(t *testing.T)
| 180 | } |
| 181 | |
| 182 | func TestSessionDigestAnonymousFirst(t *testing.T) { |
| 183 | t.Parallel() |
| 184 | |
| 185 | reg := newTestRegistry(t) |
| 186 | server := reg.start(t) |
| 187 | |
| 188 | registry := strings.TrimPrefix(server.URL, "http://") |
| 189 | ref, err := name.ParseReference(registry + "/anon:latest") |
| 190 | require.NoError(t, err) |
| 191 | |
| 192 | // A keychain that would fail if used, ensuring anonymous access is preferred. |
| 193 | keychain := staticKeychain{auth: &authn.Basic{Username: "bad", Password: "creds"}} |
| 194 | s := newTestSession(t, crane.WithAuthFromKeychain(keychain)) |
| 195 | |
| 196 | dig, err := s.digest(t.Context(), ref) |
| 197 | require.NoError(t, err) |
| 198 | assert.Equal(t, reg.digest, dig) |
| 199 | assert.Positive(t, reg.anonHits.Load(), "expected an anonymous request") |
| 200 | assert.Zero(t, reg.authHits.Load(), "did not expect a credentialed request") |
| 201 | } |
| 202 | |
| 203 | func TestSessionCredentialFallback(t *testing.T) { |
| 204 | t.Parallel() |
nothing calls this directly
no test coverage detected