Merge pull request #4337 from QiWang19/check_auth_path

fix bug check nonexist authfile

20 files changed, 146 insertions, 31 deletions

diff --git a/cmd/podman/build.go b/cmd/podman/build.go
index bbc1d5b5f..fbf85fc97 100644
--- a/cmd/podman/build.go
+++ b/cmd/podman/build.go
@@ -155,6 +155,11 @@ func buildCmd(c *cliconfig.BuildValues) error {
 			tags = tags[1:]
 		}
 	}
+	if c.BudResults.Authfile != "" {
+		if _, err := os.Stat(c.BudResults.Authfile); err != nil {
+			return errors.Wrapf(err, "error getting authfile %s", c.BudResults.Authfile)
+		}
+	}
 
 	pullPolicy := imagebuildah.PullNever
 	if c.Pull {
diff --git a/cmd/podman/common.go b/cmd/podman/common.go
index 3e86b8e20..4db043f31 100644
--- a/cmd/podman/common.go
+++ b/cmd/podman/common.go
@@ -7,8 +7,8 @@ import (
 	"strings"
 
 	"github.com/containers/buildah"
+	buildahcli "github.com/containers/buildah/pkg/cli"
 	"github.com/containers/libpod/cmd/podman/cliconfig"
-	"github.com/containers/libpod/cmd/podman/shared"
 	"github.com/containers/libpod/libpod/define"
 	"github.com/containers/libpod/pkg/rootless"
 	"github.com/containers/libpod/pkg/sysinfo"
@@ -112,7 +112,7 @@ func getCreateFlags(c *cliconfig.PodmanCommand) {
 		"Attach to STDIN, STDOUT or STDERR (default [])",
 	)
 	createFlags.String(
-		"authfile", shared.GetAuthFile(""),
+		"authfile", buildahcli.GetDefaultAuthFile(),
 		"Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override",
 	)
 	createFlags.String(
diff --git a/cmd/podman/create.go b/cmd/podman/create.go
index 3c24729c5..73fba5a8c 100644
--- a/cmd/podman/create.go
+++ b/cmd/podman/create.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"fmt"
+	"os"
 	"strings"
 
 	"github.com/containers/libpod/cmd/podman/cliconfig"
@@ -50,6 +51,12 @@ func createCmd(c *cliconfig.CreateValues) error {
 		defer span.Finish()
 	}
 
+	if c.String("authfile") != "" {
+		if _, err := os.Stat(c.String("authfile")); err != nil {
+			return errors.Wrapf(err, "error getting authfile %s", c.String("authfile"))
+		}
+	}
+
 	if err := createInit(&c.PodmanCommand); err != nil {
 		return err
 	}
diff --git a/cmd/podman/login.go b/cmd/podman/login.go
index f91366eac..369e0da16 100644
--- a/cmd/podman/login.go
+++ b/cmd/podman/login.go
@@ -6,11 +6,11 @@ import (
 	"os"
 	"strings"
 
+	buildahcli "github.com/containers/buildah/pkg/cli"
 	"github.com/containers/image/v5/docker"
 	"github.com/containers/image/v5/pkg/docker/config"
 	"github.com/containers/image/v5/types"
 	"github.com/containers/libpod/cmd/podman/cliconfig"
-	"github.com/containers/libpod/cmd/podman/shared"
 	"github.com/containers/libpod/libpod/image"
 	"github.com/docker/docker-credential-helpers/credentials"
 	"github.com/pkg/errors"
@@ -54,7 +54,7 @@ func init() {
 	flags.BoolVar(&loginCommand.StdinPassword, "password-stdin", false, "Take the password from stdin")
 	// Disabled flags for the remote client
 	if !remote {
-		flags.StringVar(&loginCommand.Authfile, "authfile", shared.GetAuthFile(""), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
+		flags.StringVar(&loginCommand.Authfile, "authfile", buildahcli.GetDefaultAuthFile(), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
 		flags.StringVar(&loginCommand.CertDir, "cert-dir", "", "Pathname of a directory containing TLS certificates and keys used to connect to the registry")
 		flags.BoolVar(&loginCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
 	}
diff --git a/cmd/podman/logout.go b/cmd/podman/logout.go
index ef3452afe..4a113b1d0 100644
--- a/cmd/podman/logout.go
+++ b/cmd/podman/logout.go
@@ -3,11 +3,11 @@ package main
 import (
 	"fmt"
 
+	buildahcli "github.com/containers/buildah/pkg/cli"
 	"github.com/containers/image/v5/docker"
 	"github.com/containers/image/v5/pkg/docker/config"
 	"github.com/containers/libpod/cmd/podman/cliconfig"
 	"github.com/containers/libpod/cmd/podman/shared"
-	"github.com/containers/libpod/libpod/image"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
@@ -40,7 +40,7 @@ func init() {
 	logoutCommand.SetUsageTemplate(UsageTemplate())
 	flags := logoutCommand.Flags()
 	flags.BoolVarP(&logoutCommand.All, "all", "a", false, "Remove the cached credentials for all registries in the auth file")
-	flags.StringVar(&logoutCommand.Authfile, "authfile", shared.GetAuthFile(""), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
+	flags.StringVar(&logoutCommand.Authfile, "authfile", buildahcli.GetDefaultAuthFile(), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
 	markFlagHiddenForRemoteClient("authfile", flags)
 }
 
@@ -59,7 +59,10 @@ func logoutCmd(c *cliconfig.LogoutValues) error {
 		server = scrubServer(args[0])
 	}
 
-	sc := image.GetSystemContext("", c.Authfile, false)
+	sc, err := shared.GetSystemContext(c.Authfile)
+	if err != nil {
+		return err
+	}
 
 	if c.All {
 		if err := config.RemoveAllAuthentication(sc); err != nil {
@@ -69,7 +72,7 @@ func logoutCmd(c *cliconfig.LogoutValues) error {
 		return nil
 	}
 
-	err := config.RemoveAuthentication(sc, server)
+	err = config.RemoveAuthentication(sc, server)
 	switch errors.Cause(err) {
 	case nil:
 		fmt.Printf("Removed login credentials for %s\n", server)
diff --git a/cmd/podman/play_kube.go b/cmd/podman/play_kube.go
index 9a5cc3ec1..fc9f2d5b6 100644
--- a/cmd/podman/play_kube.go
+++ b/cmd/podman/play_kube.go
@@ -2,8 +2,10 @@ package main
 
 import (
 	"fmt"
+	"os"
+
+	buildahcli "github.com/containers/buildah/pkg/cli"
 	"github.com/containers/libpod/cmd/podman/cliconfig"
-	"github.com/containers/libpod/cmd/podman/shared"
 	"github.com/containers/libpod/pkg/adapter"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
@@ -40,7 +42,7 @@ func init() {
 	flags.BoolVarP(&playKubeCommand.Quiet, "quiet", "q", false, "Suppress output information when pulling images")
 	// Disabled flags for the remote client
 	if !remote {
-		flags.StringVar(&playKubeCommand.Authfile, "authfile", shared.GetAuthFile(""), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
+		flags.StringVar(&playKubeCommand.Authfile, "authfile", buildahcli.GetDefaultAuthFile(), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
 		flags.StringVar(&playKubeCommand.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys")
 		flags.StringVar(&playKubeCommand.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
 		flags.BoolVar(&playKubeCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
@@ -57,6 +59,12 @@ func playKubeCmd(c *cliconfig.KubePlayValues) error {
 		return errors.New("you must supply at least one file")
 	}
 
+	if c.Authfile != "" {
+		if _, err := os.Stat(c.Authfile); err != nil {
+			return errors.Wrapf(err, "error getting authfile %s", c.Authfile)
+		}
+	}
+
 	ctx := getContext()
 	runtime, err := adapter.GetRuntime(ctx, &c.PodmanCommand)
 	if err != nil {
diff --git a/cmd/podman/pull.go b/cmd/podman/pull.go
index d64793147..c6baf6b61 100644
--- a/cmd/podman/pull.go
+++ b/cmd/podman/pull.go
@@ -6,12 +6,12 @@ import (
 	"os"
 	"strings"
 
+	buildahcli "github.com/containers/buildah/pkg/cli"
 	"github.com/containers/image/v5/docker"
 	dockerarchive "github.com/containers/image/v5/docker/archive"
 	"github.com/containers/image/v5/transports/alltransports"
 	"github.com/containers/image/v5/types"
 	"github.com/containers/libpod/cmd/podman/cliconfig"
-	"github.com/containers/libpod/cmd/podman/shared"
 	"github.com/containers/libpod/libpod/image"
 	"github.com/containers/libpod/pkg/adapter"
 	"github.com/containers/libpod/pkg/util"
@@ -60,7 +60,7 @@ func init() {
 	markFlagHidden(flags, "override-os")
 	// Disabled flags for the remote client
 	if !remote {
-		flags.StringVar(&pullCommand.Authfile, "authfile", shared.GetAuthFile(""), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
+		flags.StringVar(&pullCommand.Authfile, "authfile", buildahcli.GetDefaultAuthFile(), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
 		flags.StringVar(&pullCommand.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys")
 		flags.StringVar(&pullCommand.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
 		flags.BoolVar(&pullCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
@@ -96,6 +96,12 @@ func pullCmd(c *cliconfig.PullValues) (retError error) {
 		return errors.Errorf("too many arguments. Requires exactly 1")
 	}
 
+	if c.Authfile != "" {
+		if _, err := os.Stat(c.Authfile); err != nil {
+			return errors.Wrapf(err, "error getting authfile %s", c.Authfile)
+		}
+	}
+
 	arr := strings.SplitN(args[0], ":", 2)
 	if len(arr) == 2 {
 		if c.Bool("all-tags") {
diff --git a/cmd/podman/push.go b/cmd/podman/push.go
index 0fdfb6202..1be8dfe11 100644
--- a/cmd/podman/push.go
+++ b/cmd/podman/push.go
@@ -6,11 +6,11 @@ import (
 	"os"
 	"strings"
 
+	buildahcli "github.com/containers/buildah/pkg/cli"
 	"github.com/containers/image/v5/directory"
 	"github.com/containers/image/v5/manifest"
 	"github.com/containers/image/v5/types"
 	"github.com/containers/libpod/cmd/podman/cliconfig"
-	"github.com/containers/libpod/cmd/podman/shared"
 	"github.com/containers/libpod/libpod/image"
 	"github.com/containers/libpod/pkg/adapter"
 	"github.com/containers/libpod/pkg/util"
@@ -59,7 +59,7 @@ func init() {
 
 	// Disabled flags for the remote client
 	if !remote {
-		flags.StringVar(&pushCommand.Authfile, "authfile", shared.GetAuthFile(""), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
+		flags.StringVar(&pushCommand.Authfile, "authfile", buildahcli.GetDefaultAuthFile(), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
 		flags.StringVar(&pushCommand.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys")
 		flags.BoolVar(&pushCommand.Compress, "compress", false, "Compress tarball image layers when pushing to a directory using the 'dir' transport. (default is same compression type as source)")
 		flags.StringVar(&pushCommand.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
@@ -74,6 +74,12 @@ func pushCmd(c *cliconfig.PushValues) error {
 		destName      string
 	)
 
+	if c.Authfile != "" {
+		if _, err := os.Stat(c.Authfile); err != nil {
+			return errors.Wrapf(err, "error getting authfile %s", c.Authfile)
+		}
+	}
+
 	args := c.InputArgs
 	if len(args) == 0 || len(args) > 2 {
 		return errors.New("podman push requires at least one image name, and optionally a second to specify a different destination name")
diff --git a/cmd/podman/run.go b/cmd/podman/run.go
index 7aa4cb3c4..a6468f225 100644
--- a/cmd/podman/run.go
+++ b/cmd/podman/run.go
@@ -1,6 +1,8 @@
 package main
 
 import (
+	"os"
+
 	"github.com/containers/libpod/cmd/podman/cliconfig"
 	"github.com/containers/libpod/pkg/adapter"
 	"github.com/opentracing/opentracing-go"
@@ -45,6 +47,11 @@ func runCmd(c *cliconfig.RunValues) error {
 		span, _ := opentracing.StartSpanFromContext(Ctx, "runCmd")
 		defer span.Finish()
 	}
+	if c.String("authfile") != "" {
+		if _, err := os.Stat(c.String("authfile")); err != nil {
+			return errors.Wrapf(err, "error checking authfile path %s", c.String("authfile"))
+		}
+	}
 	if err := createInit(&c.PodmanCommand); err != nil {
 		return err
 	}
diff --git a/cmd/podman/runlabel.go b/cmd/podman/runlabel.go
index 7359bc0c7..358538155 100644
--- a/cmd/podman/runlabel.go
+++ b/cmd/podman/runlabel.go
@@ -6,6 +6,7 @@ import (
 	"os"
 	"strings"
 
+	buildahcli "github.com/containers/buildah/pkg/cli"
 	"github.com/containers/image/v5/types"
 	"github.com/containers/libpod/cmd/podman/cliconfig"
 	"github.com/containers/libpod/cmd/podman/libpodruntime"
@@ -60,7 +61,7 @@ func init() {
 	flags.BoolVarP(&runlabelCommand.Quiet, "quiet", "q", false, "Suppress output information when installing images")
 	// Disabled flags for the remote client
 	if !remote {
-		flags.StringVar(&runlabelCommand.Authfile, "authfile", shared.GetAuthFile(""), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
+		flags.StringVar(&runlabelCommand.Authfile, "authfile", buildahcli.GetDefaultAuthFile(), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
 		flags.StringVar(&runlabelCommand.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys")
 		flags.StringVar(&runlabelCommand.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
 		flags.BoolVar(&runlabelCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
@@ -97,6 +98,12 @@ func runlabelCmd(c *cliconfig.RunlabelValues) error {
 	}
 	defer runtime.DeferredShutdown(false)
 
+	if c.Authfile != "" {
+		if _, err := os.Stat(c.Authfile); err != nil {
+			return errors.Wrapf(err, "error getting authfile %s", c.Authfile)
+		}
+	}
+
 	args := c.InputArgs
 	if len(args) < 2 {
 		return errors.Errorf("the runlabel command requires at least 2 arguments: LABEL IMAGE")
diff --git a/cmd/podman/search.go b/cmd/podman/search.go
index cdcb30a59..87a26e544 100644
--- a/cmd/podman/search.go
+++ b/cmd/podman/search.go
@@ -1,13 +1,14 @@
 package main
 
 import (
+	"os"
 	"reflect"
 	"strings"
 
+	buildahcli "github.com/containers/buildah/pkg/cli"
 	"github.com/containers/buildah/pkg/formats"
 	"github.com/containers/image/v5/types"
 	"github.com/containers/libpod/cmd/podman/cliconfig"
-	"github.com/containers/libpod/cmd/podman/shared"
 	"github.com/containers/libpod/libpod/image"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
@@ -45,7 +46,7 @@ func init() {
 	flags.BoolVar(&searchCommand.NoTrunc, "no-trunc", false, "Do not truncate the output")
 	// Disabled flags for the remote client
 	if !remote {
-		flags.StringVar(&searchCommand.Authfile, "authfile", shared.GetAuthFile(""), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
+		flags.StringVar(&searchCommand.Authfile, "authfile", buildahcli.GetDefaultAuthFile(), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
 		flags.BoolVar(&searchCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
 	}
 }
@@ -65,6 +66,12 @@ func searchCmd(c *cliconfig.SearchValues) error {
 		return err
 	}
 
+	if c.Authfile != "" {
+		if _, err := os.Stat(c.Authfile); err != nil {
+			return errors.Wrapf(err, "error getting authfile %s", c.Authfile)
+		}
+	}
+
 	searchOptions := image.SearchOptions{
 		NoTrunc:  c.NoTrunc,
 		Limit:    c.Limit,
diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go
index d0562e7f0..c7ea2e389 100644
--- a/cmd/podman/shared/create.go
+++ b/cmd/podman/shared/create.go
@@ -93,7 +93,7 @@ func CreateContainer(ctx context.Context, c *GenericCLIResults, runtime *libpod.
 			ArchitectureChoice: c.String("override-arch"),
 		}
 
-		newImage, err := runtime.ImageRuntime().New(ctx, name, rtc.SignaturePolicyPath, GetAuthFile(c.String("authfile")), writer, &dockerRegistryOptions, image.SigningOptions{}, nil, pullType)
+		newImage, err := runtime.ImageRuntime().New(ctx, name, rtc.SignaturePolicyPath, c.String("authfile"), writer, &dockerRegistryOptions, image.SigningOptions{}, nil, pullType)
 		if err != nil {
 			return nil, nil, err
 		}
diff --git a/cmd/podman/shared/funcs.go b/cmd/podman/shared/funcs.go
index 9362e8e9b..404d0f288 100644
--- a/cmd/podman/shared/funcs.go
+++ b/cmd/podman/shared/funcs.go
@@ -6,24 +6,19 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/containers/libpod/pkg/util"
+	"github.com/containers/image/v5/types"
+	"github.com/containers/libpod/libpod/image"
 	"github.com/google/shlex"
+	"github.com/pkg/errors"
 )
 
-func GetAuthFile(authfile string) string {
+func GetSystemContext(authfile string) (*types.SystemContext, error) {
 	if authfile != "" {
-		return authfile
-	}
-
-	authfile = os.Getenv("REGISTRY_AUTH_FILE")
-	if authfile != "" {
-		return authfile
-	}
-
-	if runtimeDir, err := util.GetRuntimeDir(); err == nil {
-		return filepath.Join(runtimeDir, "containers/auth.json")
+		if _, err := os.Stat(authfile); err != nil {
+			return nil, errors.Wrapf(err, "error checking authfile path %s", authfile)
+		}
 	}
-	return ""
+	return image.GetSystemContext("", authfile, false), nil
 }
 
 func substituteCommand(cmd string) (string, error) {
diff --git a/test/e2e/create_test.go b/test/e2e/create_test.go
index f5dca321c..7d977f4e3 100644
--- a/test/e2e/create_test.go
+++ b/test/e2e/create_test.go
@@ -297,4 +297,11 @@ var _ = Describe("Podman create", func() {
 		Expect(session.ExitCode()).To((Equal(0)))
 		Expect(string(session.Out.Contents())).To(ContainSubstring(ALPINEARM64DIGEST))
 	})
+
+	It("podman create --authfile with nonexist authfile", func() {
+		SkipIfRemote()
+		session := podmanTest.PodmanNoCache([]string{"create", "--authfile", "/tmp/nonexist", "--name=foo", ALPINE})
+		session.WaitWithDefaultTimeout()
+		Expect(session).To(Not(Equal(0)))
+	})
 })
diff --git a/test/e2e/login_logout_test.go b/test/e2e/login_logout_test.go
index 14cfed5db..c3df10f5e 100644
--- a/test/e2e/login_logout_test.go
+++ b/test/e2e/login_logout_test.go
@@ -123,6 +123,11 @@ var _ = Describe("Podman login and logout", func() {
 		json.Unmarshal(authInfo, &info)
 		fmt.Println(info)
 
+		// push should fail with nonexist authfile
+		session = podmanTest.Podman([]string{"push", "--authfile", "/tmp/nonexist", ALPINE, testImg})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Not(Equal(0)))
+
 		session = podmanTest.Podman([]string{"push", "--authfile", authFile, ALPINE, testImg})
 		session.WaitWithDefaultTimeout()
 		Expect(session.ExitCode()).To(Equal(0))
@@ -131,6 +136,11 @@ var _ = Describe("Podman login and logout", func() {
 		session.WaitWithDefaultTimeout()
 		Expect(session.ExitCode()).To(Equal(0))
 
+		// logout should fail with nonexist authfile
+		session = podmanTest.Podman([]string{"logout", "--authfile", "/tmp/nonexist", server})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Not(Equal(0)))
+
 		session = podmanTest.Podman([]string{"logout", "--authfile", authFile, server})
 	})
 
diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go
index 7069e049d..416c64b5a 100644
--- a/test/e2e/play_kube_test.go
+++ b/test/e2e/play_kube_test.go
@@ -209,6 +209,16 @@ var _ = Describe("Podman generate kube", func() {
 		processTestResult(f)
 	})
 
+	It("podman play kube fail with nonexist authfile", func() {
+		err := generateKubeYaml(getPod(), kubeYaml)
+		Expect(err).To(BeNil())
+
+		kube := podmanTest.Podman([]string{"play", "kube", "--authfile", "/tmp/nonexist", kubeYaml})
+		kube.WaitWithDefaultTimeout()
+		Expect(kube.ExitCode()).To(Not(Equal(0)))
+
+	})
+
 	It("podman play kube test correct command", func() {
 		err := generateKubeYaml(getPod(), kubeYaml)
 		Expect(err).To(BeNil())
diff --git a/test/e2e/pull_test.go b/test/e2e/pull_test.go
index 5152409af..eee0b131b 100644
--- a/test/e2e/pull_test.go
+++ b/test/e2e/pull_test.go
@@ -353,4 +353,11 @@ var _ = Describe("Podman pull", func() {
 		rmi.WaitWithDefaultTimeout()
 		Expect(rmi.ExitCode()).To(Equal(0))
 	})
+
+	It("podman pull from docker with nonexist --authfile", func() {
+		SkipIfRemote()
+		session := podmanTest.PodmanNoCache([]string{"pull", "--authfile", "/tmp/nonexist", ALPINE})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Not(Equal(0)))
+	})
 })
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index 874aa498e..7fc85c9ce 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -992,4 +992,11 @@ USER mail`
 		session.WaitWithDefaultTimeout()
 		Expect(session).To(ExitWithError())
 	})
+
+	It("podman run should fail with nonexist authfile", func() {
+		SkipIfRemote()
+		session := podmanTest.Podman([]string{"run", "--authfile", "/tmp/nonexist", ALPINE, "ls"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Not(Equal(0)))
+	})
 })
diff --git a/test/e2e/runlabel_test.go b/test/e2e/runlabel_test.go
index 52a011efb..41d61e9d9 100644
--- a/test/e2e/runlabel_test.go
+++ b/test/e2e/runlabel_test.go
@@ -98,4 +98,19 @@ var _ = Describe("podman container runlabel", func() {
 		result.WaitWithDefaultTimeout()
 		Expect(result.ExitCode()).To(Equal(0))
 	})
+
+	It("runlabel should fail with nonexist authfile", func() {
+		SkipIfRemote()
+		image := "podman-runlabel-test:podman"
+		podmanTest.BuildImage(PodmanDockerfile, image, "false")
+
+		// runlabel should fail with nonexist authfile
+		result := podmanTest.Podman([]string{"container", "runlabel", "--authfile", "/tmp/nonexist", "RUN", image})
+		result.WaitWithDefaultTimeout()
+		Expect(result.ExitCode()).To(Not(Equal(0)))
+
+		result = podmanTest.Podman([]string{"rmi", image})
+		result.WaitWithDefaultTimeout()
+		Expect(result.ExitCode()).To(Equal(0))
+	})
 })
diff --git a/test/e2e/search_test.go b/test/e2e/search_test.go
index 9c28849f0..d88231510 100644
--- a/test/e2e/search_test.go
+++ b/test/e2e/search_test.go
@@ -391,4 +391,12 @@ registries = ['{{.Host}}:{{.Port}}']`
 		// cleanup
 		resetRegistriesConfigEnv()
 	})
+
+	// search should fail with nonexist authfile
+	It("podman search fail with nonexist --authfile", func() {
+		SkipIfRemote()
+		search := podmanTest.Podman([]string{"search", "--authfile", "/tmp/nonexist", ALPINE})
+		search.WaitWithDefaultTimeout()
+		Expect(search.ExitCode()).To(Not(Equal(0)))
+	})
 })