fix: authentication tests on WSL (#2706)

Fix docker auth tests to run on WSL by using the local IP instead
of localhost, which can be unreliable.

While there refactor the tests to use a helper instead of hand coding
each environment setup.

Remove duplicate logging about terminating container as default hooks
already provide this.

Co-authored-by: Manuel de la Peña <mdelapenya@gmail.com>

docker_auth_test.go

@@ -3,7 +3,9 @@ package testcontainers
 import (
 	"context"
 	_ "embed"
+	"encoding/base64"
 	"fmt"
+	"net"
 	"os"
 	"path/filepath"
 	"testing"
@@ -75,12 +77,7 @@ func TestGetDockerConfig(t *testing.T) {
 	})
 
 	t.Run("DOCKER_AUTH_CONFIG env var takes precedence", func(t *testing.T) {
-		t.Setenv("DOCKER_AUTH_CONFIG", `{
-			"auths": {
-					"`+exampleAuth+`": {}
-			},
-			"credsStore": "desktop"
-		}`)
+		setAuthConfig(t, exampleAuth, "", "")
 		t.Setenv("DOCKER_CONFIG", testDockerConfigDirPath)
 
 		cfg, err := getDockerConfig()
@@ -100,36 +97,23 @@ func TestGetDockerConfig(t *testing.T) {
 	})
 
 	t.Run("retrieve auth with DOCKER_AUTH_CONFIG env var", func(t *testing.T) {
-		base64 := "Z29waGVyOnNlY3JldA==" // gopher:secret
-
-		t.Setenv("DOCKER_AUTH_CONFIG", `{
-			"auths": {
-					"`+exampleAuth+`": { "username": "gopher", "password": "secret", "auth": "`+base64+`" }
-			},
-			"credsStore": "desktop"
-		}`)
+		username, password := "gopher", "secret"
+		creds := setAuthConfig(t, exampleAuth, username, password)
 
 		registry, cfg, err := DockerImageAuth(context.Background(), exampleAuth+"/my/image:latest")
 		require.NoError(t, err)
 		require.NotEmpty(t, cfg)
 
 		assert.Equal(t, exampleAuth, registry)
-		assert.Equal(t, "gopher", cfg.Username)
-		assert.Equal(t, "secret", cfg.Password)
-		assert.Equal(t, base64, cfg.Auth)
+		assert.Equal(t, username, cfg.Username)
+		assert.Equal(t, password, cfg.Password)
+		assert.Equal(t, creds, cfg.Auth)
 	})
 
 	t.Run("match registry authentication by host", func(t *testing.T) {
-		base64 := "Z29waGVyOnNlY3JldA==" // gopher:secret
 		imageReg := "example-auth.com"
 		imagePath := "/my/image:latest"
-
-		t.Setenv("DOCKER_AUTH_CONFIG", `{
-			"auths": {
-					"`+exampleAuth+`": { "username": "gopher", "password": "secret", "auth": "`+base64+`" }
-			},
-			"credsStore": "desktop"
-		}`)
+		base64 := setAuthConfig(t, exampleAuth, "gopher", "secret")
 
 		registry, cfg, err := DockerImageAuth(context.Background(), imageReg+imagePath)
 		require.NoError(t, err)
@@ -142,17 +126,11 @@ func TestGetDockerConfig(t *testing.T) {
 	})
 
 	t.Run("fail to match registry authentication due to invalid host", func(t *testing.T) {
-		base64 := "Z29waGVyOnNlY3JldA==" // gopher:secret
 		imageReg := "example-auth.com"
 		imagePath := "/my/image:latest"
 		invalidRegistryURL := "://invalid-host"
 
-		t.Setenv("DOCKER_AUTH_CONFIG", `{
-			"auths": {
-					"`+invalidRegistryURL+`": { "username": "gopher", "password": "secret", "auth": "`+base64+`" }
-			},
-			"credsStore": "desktop"
-		}`)
+		setAuthConfig(t, invalidRegistryURL, "gopher", "secret")
 
 		registry, cfg, err := DockerImageAuth(context.Background(), imageReg+imagePath)
 		require.ErrorIs(t, err, dockercfg.ErrCredentialsNotFound)
@@ -170,16 +148,10 @@ func TestGetDockerConfig(t *testing.T) {
 			return ""
 		}
 
-		base64 := "Z29waGVyOnNlY3JldA==" // gopher:secret
 		imageReg := ""
 		imagePath := "image:latest"
 
-		t.Setenv("DOCKER_AUTH_CONFIG", `{
-			"auths": {
-					"example-auth.com": { "username": "gopher", "password": "secret", "auth": "`+base64+`" }
-			},
-			"credsStore": "desktop"
-		}`)
+		setAuthConfig(t, "example-auth.com", "gopher", "secret")
 
 		registry, cfg, err := DockerImageAuth(context.Background(), imageReg+imagePath)
 		require.ErrorIs(t, err, dockercfg.ErrCredentialsNotFound)
@@ -219,22 +191,16 @@ func removeImageFromLocalCache(t *testing.T, img string) {
 		Force:         true,
 		PruneChildren: true,
 	})
-	if err != nil {
+	if err != nil && !client.IsErrNotFound(err) {
 		t.Logf("could not remove image %s: %v\n", img, err)
 	}
 }
 
 func TestBuildContainerFromDockerfileWithDockerAuthConfig(t *testing.T) {
-	mappedPort := prepareLocalRegistryWithAuth(t)
+	registryHost := prepareLocalRegistryWithAuth(t)
 
 	// using the same credentials as in the Docker Registry
-	base64 := "dGVzdHVzZXI6dGVzdHBhc3N3b3Jk" // testuser:testpassword
-	t.Setenv("DOCKER_AUTH_CONFIG", `{
-		"auths": {
-				"localhost:`+mappedPort+`": { "username": "testuser", "password": "testpassword", "auth": "`+base64+`" }
-		},
-		"credsStore": "desktop"
-	}`)
+	setAuthConfig(t, registryHost, "testuser", "testpassword")
 
 	ctx := context.Background()
 
@@ -243,30 +209,26 @@ func TestBuildContainerFromDockerfileWithDockerAuthConfig(t *testing.T) {
 			Context:    "./testdata",
 			Dockerfile: "auth.Dockerfile",
 			BuildArgs: map[string]*string{
-				"REGISTRY_PORT": &mappedPort,
+				"REGISTRY_HOST": &registryHost,
 			},
+			Repo:          "localhost",
+			PrintBuildLog: true,
 		},
 		AlwaysPullImage: true, // make sure the authentication takes place
 		ExposedPorts:    []string{"6379/tcp"},
 		WaitingFor:      wait.ForLog("Ready to accept connections"),
 	}
 
 	redisC, err := prepareRedisImage(ctx, req)
-	require.NoError(t, err)
 	terminateContainerOnEnd(t, ctx, redisC)
+	require.NoError(t, err)
 }
 
 func TestBuildContainerFromDockerfileShouldFailWithWrongDockerAuthConfig(t *testing.T) {
-	mappedPort := prepareLocalRegistryWithAuth(t)
+	registryHost := prepareLocalRegistryWithAuth(t)
 
 	// using different credentials than in the Docker Registry
-	base64 := "Zm9vOmJhcg==" // foo:bar
-	t.Setenv("DOCKER_AUTH_CONFIG", `{
-		"auths": {
-			"localhost:`+mappedPort+`": { "username": "foo", "password": "bar", "auth": "`+base64+`" }
-		},
-		"credsStore": "desktop"
-	}`)
+	setAuthConfig(t, registryHost, "foo", "bar")
 
 	ctx := context.Background()
 
@@ -275,7 +237,7 @@ func TestBuildContainerFromDockerfileShouldFailWithWrongDockerAuthConfig(t *test
 			Context:    "./testdata",
 			Dockerfile: "auth.Dockerfile",
 			BuildArgs: map[string]*string{
-				"REGISTRY_PORT": &mappedPort,
+				"REGISTRY_HOST": &registryHost,
 			},
 		},
 		AlwaysPullImage: true, // make sure the authentication takes place
@@ -284,25 +246,19 @@ func TestBuildContainerFromDockerfileShouldFailWithWrongDockerAuthConfig(t *test
 	}
 
 	redisC, err := prepareRedisImage(ctx, req)
-	require.Error(t, err)
 	terminateContainerOnEnd(t, ctx, redisC)
+	require.Error(t, err)
 }
 
 func TestCreateContainerFromPrivateRegistry(t *testing.T) {
-	mappedPort := prepareLocalRegistryWithAuth(t)
+	registryHost := prepareLocalRegistryWithAuth(t)
 
 	// using the same credentials as in the Docker Registry
-	base64 := "dGVzdHVzZXI6dGVzdHBhc3N3b3Jk" // testuser:testpassword
-	t.Setenv("DOCKER_AUTH_CONFIG", `{
-		"auths": {
-				"localhost:`+mappedPort+`": { "username": "testuser", "password": "testpassword", "auth": "`+base64+`" }
-		},
-		"credsStore": "desktop"
-	}`)
+	setAuthConfig(t, registryHost, "testuser", "testpassword")
 
 	ctx := context.Background()
 	req := ContainerRequest{
-		Image:           "localhost:" + mappedPort + "/redis:5.0-alpine",
+		Image:           registryHost + "/redis:5.0-alpine",
 		AlwaysPullImage: true, // make sure the authentication takes place
 		ExposedPorts:    []string{"6379/tcp"},
 		WaitingFor:      wait.ForLog("Ready to accept connections"),
@@ -312,8 +268,8 @@ func TestCreateContainerFromPrivateRegistry(t *testing.T) {
 		ContainerRequest: req,
 		Started:          true,
 	})
-	require.NoError(t, err)
 	terminateContainerOnEnd(t, ctx, redisContainer)
+	require.NoError(t, err)
 }
 
 func prepareLocalRegistryWithAuth(t *testing.T) string {
@@ -356,10 +312,12 @@ func prepareLocalRegistryWithAuth(t *testing.T) string {
 	mappedPort, err := registryC.MappedPort(ctx, "5000/tcp")
 	require.NoError(t, err)
 
+	ip := localAddress(t)
 	mp := mappedPort.Port()
+	addr := ip + ":" + mp
 
 	t.Cleanup(func() {
-		removeImageFromLocalCache(t, "localhost:"+mp+"/redis:5.0-alpine")
+		removeImageFromLocalCache(t, addr+"/redis:5.0-alpine")
 	})
 	t.Cleanup(func() {
 		require.NoError(t, registryC.Terminate(context.Background()))
@@ -368,7 +326,7 @@ func prepareLocalRegistryWithAuth(t *testing.T) string {
 	_, cancel := context.WithCancel(context.Background())
 	t.Cleanup(cancel)
 
-	return mp
+	return addr
 }
 
 func prepareRedisImage(ctx context.Context, req ContainerRequest) (Container, error) {
@@ -378,9 +336,55 @@ func prepareRedisImage(ctx context.Context, req ContainerRequest) (Container, er
 		Started:          true,
 	}
 
-	redisC, err := GenericContainer(ctx, genContainerReq)
+	return GenericContainer(ctx, genContainerReq)
+}
+
+// setAuthConfig sets the DOCKER_AUTH_CONFIG environment variable with
+// authentication for with the given host, username and password.
+// It returns the base64 encoded credentials.
+func setAuthConfig(t *testing.T, host, username, password string) string {
+	t.Helper()
+
+	var creds string
+	if username != "" || password != "" {
+		creds = base64.StdEncoding.EncodeToString([]byte(username + ":" + password))
+	}
+
+	auth := fmt.Sprintf(`{
+	"auths": {
+		%q: {
+			"username": %q,
+			"password": %q,
+			"auth": %q
+		}
+	},
+	"credsStore": "desktop"
+}`,
+		host,
+		username,
+		password,
+		creds,
+	)
+	t.Setenv("DOCKER_AUTH_CONFIG", auth)
+
+	return creds
+}
+
+// localAddress returns the local address of the machine
+// which can be used to connect to the local registry.
+// This avoids the issues with localhost on WSL.
+func localAddress(t *testing.T) string {
+	if os.Getenv("WSL_DISTRO_NAME") == "" {
+		return "localhost"
+	}
+
+	conn, err := net.Dial("udp", "golang.org:80")
+	require.NoError(t, err)
+	defer conn.Close()
+
+	localAddr := conn.LocalAddr().(*net.UDPAddr)
 
-	return redisC, err
+	return localAddr.IP.String()
 }
 
 //go:embed testdata/.docker/config.json

testdata/auth.Dockerfile

@@ -1,3 +1,3 @@
-ARG REGISTRY_PORT=5001
+ARG REGISTRY_HOST=localhost:5001
 
-FROM localhost:${REGISTRY_PORT}/redis:5.0-alpine
+FROM ${REGISTRY_HOST}/redis:5.0-alpine

testhelpers_test.go

@@ -20,7 +20,6 @@ func terminateContainerOnEnd(tb testing.TB, ctx context.Context, ctr testcontain
 		return
 	}
 	tb.Cleanup(func() {
-		tb.Log("terminating container")
 		require.NoError(tb, ctr.Terminate(ctx))
 	})
 }