diff options
| author | Sascha Grunert <sgrunert@redhat.com> | 2021-09-03 09:42:27 +0200 |
|---|---|---|
| committer | Sascha Grunert <sgrunert@redhat.com> | 2021-09-09 09:17:22 +0200 |
| commit | bbdaf837b190fc7b941c5b1d49404bc610ab70fc (patch) | |
| tree | 91c1e7ba6ea0f386f4c0f7759fe257e85269e87a /pkg/auth/auth.go | |
| parent | 858d3e47c26788e64083842cc6617b666f4279a1 (diff) | |
| download | podman-bbdaf837b190fc7b941c5b1d49404bc610ab70fc.tar.gz podman-bbdaf837b190fc7b941c5b1d49404bc610ab70fc.tar.bz2 podman-bbdaf837b190fc7b941c5b1d49404bc610ab70fc.zip | |
Normalize auth key before calling `SetAuthentication`
Recent changes in c/image caused the `SetAuthentication` API to be more
restrictive in terms of validating the `key` (`server`) input. To ensure
that manually modified or entries in `~/.docker/config.json` still work,
we now strip the leading `http[s]://` prefix.
Fixes https://github.com/containers/podman/issues/11235
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
Diffstat (limited to 'pkg/auth/auth.go')
| -rw-r--r-- | pkg/auth/auth.go | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go index ecfa6651c..6aff880f4 100644 --- a/pkg/auth/auth.go +++ b/pkg/auth/auth.go @@ -259,7 +259,9 @@ func authConfigsToAuthFile(authConfigs map[string]types.DockerAuthConfig) (strin // tested, and we make sure to use the same code as the image backend. sys := types.SystemContext{AuthFilePath: authFilePath} for server, config := range authConfigs { - // Note that we do not validate the credentials here. Wassume + server = normalize(server) + + // Note that we do not validate the credentials here. We assume // that all credentials are valid. They'll be used on demand // later. if err := imageAuth.SetAuthentication(&sys, server, config.Username, config.Password); err != nil { @@ -270,6 +272,22 @@ func authConfigsToAuthFile(authConfigs map[string]types.DockerAuthConfig) (strin return authFilePath, nil } +// normalize takes a server and removes the leading "http[s]://" prefix as well +// as removes path suffixes from docker registries. +func normalize(server string) string { + stripped := strings.TrimPrefix(server, "http://") + stripped = strings.TrimPrefix(stripped, "https://") + + /// Normalize docker registries + if strings.HasPrefix(stripped, "index.docker.io/") || + strings.HasPrefix(stripped, "registry-1.docker.io/") || + strings.HasPrefix(stripped, "docker.io/") { + stripped = strings.SplitN(stripped, "/", 2)[0] + } + + return stripped +} + // dockerAuthToImageAuth converts a docker auth config to one we're using // internally from c/image. Note that the Docker types look slightly // different, so we need to convert to be extra sure we're not running into |