diff options
author | Miloslav Trmač <mitr@redhat.com> | 2021-09-11 21:56:40 +0200 |
---|---|---|
committer | Miloslav Trmač <mitr@redhat.com> | 2021-12-10 18:16:17 +0100 |
commit | 491951d66e1829ad8e847f3049a557dd9d55db68 (patch) | |
tree | 5d73ddfc76c05306cd0fbc0570f48392b4e14720 /pkg/auth | |
parent | 1b6bf971306af753e72db9d10f7594ecd0c89785 (diff) | |
download | podman-491951d66e1829ad8e847f3049a557dd9d55db68.tar.gz podman-491951d66e1829ad8e847f3049a557dd9d55db68.tar.bz2 podman-491951d66e1829ad8e847f3049a557dd9d55db68.zip |
Fix normalizeAuthFileKey to use the correct semantics
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Diffstat (limited to 'pkg/auth')
-rw-r--r-- | pkg/auth/auth.go | 18 | ||||
-rw-r--r-- | pkg/auth/auth_test.go | 24 |
2 files changed, 23 insertions, 19 deletions
diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go index 8c6436883..7cde6ef5e 100644 --- a/pkg/auth/auth.go +++ b/pkg/auth/auth.go @@ -272,20 +272,24 @@ func authConfigsToAuthFile(authConfigs map[string]types.DockerAuthConfig) (strin return authFilePath, nil } -// normalizeAuthFileKey takes an auth file key and removes the leading "http[s]://" prefix as well -// as removes path suffixes from docker registries. +// normalizeAuthFileKey takes an auth file key and converts it into a new-style credential key +// in the canonical format, as interpreted by c/image/pkg/docker/config. func normalizeAuthFileKey(authFileKey string) string { stripped := strings.TrimPrefix(authFileKey, "http://") stripped = strings.TrimPrefix(stripped, "https://") - /// Normalize docker registries - if strings.HasPrefix(stripped, "index.docker.io/") || - strings.HasPrefix(stripped, "registry-1.docker.io/") || - strings.HasPrefix(stripped, "docker.io/") { + if stripped != authFileKey { // URLs are interpreted to mean complete registries stripped = strings.SplitN(stripped, "/", 2)[0] } - return stripped + // Only non-namespaced registry names (or URLs) need to be normalized; repo namespaces + // always use the simple format. + switch stripped { + case "registry-1.docker.io", "index.docker.io": + return "docker.io" + default: + return stripped + } } // dockerAuthToImageAuth converts a docker auth config to one we're using diff --git a/pkg/auth/auth_test.go b/pkg/auth/auth_test.go index ee16d832b..be86a9cbd 100644 --- a/pkg/auth/auth_test.go +++ b/pkg/auth/auth_test.go @@ -24,10 +24,10 @@ const largeAuthFile = `{"auths":{ // Semantics of largeAuthFile var largeAuthFileValues = map[string]types.DockerAuthConfig{ - // "docker.io/vendor": {Username: "docker", Password: "vendor"}, - // "docker.io": {Username: "docker", Password: "top"}, - "quay.io/libpod": {Username: "quay", Password: "libpod"}, - "quay.io": {Username: "quay", Password: "top"}, + "docker.io/vendor": {Username: "docker", Password: "vendor"}, + "docker.io": {Username: "docker", Password: "top"}, + "quay.io/libpod": {Username: "quay", Password: "libpod"}, + "quay.io": {Username: "quay", Password: "top"}, } // Test that GetCredentials() correctly parses what Header() produces @@ -260,28 +260,28 @@ func TestAuthConfigsToAuthFile(t *testing.T) { expectedContains: "{}", }, { - name: "registry with prefix", + name: "registry with a namespace prefix", server: "my-registry.local/username", shouldErr: false, expectedContains: `"my-registry.local/username":`, }, { - name: "normalize https:// prefix", + name: "URLs are interpreted as full registries", server: "http://my-registry.local/username", shouldErr: false, - expectedContains: `"my-registry.local/username":`, + expectedContains: `"my-registry.local":`, }, { - name: "normalize docker registry with https prefix", + name: "the old-style docker registry URL is normalized", server: "http://index.docker.io/v1/", shouldErr: false, - expectedContains: `"index.docker.io":`, + expectedContains: `"docker.io":`, }, { - name: "normalize docker registry without https prefix", - server: "docker.io/v2/", + name: "docker.io vendor namespace", + server: "docker.io/vendor", shouldErr: false, - expectedContains: `"docker.io":`, + expectedContains: `"docker.io/vendor":`, }, } { configs := map[string]types.DockerAuthConfig{} |