diff options
Diffstat (limited to 'pkg')
| -rw-r--r-- | pkg/api/handlers/compat/auth.go | 14 | ||||
| -rw-r--r-- | pkg/registries/registries.go | 85 | ||||
| -rw-r--r-- | pkg/systemd/activation.go | 6 | ||||
| -rw-r--r-- | pkg/systemd/activation_test.go | 32 |
4 files changed, 38 insertions, 99 deletions
diff --git a/pkg/api/handlers/compat/auth.go b/pkg/api/handlers/compat/auth.go index 2c152fbc2..3594c9781 100644 --- a/pkg/api/handlers/compat/auth.go +++ b/pkg/api/handlers/compat/auth.go @@ -9,9 +9,9 @@ import ( DockerClient "github.com/containers/image/v5/docker" "github.com/containers/image/v5/types" + "github.com/containers/podman/v3/libpod" "github.com/containers/podman/v3/pkg/api/handlers/utils" "github.com/containers/podman/v3/pkg/domain/entities" - "github.com/containers/podman/v3/pkg/registries" docker "github.com/docker/docker/api/types" "github.com/pkg/errors" ) @@ -37,15 +37,13 @@ func Auth(w http.ResponseWriter, r *http.Request) { skipTLS = types.NewOptionalBool(true) } + runtime := r.Context().Value("runtime").(*libpod.Runtime) + sysCtx := runtime.SystemContext() + sysCtx.DockerInsecureSkipTLSVerify = skipTLS + fmt.Println("Authenticating with existing credentials...") - sysCtx := types.SystemContext{ - AuthFilePath: "", - DockerCertPath: "", - DockerInsecureSkipTLSVerify: skipTLS, - SystemRegistriesConfPath: registries.SystemRegistriesConfPath(), - } registry := stripAddressOfScheme(authConfig.ServerAddress) - if err := DockerClient.CheckAuth(context.Background(), &sysCtx, authConfig.Username, authConfig.Password, registry); err == nil { + if err := DockerClient.CheckAuth(context.Background(), sysCtx, authConfig.Username, authConfig.Password, registry); err == nil { utils.WriteResponse(w, http.StatusOK, entities.AuthReport{ IdentityToken: "", Status: "Login Succeeded", diff --git a/pkg/registries/registries.go b/pkg/registries/registries.go deleted file mode 100644 index 34c9138e3..000000000 --- a/pkg/registries/registries.go +++ /dev/null @@ -1,85 +0,0 @@ -package registries - -// TODO: this package should not exist anymore. Users should either use -// c/image's `sysregistriesv2` package directly OR, even better, we cache a -// config in libpod's image runtime so we don't need to parse the -// registries.conf files redundantly. - -import ( - "os" - "path/filepath" - - "github.com/containers/image/v5/pkg/sysregistriesv2" - "github.com/containers/image/v5/types" - "github.com/containers/podman/v3/pkg/rootless" - "github.com/pkg/errors" -) - -// userRegistriesFile is the path to the per user registry configuration file. -var userRegistriesFile = filepath.Join(os.Getenv("HOME"), ".config/containers/registries.conf") - -// SystemRegistriesConfPath returns an appropriate value for types.SystemContext.SystemRegistriesConfPath -// (possibly "", which is not an error), taking into account rootless mode and environment variable overrides. -// -// FIXME: This should be centralized in a global SystemContext initializer inherited throughout the code, -// not haphazardly called throughout the way it is being called now. -func SystemRegistriesConfPath() string { - if envOverride, ok := os.LookupEnv("CONTAINERS_REGISTRIES_CONF"); ok { - return envOverride - } - if envOverride, ok := os.LookupEnv("REGISTRIES_CONFIG_PATH"); ok { - return envOverride - } - - if rootless.IsRootless() { - if _, err := os.Stat(userRegistriesFile); err == nil { - return userRegistriesFile - } - } - - return "" -} - -// GetRegistriesData obtains the list of registries -func GetRegistriesData() ([]sysregistriesv2.Registry, error) { - registries, err := sysregistriesv2.GetRegistries(&types.SystemContext{SystemRegistriesConfPath: SystemRegistriesConfPath()}) - if err != nil { - return nil, errors.Wrapf(err, "unable to parse the registries.conf file") - } - return registries, nil -} - -// GetRegistries obtains the list of search registries defined in the global registries file. -func GetRegistries() ([]string, error) { - return sysregistriesv2.UnqualifiedSearchRegistries(&types.SystemContext{SystemRegistriesConfPath: SystemRegistriesConfPath()}) -} - -// GetBlockedRegistries obtains the list of blocked registries defined in the global registries file. -func GetBlockedRegistries() ([]string, error) { - var blockedRegistries []string - registries, err := GetRegistriesData() - if err != nil { - return nil, err - } - for _, reg := range registries { - if reg.Blocked { - blockedRegistries = append(blockedRegistries, reg.Prefix) - } - } - return blockedRegistries, nil -} - -// GetInsecureRegistries obtains the list of insecure registries from the global registration file. -func GetInsecureRegistries() ([]string, error) { - var insecureRegistries []string - registries, err := GetRegistriesData() - if err != nil { - return nil, err - } - for _, reg := range registries { - if reg.Insecure { - insecureRegistries = append(insecureRegistries, reg.Prefix) - } - } - return insecureRegistries, nil -} diff --git a/pkg/systemd/activation.go b/pkg/systemd/activation.go index 8f75f9cca..9fcfed771 100644 --- a/pkg/systemd/activation.go +++ b/pkg/systemd/activation.go @@ -25,11 +25,5 @@ func SocketActivated() bool { if err != nil || nfds == 0 { return false } - - // "github.com/coreos/go-systemd/v22/activation" will use and validate this variable's - // value. We're just providing a fast fail - if _, found = os.LookupEnv("LISTEN_FDNAMES"); !found { - return false - } return true } diff --git a/pkg/systemd/activation_test.go b/pkg/systemd/activation_test.go new file mode 100644 index 000000000..d2553777b --- /dev/null +++ b/pkg/systemd/activation_test.go @@ -0,0 +1,32 @@ +package systemd + +import ( + "fmt" + "os" + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestSocketActivated(t *testing.T) { + assert := assert.New(t) + + assert.False(SocketActivated()) + + // different pid + assert.NoError(os.Setenv("LISTEN_PID", "1")) + assert.False(SocketActivated()) + + // same pid no fds + assert.NoError(os.Setenv("LISTEN_PID", fmt.Sprintf("%d", os.Getpid()))) + assert.NoError(os.Setenv("LISTEN_FDS", "0")) + assert.False(SocketActivated()) + + // same pid some fds + assert.NoError(os.Setenv("LISTEN_FDS", "1")) + assert.True(SocketActivated()) + + // FDNAME is ok too (but not required) + assert.NoError(os.Setenv("LISTEN_FDNAMES", "/meshuggah/rocks")) + assert.True(SocketActivated()) +} |