000')
.reply(200, { tags: ['1'] })
Expand Down Expand Up @@ -1374,7 +1373,7 @@ describe('modules/datasource/docker/index', () => {
.scope('https://registry.company.com/v2')
.get('/')
.reply(200)
.head('/node/tags/list?n=10000')
.get('/node/tags/list?n=10000')
.reply(200)
.get('/node/tags/list?n=10000')
.reply(200, { tags: ['latest'] })
Expand Down Expand Up @@ -1404,7 +1403,7 @@ describe('modules/datasource/docker/index', () => {
.reply(401, '', {
'www-authenticate': 'Basic realm="My Private Docker Registry Server"',
})
.head('/node/tags/list?n=10000')
.get('/node/tags/list?n=10000')
.reply(401, '', {
'www-authenticate': 'Basic realm="My Private Docker Registry Server"',
});
Expand Down
4 changes: 1 addition & 3 deletions lib/modules/datasource/docker/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,11 +54,10 @@ export async function getAuthHeaders(
http: Http,
registryHost: string,
dockerRepository: string,
apiCheckMode: 'head' | 'get' = 'get',
apiCheckUrl = `${registryHost}/v2/`
): Promise<OutgoingHttpHeaders | null> {
try {
const apiCheckResponse = await http[apiCheckMode](apiCheckUrl, {
const apiCheckResponse = await http.get(apiCheckUrl, {
throwHttpErrors: false,
noAuth: true,
});
Expand Down Expand Up @@ -698,7 +697,6 @@ export class DockerDatasource extends Datasource {
this.http,
registryHost,
dockerRepository,
'head',
url
);
if (!headers) {
Expand Down

0 comments on commit 07c1ee9

Please sign in to comment.