osxkeychain: list: return full server URIs

Commit 4cdcdc2 changed the format of `list` output. Before that commit,
the json keys were containing full URIs (scheme://host/path[:port]),
but afterward, the keys were only containing the path component.

With this commit, the `list` operation now returns full URIs (fixing the
regression), and also fixes the malformed URIs issue when a port is
specified (introduced by 19ec1c3, and affecting >=v0.4.2,<v0.9.0).

Signed-off-by: Albin Kerouanton <albinker@gmail.com>

osxkeychain/osxkeychain.go

@@ -12,6 +12,8 @@ import "C"
 
 import (
 	"errors"
+	"net"
+	"net/url"
 	"strconv"
 
 	"github.com/docker/docker-credential-helpers/credentials"
@@ -121,10 +123,20 @@ func (h Osxkeychain) List() (map[string]string, error) {
 
 	resp := make(map[string]string)
 	for _, r := range res {
-		if r.Path == "" {
+		proto := "http"
-			continue
+		if r.Protocol == kSecProtocolTypeHTTPS {
+			proto = "https"
 		}
-		resp[r.Path] = r.Account
+		host := r.Server
+		if r.Port != 0 {
+			host = net.JoinHostPort(host, strconv.Itoa(int(r.Port)))
+		}
+		u := url.URL{
+			Scheme: proto,
+			Host:   host,
+			Path:   r.Path,
+		}
+		resp[u.String()] = r.Account
 	}
 	return resp, nil
 }

osxkeychain/osxkeychain_test.go

@@ -15,11 +15,6 @@ func TestOSXKeychainHelper(t *testing.T) {
 		Username:  "foobar",
 		Secret:    "foobarbaz",
 	}
-	creds1 := &credentials.Credentials{
-		ServerURL: "https://foobar.example.com:2376/v2",
-		Username:  "foobarbaz",
-		Secret:    "foobar",
-	}
 	helper := Osxkeychain{}
 	if err := helper.Add(creds); err != nil {
 		t.Fatal(err)
@@ -43,19 +38,49 @@ func TestOSXKeychainHelper(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	helper.Add(creds1)
+	if _, ok := auths[creds.ServerURL]; !ok {
-	defer helper.Delete(creds1.ServerURL)
+		t.Fatalf("server %s not found in list, got: %+v", creds.ServerURL, auths)
-	newauths, err := helper.List()
-	if len(newauths)-len(auths) != 1 {
-		if err == nil {
-			t.Fatalf("Error: len(newauths): %d, len(auths): %d", len(newauths), len(auths))
-		}
-		t.Fatalf("Error: len(newauths): %d, len(auths): %d\n Error= %v", len(newauths), len(auths), err)
 	}
 
+	// Insert another token and check if it is in the list
+	creds1 := &credentials.Credentials{
+		ServerURL: "https://foobar.example.com:2376/v2",
+		Username:  "foobarbaz",
+		Secret:    "foobar",
+	}
+	helper.Add(creds1)
+	defer helper.Delete(creds1.ServerURL)
+
+	auths, err = helper.List()
+	if err != nil {
+		t.Fatalf("operation List failed: %+v", err)
+	}
+
+	if _, ok := auths[creds.ServerURL]; !ok {
+		t.Fatalf("server %s not found in list, got: %+v", creds.ServerURL, auths)
+	}
+	if _, ok := auths[creds1.ServerURL]; !ok {
+		t.Fatalf("server %s not found in list, got: %+v", creds1.ServerURL, auths)
+	}
+
+	// Delete the 1st token inserted
 	if err := helper.Delete(creds.ServerURL); err != nil {
 		t.Fatal(err)
 	}
+
+	auths, err = helper.List()
+	if err != nil {
+		t.Fatalf("operation List failed: %+v", err)
+	}
+
+	// First token should have been deleted
+	if _, ok := auths[creds.ServerURL]; ok {
+		t.Fatalf("server %s was not deleted, got: %+v", creds.ServerURL, auths)
+	}
+	// Second token should still be there
+	if _, ok := auths[creds1.ServerURL]; !ok {
+		t.Fatalf("server %s not found in list, got: %+v", creds1.ServerURL, auths)
+	}
 }
 
 // TestOSXKeychainHelperRetrieveAliases verifies that secrets can be accessed