summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMilivoje Legenovic <m.legenovic@gmail.com>2021-01-19 23:12:14 +0100
committerMilivoje Legenovic <m.legenovic@gmail.com>2021-01-22 18:26:21 +0100
commitc9baa6b93b38b96b2b85bfb732c3677f31574ba1 (patch)
treea5534cf1a3526d6956ce4eaa0d3b9163d0152fcc
parent47616fe64720aedff76bbf37e46093800cdfee95 (diff)
downloadpodman-c9baa6b93b38b96b2b85bfb732c3677f31574ba1.tar.gz
podman-c9baa6b93b38b96b2b85bfb732c3677f31574ba1.tar.bz2
podman-c9baa6b93b38b96b2b85bfb732c3677f31574ba1.zip
Accept and ignore 'null' as value for X-Registry-Auth
docker-client is a library written in Java and used in Eclipse to speak with Docker API. When endpoint /images/search is called, HTTP header attribute X-Registry-Auth has value "null". This is for sure wrong but Docker tolerates this value, and call works. With this patch call works also with Podman. #7857 Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
-rw-r--r--pkg/auth/auth.go8
-rw-r--r--test/apiv2/rest_api/test_rest_v2_0_0.py46
2 files changed, 52 insertions, 2 deletions
diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go
index fcbf6fe39..86d92c028 100644
--- a/pkg/auth/auth.go
+++ b/pkg/auth/auth.go
@@ -297,7 +297,9 @@ func imageAuthToDockerAuth(authConfig types.DockerAuthConfig) dockerAPITypes.Aut
func singleAuthHeader(r *http.Request) (map[string]types.DockerAuthConfig, error) {
authHeader := r.Header.Get(string(XRegistryAuthHeader))
authConfig := dockerAPITypes.AuthConfig{}
- if len(authHeader) > 0 {
+ // Accept "null" and handle it as empty value for compatibility reason with Docker.
+ // Some java docker clients pass this value, e.g. this one used in Eclipse.
+ if len(authHeader) > 0 && authHeader != "null" {
authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authHeader))
if err := json.NewDecoder(authJSON).Decode(&authConfig); err != nil {
return nil, err
@@ -312,7 +314,9 @@ func singleAuthHeader(r *http.Request) (map[string]types.DockerAuthConfig, error
// The header content is a map[string]DockerAuthConfigs.
func multiAuthHeader(r *http.Request) (map[string]types.DockerAuthConfig, error) {
authHeader := r.Header.Get(string(XRegistryAuthHeader))
- if len(authHeader) == 0 {
+ // Accept "null" and handle it as empty value for compatibility reason with Docker.
+ // Some java docker clients pass this value, e.g. this one used in Eclipse.
+ if len(authHeader) == 0 || authHeader == "null" {
return nil, nil
}
diff --git a/test/apiv2/rest_api/test_rest_v2_0_0.py b/test/apiv2/rest_api/test_rest_v2_0_0.py
index cc66dd5af..5676ff65d 100644
--- a/test/apiv2/rest_api/test_rest_v2_0_0.py
+++ b/test/apiv2/rest_api/test_rest_v2_0_0.py
@@ -356,6 +356,52 @@ class TestApi(unittest.TestCase):
self.assertTrue(keys["stream"], "Expected to find stream progress stanza's")
def test_search_compat(self):
+ url = PODMAN_URL + "/v1.40/images/search"
+ # Had issues with this test hanging when repositories not happy
+ def do_search1():
+ payload = {'term': 'alpine'}
+ r = requests.get(url, params=payload, timeout=5)
+ self.assertEqual(r.status_code, 200, r.text)
+ objs = json.loads(r.text)
+ self.assertIn(type(objs), (list,))
+
+ def do_search2():
+ payload = {'term': 'alpine', 'limit': 1}
+ r = requests.get(url, params=payload, timeout=5)
+ self.assertEqual(r.status_code, 200, r.text)
+ objs = json.loads(r.text)
+ self.assertIn(type(objs), (list,))
+ self.assertEqual(len(objs), 1)
+
+ def do_search3():
+ payload = {'term': 'alpine', 'filters': {'is-official': True}}
+ r = requests.get(url, params=payload, timeout=5)
+ self.assertEqual(r.status_code, 200, r.text)
+ objs = json.loads(r.text)
+ self.assertIn(type(objs), (list,))
+# TODO: Request should return only one item, but it returns more. For now this check is commented out.
+# self.assertEqual(len(objs), 1)
+
+ def do_search4():
+ headers = {'X-Registry-Auth': 'null'}
+ payload = {'term': 'alpine'}
+ r = requests.get(url, params=payload, headers=headers, timeout=5)
+ self.assertEqual(r.status_code, 200, r.text)
+
+ def do_search5():
+ headers = {'X-Registry-Auth': 'invalid value'}
+ payload = {'term': 'alpine'}
+ r = requests.get(url, params=payload, headers=headers, timeout=5)
+ self.assertEqual(r.status_code, 400, r.text)
+
+ search_methods = [do_search1, do_search2, do_search3, do_search4, do_search5]
+ for search_method in search_methods:
+ search = Process(target=search_method)
+ search.start()
+ search.join(timeout=10)
+ self.assertFalse(search.is_alive(), "/images/search took too long")
+
+ def test_search_compat_with_(self):
# Had issues with this test hanging when repositories not happy
def do_search():
r = requests.get(PODMAN_URL + "/v1.40/images/search?term=alpine", timeout=5)