From bbdaf837b190fc7b941c5b1d49404bc610ab70fc Mon Sep 17 00:00:00 2001
From: Sascha Grunert <sgrunert@redhat.com>
Date: Fri, 3 Sep 2021 09:42:27 +0200
Subject: Normalize auth key before calling `SetAuthentication`

Recent changes in c/image caused the `SetAuthentication` API to be more
restrictive in terms of validating the `key` (`server`) input. To ensure
that manually modified or entries in `~/.docker/config.json` still work,
we now strip the leading `http[s]://` prefix.

Fixes https://github.com/containers/podman/issues/11235

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
---
 pkg/auth/auth_test.go | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)
 create mode 100644 pkg/auth/auth_test.go

(limited to 'pkg/auth/auth_test.go')

diff --git a/pkg/auth/auth_test.go b/pkg/auth/auth_test.go
new file mode 100644
index 000000000..da2d9a5c5
--- /dev/null
+++ b/pkg/auth/auth_test.go
@@ -0,0 +1,66 @@
+package auth
+
+import (
+	"io/ioutil"
+	"testing"
+
+	"github.com/containers/image/v5/types"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAuthConfigsToAuthFile(t *testing.T) {
+	for _, tc := range []struct {
+		name             string
+		server           string
+		shouldErr        bool
+		expectedContains string
+	}{
+		{
+			name:             "empty auth configs",
+			server:           "",
+			shouldErr:        false,
+			expectedContains: "{}",
+		},
+		{
+			name:             "registry with prefix",
+			server:           "my-registry.local/username",
+			shouldErr:        false,
+			expectedContains: `"my-registry.local/username":`,
+		},
+		{
+			name:             "normalize https:// prefix",
+			server:           "http://my-registry.local/username",
+			shouldErr:        false,
+			expectedContains: `"my-registry.local/username":`,
+		},
+		{
+			name:             "normalize docker registry with https prefix",
+			server:           "http://index.docker.io/v1/",
+			shouldErr:        false,
+			expectedContains: `"index.docker.io":`,
+		},
+		{
+			name:             "normalize docker registry without https prefix",
+			server:           "docker.io/v2/",
+			shouldErr:        false,
+			expectedContains: `"docker.io":`,
+		},
+	} {
+		configs := map[string]types.DockerAuthConfig{}
+		if tc.server != "" {
+			configs[tc.server] = types.DockerAuthConfig{}
+		}
+
+		filePath, err := authConfigsToAuthFile(configs)
+
+		if tc.shouldErr {
+			assert.NotNil(t, err)
+			assert.Empty(t, filePath)
+		} else {
+			assert.Nil(t, err)
+			content, err := ioutil.ReadFile(filePath)
+			assert.Nil(t, err)
+			assert.Contains(t, string(content), tc.expectedContains)
+		}
+	}
+}
-- 
cgit v1.2.3-54-g00ecf