From 491951d66e1829ad8e847f3049a557dd9d55db68 Mon Sep 17 00:00:00 2001 From: Miloslav Trmač Date: Sat, 11 Sep 2021 21:56:40 +0200 Subject: Fix normalizeAuthFileKey to use the correct semantics MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Miloslav Trmač --- pkg/auth/auth.go | 18 +++++++++++------- pkg/auth/auth_test.go | 24 ++++++++++++------------ 2 files changed, 23 insertions(+), 19 deletions(-) (limited to 'pkg') diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go index 8c6436883..7cde6ef5e 100644 --- a/pkg/auth/auth.go +++ b/pkg/auth/auth.go @@ -272,20 +272,24 @@ func authConfigsToAuthFile(authConfigs map[string]types.DockerAuthConfig) (strin return authFilePath, nil } -// normalizeAuthFileKey takes an auth file key and removes the leading "http[s]://" prefix as well -// as removes path suffixes from docker registries. +// normalizeAuthFileKey takes an auth file key and converts it into a new-style credential key +// in the canonical format, as interpreted by c/image/pkg/docker/config. func normalizeAuthFileKey(authFileKey string) string { stripped := strings.TrimPrefix(authFileKey, "http://") stripped = strings.TrimPrefix(stripped, "https://") - /// Normalize docker registries - if strings.HasPrefix(stripped, "index.docker.io/") || - strings.HasPrefix(stripped, "registry-1.docker.io/") || - strings.HasPrefix(stripped, "docker.io/") { + if stripped != authFileKey { // URLs are interpreted to mean complete registries stripped = strings.SplitN(stripped, "/", 2)[0] } - return stripped + // Only non-namespaced registry names (or URLs) need to be normalized; repo namespaces + // always use the simple format. + switch stripped { + case "registry-1.docker.io", "index.docker.io": + return "docker.io" + default: + return stripped + } } // dockerAuthToImageAuth converts a docker auth config to one we're using diff --git a/pkg/auth/auth_test.go b/pkg/auth/auth_test.go index ee16d832b..be86a9cbd 100644 --- a/pkg/auth/auth_test.go +++ b/pkg/auth/auth_test.go @@ -24,10 +24,10 @@ const largeAuthFile = `{"auths":{ // Semantics of largeAuthFile var largeAuthFileValues = map[string]types.DockerAuthConfig{ - // "docker.io/vendor": {Username: "docker", Password: "vendor"}, - // "docker.io": {Username: "docker", Password: "top"}, - "quay.io/libpod": {Username: "quay", Password: "libpod"}, - "quay.io": {Username: "quay", Password: "top"}, + "docker.io/vendor": {Username: "docker", Password: "vendor"}, + "docker.io": {Username: "docker", Password: "top"}, + "quay.io/libpod": {Username: "quay", Password: "libpod"}, + "quay.io": {Username: "quay", Password: "top"}, } // Test that GetCredentials() correctly parses what Header() produces @@ -260,28 +260,28 @@ func TestAuthConfigsToAuthFile(t *testing.T) { expectedContains: "{}", }, { - name: "registry with prefix", + name: "registry with a namespace prefix", server: "my-registry.local/username", shouldErr: false, expectedContains: `"my-registry.local/username":`, }, { - name: "normalize https:// prefix", + name: "URLs are interpreted as full registries", server: "http://my-registry.local/username", shouldErr: false, - expectedContains: `"my-registry.local/username":`, + expectedContains: `"my-registry.local":`, }, { - name: "normalize docker registry with https prefix", + name: "the old-style docker registry URL is normalized", server: "http://index.docker.io/v1/", shouldErr: false, - expectedContains: `"index.docker.io":`, + expectedContains: `"docker.io":`, }, { - name: "normalize docker registry without https prefix", - server: "docker.io/v2/", + name: "docker.io vendor namespace", + server: "docker.io/vendor", shouldErr: false, - expectedContains: `"docker.io":`, + expectedContains: `"docker.io/vendor":`, }, } { configs := map[string]types.DockerAuthConfig{} -- cgit v1.2.3-54-g00ecf