diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2020-05-08 12:54:41 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-05-08 12:54:41 +0200 |
commit | cc6a77cc88bb997080f773d93d420025ce92da1d (patch) | |
tree | 0bd6781ada70e35a1629821a225a4683ac5b5384 | |
parent | ab518cdba02b85a32d3c2bce4c0b65dcdea4dfcc (diff) | |
parent | 45f731aa493f8e98e81dc0f3adc8ec80cf494567 (diff) | |
download | podman-cc6a77cc88bb997080f773d93d420025ce92da1d.tar.gz podman-cc6a77cc88bb997080f773d93d420025ce92da1d.tar.bz2 podman-cc6a77cc88bb997080f773d93d420025ce92da1d.zip |
Merge pull request #6078 from QiWang19/auth-common
auth pkg support emtpy argument & enable login test
-rw-r--r-- | cmd/podman/login.go | 7 | ||||
-rw-r--r-- | cmd/podman/logout.go | 17 | ||||
-rw-r--r-- | go.mod | 2 | ||||
-rw-r--r-- | go.sum | 2 | ||||
-rw-r--r-- | test/e2e/login_logout_test.go | 1 | ||||
-rw-r--r-- | vendor/github.com/containers/common/pkg/auth/auth.go | 68 | ||||
-rw-r--r-- | vendor/github.com/containers/common/pkg/auth/cli.go | 16 | ||||
-rw-r--r-- | vendor/github.com/containers/common/pkg/config/default.go | 12 | ||||
-rw-r--r-- | vendor/modules.txt | 2 |
9 files changed, 95 insertions, 32 deletions
diff --git a/cmd/podman/login.go b/cmd/podman/login.go index dc57758ab..8413861f5 100644 --- a/cmd/podman/login.go +++ b/cmd/podman/login.go @@ -8,6 +8,7 @@ import ( "github.com/containers/image/v5/types" "github.com/containers/libpod/cmd/podman/registry" "github.com/containers/libpod/pkg/domain/entities" + "github.com/containers/libpod/pkg/registries" "github.com/spf13/cobra" ) @@ -23,7 +24,7 @@ var ( Short: "Login to a container registry", Long: "Login to a container registry on a specified server.", RunE: login, - Args: cobra.ExactArgs(1), + Args: cobra.MaximumNArgs(1), Example: `podman login quay.io podman login --username ... --password ... quay.io podman login --authfile dir/auth.json quay.io`, @@ -48,6 +49,7 @@ func init() { flags.BoolVarP(&loginOptions.GetLoginSet, "get-login", "", false, "Return the current login user for the registry") loginOptions.Stdin = os.Stdin loginOptions.Stdout = os.Stdout + loginOptions.AcceptUnspecifiedRegistry = true } // Implementation of podman-login. @@ -62,7 +64,8 @@ func login(cmd *cobra.Command, args []string) error { AuthFilePath: loginOptions.AuthFile, DockerCertPath: loginOptions.CertDir, DockerInsecureSkipTLSVerify: skipTLS, + SystemRegistriesConfPath: registries.SystemRegistriesConfPath(), } loginOptions.GetLoginSet = cmd.Flag("get-login").Changed - return auth.Login(context.Background(), &sysCtx, &loginOptions.LoginOptions, args[0]) + return auth.Login(context.Background(), &sysCtx, &loginOptions.LoginOptions, args) } diff --git a/cmd/podman/logout.go b/cmd/podman/logout.go index c21711fc0..d0afc21b4 100644 --- a/cmd/podman/logout.go +++ b/cmd/podman/logout.go @@ -7,7 +7,7 @@ import ( "github.com/containers/image/v5/types" "github.com/containers/libpod/cmd/podman/registry" "github.com/containers/libpod/pkg/domain/entities" - "github.com/pkg/errors" + "github.com/containers/libpod/pkg/registries" "github.com/spf13/cobra" ) @@ -39,19 +39,14 @@ func init() { flags.AddFlagSet(auth.GetLogoutFlags(&logoutOptions)) logoutOptions.Stdin = os.Stdin logoutOptions.Stdout = os.Stdout + logoutOptions.AcceptUnspecifiedRegistry = true } // Implementation of podman-logout. func logout(cmd *cobra.Command, args []string) error { - sysCtx := types.SystemContext{AuthFilePath: logoutOptions.AuthFile} - - registry := "" - if len(args) > 0 { - if logoutOptions.All { - return errors.New("--all takes no arguments") - } - registry = args[0] + sysCtx := types.SystemContext{ + AuthFilePath: logoutOptions.AuthFile, + SystemRegistriesConfPath: registries.SystemRegistriesConfPath(), } - - return auth.Logout(&sysCtx, &logoutOptions, registry) + return auth.Logout(&sysCtx, &logoutOptions, args) } @@ -10,7 +10,7 @@ require ( github.com/containernetworking/cni v0.7.2-0.20200304161608-4fae32b84921 github.com/containernetworking/plugins v0.8.5 github.com/containers/buildah v1.14.9-0.20200501175434-42a48f9373d9 - github.com/containers/common v0.10.0 + github.com/containers/common v0.11.0 github.com/containers/conmon v2.0.14+incompatible github.com/containers/image/v5 v5.4.3 github.com/containers/psgo v1.5.0 @@ -72,6 +72,8 @@ github.com/containers/buildah v1.14.9-0.20200501175434-42a48f9373d9 h1:EGegltin1 github.com/containers/buildah v1.14.9-0.20200501175434-42a48f9373d9/go.mod h1:+2aNsVcd4pVzmVAbOfWN5X+0Lpz2rtICSGXbTSCzdBU= github.com/containers/common v0.10.0 h1:Km1foMJJBIxceA1/UCZcIuwf8sCF71sP5DwE6Oh1BEA= github.com/containers/common v0.10.0/go.mod h1:6A/moCuQITXLqBe5A0WKKTcCfCmEQRbknI05HcPzOL0= +github.com/containers/common v0.11.0 h1:uFSBIl9iqoTIv8icBe9lPrYKkmSiGrAWr0a2PyJLrO4= +github.com/containers/common v0.11.0/go.mod h1:ag8p8Xp2o1wPAPz/+bA7LVQlDavtg3M15RZLBWt/2KE= github.com/containers/conmon v2.0.14+incompatible h1:knU1O1QxXy5YxtjMQVKEyCajROaehizK9FHaICl+P5Y= github.com/containers/conmon v2.0.14+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/image/v5 v5.4.3 h1:zn2HR7uu4hpvT5QQHgjqonOzKDuM1I1UHUEmzZT5sbs= diff --git a/test/e2e/login_logout_test.go b/test/e2e/login_logout_test.go index dd35d8489..3f76daa67 100644 --- a/test/e2e/login_logout_test.go +++ b/test/e2e/login_logout_test.go @@ -32,7 +32,6 @@ var _ = Describe("Podman login and logout", func() { ) BeforeEach(func() { - Skip(v2fail) tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) diff --git a/vendor/github.com/containers/common/pkg/auth/auth.go b/vendor/github.com/containers/common/pkg/auth/auth.go index 769e5a9fa..4e0400d23 100644 --- a/vendor/github.com/containers/common/pkg/auth/auth.go +++ b/vendor/github.com/containers/common/pkg/auth/auth.go @@ -9,6 +9,7 @@ import ( "github.com/containers/image/v5/docker" "github.com/containers/image/v5/pkg/docker/config" + "github.com/containers/image/v5/pkg/sysregistriesv2" "github.com/containers/image/v5/types" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -33,9 +34,27 @@ func CheckAuthFile(authfile string) error { return nil } -// Login login to the server with creds from Stdin or CLI -func Login(ctx context.Context, systemContext *types.SystemContext, opts *LoginOptions, registry string) error { - server := getRegistryName(registry) +// Login implements a “log in” command with the provided opts and args +// reading the password from opts.Stdin or the options in opts. +func Login(ctx context.Context, systemContext *types.SystemContext, opts *LoginOptions, args []string) error { + var ( + server string + err error + ) + if len(args) > 1 { + return errors.Errorf("login accepts only one registry to login to") + } + if len(args) == 0 { + if !opts.AcceptUnspecifiedRegistry { + return errors.Errorf("please provide a registry to login to") + } + if server, err = defaultRegistryWhenUnspecified(systemContext); err != nil { + return err + } + logrus.Debugf("registry not specified, default to the first registry %q from registries.conf", server) + } else { + server = getRegistryName(args[0]) + } authConfig, err := config.GetCredentials(systemContext, server) if err != nil { return errors.Wrapf(err, "error reading auth file") @@ -151,11 +170,29 @@ func getUserAndPass(opts *LoginOptions, password, userFromAuthFile string) (stri return strings.TrimSpace(username), password, err } -// Logout removes the authentication of server from authfile -// removes all authtication if specifies all in the options -func Logout(systemContext *types.SystemContext, opts *LogoutOptions, server string) error { - if server != "" { - server = getRegistryName(server) +// Logout implements a “log out” command with the provided opts and args +func Logout(systemContext *types.SystemContext, opts *LogoutOptions, args []string) error { + var ( + server string + err error + ) + if len(args) > 1 { + return errors.Errorf("logout accepts only one registry to logout from") + } + if len(args) == 0 && !opts.All { + if !opts.AcceptUnspecifiedRegistry { + return errors.Errorf("please provide a registry to logout from") + } + if server, err = defaultRegistryWhenUnspecified(systemContext); err != nil { + return err + } + logrus.Debugf("registry not specified, default to the first registry %q from registries.conf", server) + } + if len(args) != 0 { + if opts.All { + return errors.Errorf("--all takes no arguments") + } + server = getRegistryName(args[0]) } if err := CheckAuthFile(opts.AuthFile); err != nil { return err @@ -169,7 +206,7 @@ func Logout(systemContext *types.SystemContext, opts *LogoutOptions, server stri return nil } - err := config.RemoveAuthentication(systemContext, server) + err = config.RemoveAuthentication(systemContext, server) switch err { case nil: fmt.Fprintf(opts.Stdout, "Removed login credentials for %s\n", server) @@ -180,3 +217,16 @@ func Logout(systemContext *types.SystemContext, opts *LogoutOptions, server stri return errors.Wrapf(err, "error logging out of %q", server) } } + +// defaultRegistryWhenUnspecified returns first registry from search list of registry.conf +// used by login/logout when registry argument is not specified +func defaultRegistryWhenUnspecified(systemContext *types.SystemContext) (string, error) { + registriesFromFile, err := sysregistriesv2.UnqualifiedSearchRegistries(systemContext) + if err != nil { + return "", errors.Wrapf(err, "error getting registry from registry.conf, please specify a registry") + } + if len(registriesFromFile) == 0 { + return "", errors.Errorf("no registries found in registries.conf, a registry must be provided") + } + return registriesFromFile[0], nil +} diff --git a/vendor/github.com/containers/common/pkg/auth/cli.go b/vendor/github.com/containers/common/pkg/auth/cli.go index dffd06718..3384b0731 100644 --- a/vendor/github.com/containers/common/pkg/auth/cli.go +++ b/vendor/github.com/containers/common/pkg/auth/cli.go @@ -9,22 +9,28 @@ import ( // LoginOptions represents common flags in login // caller should define bool or optionalBool fields for flags --get-login and --tls-verify type LoginOptions struct { + // CLI flags managed by the FlagSet returned by GetLoginFlags AuthFile string CertDir string - GetLoginSet bool Password string Username string StdinPassword bool - Stdin io.Reader - Stdout io.Writer + // Options caller can set + GetLoginSet bool // set to true if --get-login is explicitly set + Stdin io.Reader // set to os.Stdin + Stdout io.Writer // set to os.Stdout + AcceptUnspecifiedRegistry bool // set to true if allows login with unspecified registry } // LogoutOptions represents the results for flags in logout type LogoutOptions struct { + // CLI flags managed by the FlagSet returned by GetLogoutFlags AuthFile string All bool - Stdin io.Reader - Stdout io.Writer + // Options caller can set + Stdin io.Reader // set to os.Stdin + Stdout io.Writer // set to os.Stdout + AcceptUnspecifiedRegistry bool // set to true if allows logout with unspecified registry } // GetLoginFlags defines and returns login flags for containers tools diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go index 446382ac7..ec52ff706 100644 --- a/vendor/github.com/containers/common/pkg/config/default.go +++ b/vendor/github.com/containers/common/pkg/config/default.go @@ -105,6 +105,9 @@ const ( DefaultPidsLimit = 2048 // DefaultPullPolicy pulls the image if it does not exist locally DefaultPullPolicy = "missing" + // DefaultSignaturePolicyPath is the default value for the + // policy.json file. + DefaultSignaturePolicyPath = "/etc/containers/policy.json" // DefaultRootlessSignaturePolicyPath is the default value for the // rootless policy.json file. DefaultRootlessSignaturePolicyPath = ".config/containers/policy.json" @@ -129,14 +132,19 @@ func DefaultConfig() (*Config, error) { } netns := "bridge" + + defaultEngineConfig.SignaturePolicyPath = DefaultSignaturePolicyPath if unshare.IsRootless() { home, err := unshare.HomeDir() if err != nil { return nil, err } sigPath := filepath.Join(home, DefaultRootlessSignaturePolicyPath) - if _, err := os.Stat(sigPath); err == nil { - defaultEngineConfig.SignaturePolicyPath = sigPath + defaultEngineConfig.SignaturePolicyPath = sigPath + if _, err := os.Stat(sigPath); err != nil { + if _, err := os.Stat(DefaultSignaturePolicyPath); err == nil { + defaultEngineConfig.SignaturePolicyPath = DefaultSignaturePolicyPath + } } netns = "slirp4netns" } diff --git a/vendor/modules.txt b/vendor/modules.txt index 5018a77cb..04d961103 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -82,7 +82,7 @@ github.com/containers/buildah/pkg/secrets github.com/containers/buildah/pkg/supplemented github.com/containers/buildah/pkg/umask github.com/containers/buildah/util -# github.com/containers/common v0.10.0 +# github.com/containers/common v0.11.0 github.com/containers/common/pkg/apparmor github.com/containers/common/pkg/auth github.com/containers/common/pkg/capabilities |