summaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
authorMiloslav Trmač <mitr@redhat.com>2021-09-11 21:56:40 +0200
committerMiloslav Trmač <mitr@redhat.com>2021-12-10 18:16:17 +0100
commit491951d66e1829ad8e847f3049a557dd9d55db68 (patch)
tree5d73ddfc76c05306cd0fbc0570f48392b4e14720 /pkg
parent1b6bf971306af753e72db9d10f7594ecd0c89785 (diff)
downloadpodman-491951d66e1829ad8e847f3049a557dd9d55db68.tar.gz
podman-491951d66e1829ad8e847f3049a557dd9d55db68.tar.bz2
podman-491951d66e1829ad8e847f3049a557dd9d55db68.zip
Fix normalizeAuthFileKey to use the correct semantics
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Diffstat (limited to 'pkg')
-rw-r--r--pkg/auth/auth.go18
-rw-r--r--pkg/auth/auth_test.go24
2 files changed, 23 insertions, 19 deletions
diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go
index 8c6436883..7cde6ef5e 100644
--- a/pkg/auth/auth.go
+++ b/pkg/auth/auth.go
@@ -272,20 +272,24 @@ func authConfigsToAuthFile(authConfigs map[string]types.DockerAuthConfig) (strin
return authFilePath, nil
}
-// normalizeAuthFileKey takes an auth file key and removes the leading "http[s]://" prefix as well
-// as removes path suffixes from docker registries.
+// normalizeAuthFileKey takes an auth file key and converts it into a new-style credential key
+// in the canonical format, as interpreted by c/image/pkg/docker/config.
func normalizeAuthFileKey(authFileKey string) string {
stripped := strings.TrimPrefix(authFileKey, "http://")
stripped = strings.TrimPrefix(stripped, "https://")
- /// Normalize docker registries
- if strings.HasPrefix(stripped, "index.docker.io/") ||
- strings.HasPrefix(stripped, "registry-1.docker.io/") ||
- strings.HasPrefix(stripped, "docker.io/") {
+ if stripped != authFileKey { // URLs are interpreted to mean complete registries
stripped = strings.SplitN(stripped, "/", 2)[0]
}
- return stripped
+ // Only non-namespaced registry names (or URLs) need to be normalized; repo namespaces
+ // always use the simple format.
+ switch stripped {
+ case "registry-1.docker.io", "index.docker.io":
+ return "docker.io"
+ default:
+ return stripped
+ }
}
// dockerAuthToImageAuth converts a docker auth config to one we're using
diff --git a/pkg/auth/auth_test.go b/pkg/auth/auth_test.go
index ee16d832b..be86a9cbd 100644
--- a/pkg/auth/auth_test.go
+++ b/pkg/auth/auth_test.go
@@ -24,10 +24,10 @@ const largeAuthFile = `{"auths":{
// Semantics of largeAuthFile
var largeAuthFileValues = map[string]types.DockerAuthConfig{
- // "docker.io/vendor": {Username: "docker", Password: "vendor"},
- // "docker.io": {Username: "docker", Password: "top"},
- "quay.io/libpod": {Username: "quay", Password: "libpod"},
- "quay.io": {Username: "quay", Password: "top"},
+ "docker.io/vendor": {Username: "docker", Password: "vendor"},
+ "docker.io": {Username: "docker", Password: "top"},
+ "quay.io/libpod": {Username: "quay", Password: "libpod"},
+ "quay.io": {Username: "quay", Password: "top"},
}
// Test that GetCredentials() correctly parses what Header() produces
@@ -260,28 +260,28 @@ func TestAuthConfigsToAuthFile(t *testing.T) {
expectedContains: "{}",
},
{
- name: "registry with prefix",
+ name: "registry with a namespace prefix",
server: "my-registry.local/username",
shouldErr: false,
expectedContains: `"my-registry.local/username":`,
},
{
- name: "normalize https:// prefix",
+ name: "URLs are interpreted as full registries",
server: "http://my-registry.local/username",
shouldErr: false,
- expectedContains: `"my-registry.local/username":`,
+ expectedContains: `"my-registry.local":`,
},
{
- name: "normalize docker registry with https prefix",
+ name: "the old-style docker registry URL is normalized",
server: "http://index.docker.io/v1/",
shouldErr: false,
- expectedContains: `"index.docker.io":`,
+ expectedContains: `"docker.io":`,
},
{
- name: "normalize docker registry without https prefix",
- server: "docker.io/v2/",
+ name: "docker.io vendor namespace",
+ server: "docker.io/vendor",
shouldErr: false,
- expectedContains: `"docker.io":`,
+ expectedContains: `"docker.io/vendor":`,
},
} {
configs := map[string]types.DockerAuthConfig{}