summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2021-09-09 06:42:15 -0400
committerGitHub <noreply@github.com>2021-09-09 06:42:15 -0400
commite73574aa7ce24aa6dfd8c52287c37b036d005dfb (patch)
treed851a609601f0566ec2eb2bb718502838b790b14
parent2b41c4d667d3bc830e4fef629c6fc24d5cf8ae1e (diff)
parentbbdaf837b190fc7b941c5b1d49404bc610ab70fc (diff)
downloadpodman-e73574aa7ce24aa6dfd8c52287c37b036d005dfb.tar.gz
podman-e73574aa7ce24aa6dfd8c52287c37b036d005dfb.tar.bz2
podman-e73574aa7ce24aa6dfd8c52287c37b036d005dfb.zip
Merge pull request #11430 from saschagrunert/normalize-key
Normalize auth key before calling `SetAuthentication`
-rw-r--r--pkg/auth/auth.go20
-rw-r--r--pkg/auth/auth_test.go66
2 files changed, 85 insertions, 1 deletions
diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go
index ecfa6651c..6aff880f4 100644
--- a/pkg/auth/auth.go
+++ b/pkg/auth/auth.go
@@ -259,7 +259,9 @@ func authConfigsToAuthFile(authConfigs map[string]types.DockerAuthConfig) (strin
// tested, and we make sure to use the same code as the image backend.
sys := types.SystemContext{AuthFilePath: authFilePath}
for server, config := range authConfigs {
- // Note that we do not validate the credentials here. Wassume
+ server = normalize(server)
+
+ // Note that we do not validate the credentials here. We assume
// that all credentials are valid. They'll be used on demand
// later.
if err := imageAuth.SetAuthentication(&sys, server, config.Username, config.Password); err != nil {
@@ -270,6 +272,22 @@ func authConfigsToAuthFile(authConfigs map[string]types.DockerAuthConfig) (strin
return authFilePath, nil
}
+// normalize takes a server and removes the leading "http[s]://" prefix as well
+// as removes path suffixes from docker registries.
+func normalize(server string) string {
+ stripped := strings.TrimPrefix(server, "http://")
+ stripped = strings.TrimPrefix(stripped, "https://")
+
+ /// Normalize docker registries
+ if strings.HasPrefix(stripped, "index.docker.io/") ||
+ strings.HasPrefix(stripped, "registry-1.docker.io/") ||
+ strings.HasPrefix(stripped, "docker.io/") {
+ stripped = strings.SplitN(stripped, "/", 2)[0]
+ }
+
+ return stripped
+}
+
// dockerAuthToImageAuth converts a docker auth config to one we're using
// internally from c/image. Note that the Docker types look slightly
// different, so we need to convert to be extra sure we're not running into
diff --git a/pkg/auth/auth_test.go b/pkg/auth/auth_test.go
new file mode 100644
index 000000000..da2d9a5c5
--- /dev/null
+++ b/pkg/auth/auth_test.go
@@ -0,0 +1,66 @@
+package auth
+
+import (
+ "io/ioutil"
+ "testing"
+
+ "github.com/containers/image/v5/types"
+ "github.com/stretchr/testify/assert"
+)
+
+func TestAuthConfigsToAuthFile(t *testing.T) {
+ for _, tc := range []struct {
+ name string
+ server string
+ shouldErr bool
+ expectedContains string
+ }{
+ {
+ name: "empty auth configs",
+ server: "",
+ shouldErr: false,
+ expectedContains: "{}",
+ },
+ {
+ name: "registry with prefix",
+ server: "my-registry.local/username",
+ shouldErr: false,
+ expectedContains: `"my-registry.local/username":`,
+ },
+ {
+ name: "normalize https:// prefix",
+ server: "http://my-registry.local/username",
+ shouldErr: false,
+ expectedContains: `"my-registry.local/username":`,
+ },
+ {
+ name: "normalize docker registry with https prefix",
+ server: "http://index.docker.io/v1/",
+ shouldErr: false,
+ expectedContains: `"index.docker.io":`,
+ },
+ {
+ name: "normalize docker registry without https prefix",
+ server: "docker.io/v2/",
+ shouldErr: false,
+ expectedContains: `"docker.io":`,
+ },
+ } {
+ configs := map[string]types.DockerAuthConfig{}
+ if tc.server != "" {
+ configs[tc.server] = types.DockerAuthConfig{}
+ }
+
+ filePath, err := authConfigsToAuthFile(configs)
+
+ if tc.shouldErr {
+ assert.NotNil(t, err)
+ assert.Empty(t, filePath)
+ } else {
+ assert.Nil(t, err)
+ content, err := ioutil.ReadFile(filePath)
+ assert.Nil(t, err)
+ assert.Contains(t, string(content), tc.expectedContains)
+ }
+ }
+}