summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2020-05-08 12:54:41 +0200
committerGitHub <noreply@github.com>2020-05-08 12:54:41 +0200
commitcc6a77cc88bb997080f773d93d420025ce92da1d (patch)
tree0bd6781ada70e35a1629821a225a4683ac5b5384
parentab518cdba02b85a32d3c2bce4c0b65dcdea4dfcc (diff)
parent45f731aa493f8e98e81dc0f3adc8ec80cf494567 (diff)
downloadpodman-cc6a77cc88bb997080f773d93d420025ce92da1d.tar.gz
podman-cc6a77cc88bb997080f773d93d420025ce92da1d.tar.bz2
podman-cc6a77cc88bb997080f773d93d420025ce92da1d.zip
Merge pull request #6078 from QiWang19/auth-common
auth pkg support emtpy argument & enable login test
-rw-r--r--cmd/podman/login.go7
-rw-r--r--cmd/podman/logout.go17
-rw-r--r--go.mod2
-rw-r--r--go.sum2
-rw-r--r--test/e2e/login_logout_test.go1
-rw-r--r--vendor/github.com/containers/common/pkg/auth/auth.go68
-rw-r--r--vendor/github.com/containers/common/pkg/auth/cli.go16
-rw-r--r--vendor/github.com/containers/common/pkg/config/default.go12
-rw-r--r--vendor/modules.txt2
9 files changed, 95 insertions, 32 deletions
diff --git a/cmd/podman/login.go b/cmd/podman/login.go
index dc57758ab..8413861f5 100644
--- a/cmd/podman/login.go
+++ b/cmd/podman/login.go
@@ -8,6 +8,7 @@ import (
"github.com/containers/image/v5/types"
"github.com/containers/libpod/cmd/podman/registry"
"github.com/containers/libpod/pkg/domain/entities"
+ "github.com/containers/libpod/pkg/registries"
"github.com/spf13/cobra"
)
@@ -23,7 +24,7 @@ var (
Short: "Login to a container registry",
Long: "Login to a container registry on a specified server.",
RunE: login,
- Args: cobra.ExactArgs(1),
+ Args: cobra.MaximumNArgs(1),
Example: `podman login quay.io
podman login --username ... --password ... quay.io
podman login --authfile dir/auth.json quay.io`,
@@ -48,6 +49,7 @@ func init() {
flags.BoolVarP(&loginOptions.GetLoginSet, "get-login", "", false, "Return the current login user for the registry")
loginOptions.Stdin = os.Stdin
loginOptions.Stdout = os.Stdout
+ loginOptions.AcceptUnspecifiedRegistry = true
}
// Implementation of podman-login.
@@ -62,7 +64,8 @@ func login(cmd *cobra.Command, args []string) error {
AuthFilePath: loginOptions.AuthFile,
DockerCertPath: loginOptions.CertDir,
DockerInsecureSkipTLSVerify: skipTLS,
+ SystemRegistriesConfPath: registries.SystemRegistriesConfPath(),
}
loginOptions.GetLoginSet = cmd.Flag("get-login").Changed
- return auth.Login(context.Background(), &sysCtx, &loginOptions.LoginOptions, args[0])
+ return auth.Login(context.Background(), &sysCtx, &loginOptions.LoginOptions, args)
}
diff --git a/cmd/podman/logout.go b/cmd/podman/logout.go
index c21711fc0..d0afc21b4 100644
--- a/cmd/podman/logout.go
+++ b/cmd/podman/logout.go
@@ -7,7 +7,7 @@ import (
"github.com/containers/image/v5/types"
"github.com/containers/libpod/cmd/podman/registry"
"github.com/containers/libpod/pkg/domain/entities"
- "github.com/pkg/errors"
+ "github.com/containers/libpod/pkg/registries"
"github.com/spf13/cobra"
)
@@ -39,19 +39,14 @@ func init() {
flags.AddFlagSet(auth.GetLogoutFlags(&logoutOptions))
logoutOptions.Stdin = os.Stdin
logoutOptions.Stdout = os.Stdout
+ logoutOptions.AcceptUnspecifiedRegistry = true
}
// Implementation of podman-logout.
func logout(cmd *cobra.Command, args []string) error {
- sysCtx := types.SystemContext{AuthFilePath: logoutOptions.AuthFile}
-
- registry := ""
- if len(args) > 0 {
- if logoutOptions.All {
- return errors.New("--all takes no arguments")
- }
- registry = args[0]
+ sysCtx := types.SystemContext{
+ AuthFilePath: logoutOptions.AuthFile,
+ SystemRegistriesConfPath: registries.SystemRegistriesConfPath(),
}
-
- return auth.Logout(&sysCtx, &logoutOptions, registry)
+ return auth.Logout(&sysCtx, &logoutOptions, args)
}
diff --git a/go.mod b/go.mod
index ad658123f..fda6e6396 100644
--- a/go.mod
+++ b/go.mod
@@ -10,7 +10,7 @@ require (
github.com/containernetworking/cni v0.7.2-0.20200304161608-4fae32b84921
github.com/containernetworking/plugins v0.8.5
github.com/containers/buildah v1.14.9-0.20200501175434-42a48f9373d9
- github.com/containers/common v0.10.0
+ github.com/containers/common v0.11.0
github.com/containers/conmon v2.0.14+incompatible
github.com/containers/image/v5 v5.4.3
github.com/containers/psgo v1.5.0
diff --git a/go.sum b/go.sum
index 7050589b0..b0949f31c 100644
--- a/go.sum
+++ b/go.sum
@@ -72,6 +72,8 @@ github.com/containers/buildah v1.14.9-0.20200501175434-42a48f9373d9 h1:EGegltin1
github.com/containers/buildah v1.14.9-0.20200501175434-42a48f9373d9/go.mod h1:+2aNsVcd4pVzmVAbOfWN5X+0Lpz2rtICSGXbTSCzdBU=
github.com/containers/common v0.10.0 h1:Km1foMJJBIxceA1/UCZcIuwf8sCF71sP5DwE6Oh1BEA=
github.com/containers/common v0.10.0/go.mod h1:6A/moCuQITXLqBe5A0WKKTcCfCmEQRbknI05HcPzOL0=
+github.com/containers/common v0.11.0 h1:uFSBIl9iqoTIv8icBe9lPrYKkmSiGrAWr0a2PyJLrO4=
+github.com/containers/common v0.11.0/go.mod h1:ag8p8Xp2o1wPAPz/+bA7LVQlDavtg3M15RZLBWt/2KE=
github.com/containers/conmon v2.0.14+incompatible h1:knU1O1QxXy5YxtjMQVKEyCajROaehizK9FHaICl+P5Y=
github.com/containers/conmon v2.0.14+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
github.com/containers/image/v5 v5.4.3 h1:zn2HR7uu4hpvT5QQHgjqonOzKDuM1I1UHUEmzZT5sbs=
diff --git a/test/e2e/login_logout_test.go b/test/e2e/login_logout_test.go
index dd35d8489..3f76daa67 100644
--- a/test/e2e/login_logout_test.go
+++ b/test/e2e/login_logout_test.go
@@ -32,7 +32,6 @@ var _ = Describe("Podman login and logout", func() {
)
BeforeEach(func() {
- Skip(v2fail)
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
diff --git a/vendor/github.com/containers/common/pkg/auth/auth.go b/vendor/github.com/containers/common/pkg/auth/auth.go
index 769e5a9fa..4e0400d23 100644
--- a/vendor/github.com/containers/common/pkg/auth/auth.go
+++ b/vendor/github.com/containers/common/pkg/auth/auth.go
@@ -9,6 +9,7 @@ import (
"github.com/containers/image/v5/docker"
"github.com/containers/image/v5/pkg/docker/config"
+ "github.com/containers/image/v5/pkg/sysregistriesv2"
"github.com/containers/image/v5/types"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
@@ -33,9 +34,27 @@ func CheckAuthFile(authfile string) error {
return nil
}
-// Login login to the server with creds from Stdin or CLI
-func Login(ctx context.Context, systemContext *types.SystemContext, opts *LoginOptions, registry string) error {
- server := getRegistryName(registry)
+// Login implements a “log in” command with the provided opts and args
+// reading the password from opts.Stdin or the options in opts.
+func Login(ctx context.Context, systemContext *types.SystemContext, opts *LoginOptions, args []string) error {
+ var (
+ server string
+ err error
+ )
+ if len(args) > 1 {
+ return errors.Errorf("login accepts only one registry to login to")
+ }
+ if len(args) == 0 {
+ if !opts.AcceptUnspecifiedRegistry {
+ return errors.Errorf("please provide a registry to login to")
+ }
+ if server, err = defaultRegistryWhenUnspecified(systemContext); err != nil {
+ return err
+ }
+ logrus.Debugf("registry not specified, default to the first registry %q from registries.conf", server)
+ } else {
+ server = getRegistryName(args[0])
+ }
authConfig, err := config.GetCredentials(systemContext, server)
if err != nil {
return errors.Wrapf(err, "error reading auth file")
@@ -151,11 +170,29 @@ func getUserAndPass(opts *LoginOptions, password, userFromAuthFile string) (stri
return strings.TrimSpace(username), password, err
}
-// Logout removes the authentication of server from authfile
-// removes all authtication if specifies all in the options
-func Logout(systemContext *types.SystemContext, opts *LogoutOptions, server string) error {
- if server != "" {
- server = getRegistryName(server)
+// Logout implements a “log out” command with the provided opts and args
+func Logout(systemContext *types.SystemContext, opts *LogoutOptions, args []string) error {
+ var (
+ server string
+ err error
+ )
+ if len(args) > 1 {
+ return errors.Errorf("logout accepts only one registry to logout from")
+ }
+ if len(args) == 0 && !opts.All {
+ if !opts.AcceptUnspecifiedRegistry {
+ return errors.Errorf("please provide a registry to logout from")
+ }
+ if server, err = defaultRegistryWhenUnspecified(systemContext); err != nil {
+ return err
+ }
+ logrus.Debugf("registry not specified, default to the first registry %q from registries.conf", server)
+ }
+ if len(args) != 0 {
+ if opts.All {
+ return errors.Errorf("--all takes no arguments")
+ }
+ server = getRegistryName(args[0])
}
if err := CheckAuthFile(opts.AuthFile); err != nil {
return err
@@ -169,7 +206,7 @@ func Logout(systemContext *types.SystemContext, opts *LogoutOptions, server stri
return nil
}
- err := config.RemoveAuthentication(systemContext, server)
+ err = config.RemoveAuthentication(systemContext, server)
switch err {
case nil:
fmt.Fprintf(opts.Stdout, "Removed login credentials for %s\n", server)
@@ -180,3 +217,16 @@ func Logout(systemContext *types.SystemContext, opts *LogoutOptions, server stri
return errors.Wrapf(err, "error logging out of %q", server)
}
}
+
+// defaultRegistryWhenUnspecified returns first registry from search list of registry.conf
+// used by login/logout when registry argument is not specified
+func defaultRegistryWhenUnspecified(systemContext *types.SystemContext) (string, error) {
+ registriesFromFile, err := sysregistriesv2.UnqualifiedSearchRegistries(systemContext)
+ if err != nil {
+ return "", errors.Wrapf(err, "error getting registry from registry.conf, please specify a registry")
+ }
+ if len(registriesFromFile) == 0 {
+ return "", errors.Errorf("no registries found in registries.conf, a registry must be provided")
+ }
+ return registriesFromFile[0], nil
+}
diff --git a/vendor/github.com/containers/common/pkg/auth/cli.go b/vendor/github.com/containers/common/pkg/auth/cli.go
index dffd06718..3384b0731 100644
--- a/vendor/github.com/containers/common/pkg/auth/cli.go
+++ b/vendor/github.com/containers/common/pkg/auth/cli.go
@@ -9,22 +9,28 @@ import (
// LoginOptions represents common flags in login
// caller should define bool or optionalBool fields for flags --get-login and --tls-verify
type LoginOptions struct {
+ // CLI flags managed by the FlagSet returned by GetLoginFlags
AuthFile string
CertDir string
- GetLoginSet bool
Password string
Username string
StdinPassword bool
- Stdin io.Reader
- Stdout io.Writer
+ // Options caller can set
+ GetLoginSet bool // set to true if --get-login is explicitly set
+ Stdin io.Reader // set to os.Stdin
+ Stdout io.Writer // set to os.Stdout
+ AcceptUnspecifiedRegistry bool // set to true if allows login with unspecified registry
}
// LogoutOptions represents the results for flags in logout
type LogoutOptions struct {
+ // CLI flags managed by the FlagSet returned by GetLogoutFlags
AuthFile string
All bool
- Stdin io.Reader
- Stdout io.Writer
+ // Options caller can set
+ Stdin io.Reader // set to os.Stdin
+ Stdout io.Writer // set to os.Stdout
+ AcceptUnspecifiedRegistry bool // set to true if allows logout with unspecified registry
}
// GetLoginFlags defines and returns login flags for containers tools
diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go
index 446382ac7..ec52ff706 100644
--- a/vendor/github.com/containers/common/pkg/config/default.go
+++ b/vendor/github.com/containers/common/pkg/config/default.go
@@ -105,6 +105,9 @@ const (
DefaultPidsLimit = 2048
// DefaultPullPolicy pulls the image if it does not exist locally
DefaultPullPolicy = "missing"
+ // DefaultSignaturePolicyPath is the default value for the
+ // policy.json file.
+ DefaultSignaturePolicyPath = "/etc/containers/policy.json"
// DefaultRootlessSignaturePolicyPath is the default value for the
// rootless policy.json file.
DefaultRootlessSignaturePolicyPath = ".config/containers/policy.json"
@@ -129,14 +132,19 @@ func DefaultConfig() (*Config, error) {
}
netns := "bridge"
+
+ defaultEngineConfig.SignaturePolicyPath = DefaultSignaturePolicyPath
if unshare.IsRootless() {
home, err := unshare.HomeDir()
if err != nil {
return nil, err
}
sigPath := filepath.Join(home, DefaultRootlessSignaturePolicyPath)
- if _, err := os.Stat(sigPath); err == nil {
- defaultEngineConfig.SignaturePolicyPath = sigPath
+ defaultEngineConfig.SignaturePolicyPath = sigPath
+ if _, err := os.Stat(sigPath); err != nil {
+ if _, err := os.Stat(DefaultSignaturePolicyPath); err == nil {
+ defaultEngineConfig.SignaturePolicyPath = DefaultSignaturePolicyPath
+ }
}
netns = "slirp4netns"
}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 5018a77cb..04d961103 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -82,7 +82,7 @@ github.com/containers/buildah/pkg/secrets
github.com/containers/buildah/pkg/supplemented
github.com/containers/buildah/pkg/umask
github.com/containers/buildah/util
-# github.com/containers/common v0.10.0
+# github.com/containers/common v0.11.0
github.com/containers/common/pkg/apparmor
github.com/containers/common/pkg/auth
github.com/containers/common/pkg/capabilities