diff options
author | Milivoje Legenovic <m.legenovic@gmail.com> | 2021-01-19 23:12:14 +0100 |
---|---|---|
committer | Milivoje Legenovic <m.legenovic@gmail.com> | 2021-01-22 18:26:21 +0100 |
commit | c9baa6b93b38b96b2b85bfb732c3677f31574ba1 (patch) | |
tree | a5534cf1a3526d6956ce4eaa0d3b9163d0152fcc | |
parent | 47616fe64720aedff76bbf37e46093800cdfee95 (diff) | |
download | podman-c9baa6b93b38b96b2b85bfb732c3677f31574ba1.tar.gz podman-c9baa6b93b38b96b2b85bfb732c3677f31574ba1.tar.bz2 podman-c9baa6b93b38b96b2b85bfb732c3677f31574ba1.zip |
Accept and ignore 'null' as value for X-Registry-Auth
docker-client is a library written in Java and used in Eclipse to
speak with Docker API. When endpoint /images/search is called,
HTTP header attribute X-Registry-Auth has value "null". This is for
sure wrong but Docker tolerates this value, and call works. With this
patch call works also with Podman. #7857
Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
-rw-r--r-- | pkg/auth/auth.go | 8 | ||||
-rw-r--r-- | test/apiv2/rest_api/test_rest_v2_0_0.py | 46 |
2 files changed, 52 insertions, 2 deletions
diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go index fcbf6fe39..86d92c028 100644 --- a/pkg/auth/auth.go +++ b/pkg/auth/auth.go @@ -297,7 +297,9 @@ func imageAuthToDockerAuth(authConfig types.DockerAuthConfig) dockerAPITypes.Aut func singleAuthHeader(r *http.Request) (map[string]types.DockerAuthConfig, error) { authHeader := r.Header.Get(string(XRegistryAuthHeader)) authConfig := dockerAPITypes.AuthConfig{} - if len(authHeader) > 0 { + // Accept "null" and handle it as empty value for compatibility reason with Docker. + // Some java docker clients pass this value, e.g. this one used in Eclipse. + if len(authHeader) > 0 && authHeader != "null" { authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authHeader)) if err := json.NewDecoder(authJSON).Decode(&authConfig); err != nil { return nil, err @@ -312,7 +314,9 @@ func singleAuthHeader(r *http.Request) (map[string]types.DockerAuthConfig, error // The header content is a map[string]DockerAuthConfigs. func multiAuthHeader(r *http.Request) (map[string]types.DockerAuthConfig, error) { authHeader := r.Header.Get(string(XRegistryAuthHeader)) - if len(authHeader) == 0 { + // Accept "null" and handle it as empty value for compatibility reason with Docker. + // Some java docker clients pass this value, e.g. this one used in Eclipse. + if len(authHeader) == 0 || authHeader == "null" { return nil, nil } diff --git a/test/apiv2/rest_api/test_rest_v2_0_0.py b/test/apiv2/rest_api/test_rest_v2_0_0.py index cc66dd5af..5676ff65d 100644 --- a/test/apiv2/rest_api/test_rest_v2_0_0.py +++ b/test/apiv2/rest_api/test_rest_v2_0_0.py @@ -356,6 +356,52 @@ class TestApi(unittest.TestCase): self.assertTrue(keys["stream"], "Expected to find stream progress stanza's") def test_search_compat(self): + url = PODMAN_URL + "/v1.40/images/search" + # Had issues with this test hanging when repositories not happy + def do_search1(): + payload = {'term': 'alpine'} + r = requests.get(url, params=payload, timeout=5) + self.assertEqual(r.status_code, 200, r.text) + objs = json.loads(r.text) + self.assertIn(type(objs), (list,)) + + def do_search2(): + payload = {'term': 'alpine', 'limit': 1} + r = requests.get(url, params=payload, timeout=5) + self.assertEqual(r.status_code, 200, r.text) + objs = json.loads(r.text) + self.assertIn(type(objs), (list,)) + self.assertEqual(len(objs), 1) + + def do_search3(): + payload = {'term': 'alpine', 'filters': {'is-official': True}} + r = requests.get(url, params=payload, timeout=5) + self.assertEqual(r.status_code, 200, r.text) + objs = json.loads(r.text) + self.assertIn(type(objs), (list,)) +# TODO: Request should return only one item, but it returns more. For now this check is commented out. +# self.assertEqual(len(objs), 1) + + def do_search4(): + headers = {'X-Registry-Auth': 'null'} + payload = {'term': 'alpine'} + r = requests.get(url, params=payload, headers=headers, timeout=5) + self.assertEqual(r.status_code, 200, r.text) + + def do_search5(): + headers = {'X-Registry-Auth': 'invalid value'} + payload = {'term': 'alpine'} + r = requests.get(url, params=payload, headers=headers, timeout=5) + self.assertEqual(r.status_code, 400, r.text) + + search_methods = [do_search1, do_search2, do_search3, do_search4, do_search5] + for search_method in search_methods: + search = Process(target=search_method) + search.start() + search.join(timeout=10) + self.assertFalse(search.is_alive(), "/images/search took too long") + + def test_search_compat_with_(self): # Had issues with this test hanging when repositories not happy def do_search(): r = requests.get(PODMAN_URL + "/v1.40/images/search?term=alpine", timeout=5) |