Merge pull request #2 from moby/cli-ghsa-99pg-grm5-qq3v-default-authconfig-20.10

[20.10] registry: ensure default auth config has address
This commit is contained in:
Sebastiaan van Stijn 2021-09-09 20:40:54 +02:00 committed by GitHub
commit 893e52cf4b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 27 additions and 17 deletions

View File

@ -63,17 +63,14 @@ func RegistryAuthenticationPrivilegedFunc(cli Cli, index *registrytypes.IndexInf
indexServer := registry.GetAuthConfigKey(index) indexServer := registry.GetAuthConfigKey(index)
isDefaultRegistry := indexServer == ElectAuthServer(context.Background(), cli) isDefaultRegistry := indexServer == ElectAuthServer(context.Background(), cli)
authConfig, err := GetDefaultAuthConfig(cli, true, indexServer, isDefaultRegistry) authConfig, err := GetDefaultAuthConfig(cli, true, indexServer, isDefaultRegistry)
if authConfig == nil {
authConfig = &types.AuthConfig{}
}
if err != nil { if err != nil {
fmt.Fprintf(cli.Err(), "Unable to retrieve stored credentials for %s, error: %s.\n", indexServer, err) fmt.Fprintf(cli.Err(), "Unable to retrieve stored credentials for %s, error: %s.\n", indexServer, err)
} }
err = ConfigureAuth(cli, "", "", authConfig, isDefaultRegistry) err = ConfigureAuth(cli, "", "", &authConfig, isDefaultRegistry)
if err != nil { if err != nil {
return "", err return "", err
} }
return EncodeAuthToBase64(*authConfig) return EncodeAuthToBase64(authConfig)
} }
} }
@ -92,7 +89,7 @@ func ResolveAuthConfig(ctx context.Context, cli Cli, index *registrytypes.IndexI
// GetDefaultAuthConfig gets the default auth config given a serverAddress // GetDefaultAuthConfig gets the default auth config given a serverAddress
// If credentials for given serverAddress exists in the credential store, the configuration will be populated with values in it // If credentials for given serverAddress exists in the credential store, the configuration will be populated with values in it
func GetDefaultAuthConfig(cli Cli, checkCredStore bool, serverAddress string, isDefaultRegistry bool) (*types.AuthConfig, error) { func GetDefaultAuthConfig(cli Cli, checkCredStore bool, serverAddress string, isDefaultRegistry bool) (types.AuthConfig, error) {
if !isDefaultRegistry { if !isDefaultRegistry {
serverAddress = registry.ConvertToHostname(serverAddress) serverAddress = registry.ConvertToHostname(serverAddress)
} }
@ -101,13 +98,15 @@ func GetDefaultAuthConfig(cli Cli, checkCredStore bool, serverAddress string, is
if checkCredStore { if checkCredStore {
authconfig, err = cli.ConfigFile().GetAuthConfig(serverAddress) authconfig, err = cli.ConfigFile().GetAuthConfig(serverAddress)
if err != nil { if err != nil {
return nil, err return types.AuthConfig{
ServerAddress: serverAddress,
}, err
} }
} }
authconfig.ServerAddress = serverAddress authconfig.ServerAddress = serverAddress
authconfig.IdentityToken = "" authconfig.IdentityToken = ""
res := types.AuthConfig(authconfig) res := types.AuthConfig(authconfig)
return &res, nil return res, nil
} }
// ConfigureAuth handles prompting of user's username and password if needed // ConfigureAuth handles prompting of user's username and password if needed

View File

@ -114,22 +114,19 @@ func runLogin(dockerCli command.Cli, opts loginOptions) error { //nolint: gocycl
var response registrytypes.AuthenticateOKBody var response registrytypes.AuthenticateOKBody
isDefaultRegistry := serverAddress == authServer isDefaultRegistry := serverAddress == authServer
authConfig, err := command.GetDefaultAuthConfig(dockerCli, opts.user == "" && opts.password == "", serverAddress, isDefaultRegistry) authConfig, err := command.GetDefaultAuthConfig(dockerCli, opts.user == "" && opts.password == "", serverAddress, isDefaultRegistry)
if authConfig == nil {
authConfig = &types.AuthConfig{}
}
if err == nil && authConfig.Username != "" && authConfig.Password != "" { if err == nil && authConfig.Username != "" && authConfig.Password != "" {
response, err = loginWithCredStoreCreds(ctx, dockerCli, authConfig) response, err = loginWithCredStoreCreds(ctx, dockerCli, &authConfig)
} }
if err != nil || authConfig.Username == "" || authConfig.Password == "" { if err != nil || authConfig.Username == "" || authConfig.Password == "" {
err = command.ConfigureAuth(dockerCli, opts.user, opts.password, authConfig, isDefaultRegistry) err = command.ConfigureAuth(dockerCli, opts.user, opts.password, &authConfig, isDefaultRegistry)
if err != nil { if err != nil {
return err return err
} }
response, err = clnt.RegistryLogin(ctx, *authConfig) response, err = clnt.RegistryLogin(ctx, authConfig)
if err != nil && client.IsErrConnectionFailed(err) { if err != nil && client.IsErrConnectionFailed(err) {
// If the server isn't responding (yet) attempt to login purely client side // If the server isn't responding (yet) attempt to login purely client side
response, err = loginClientSide(ctx, *authConfig) response, err = loginClientSide(ctx, authConfig)
} }
// If we (still) have an error, give up // If we (still) have an error, give up
if err != nil { if err != nil {
@ -152,7 +149,7 @@ func runLogin(dockerCli command.Cli, opts loginOptions) error { //nolint: gocycl
} }
} }
if err := creds.Store(configtypes.AuthConfig(*authConfig)); err != nil { if err := creds.Store(configtypes.AuthConfig(authConfig)); err != nil {
return errors.Errorf("Error saving credentials: %v", err) return errors.Errorf("Error saving credentials: %v", err)
} }

View File

@ -145,7 +145,21 @@ func TestGetDefaultAuthConfig(t *testing.T) {
assert.Check(t, is.Equal(tc.expectedErr, err.Error())) assert.Check(t, is.Equal(tc.expectedErr, err.Error()))
} else { } else {
assert.NilError(t, err) assert.NilError(t, err)
assert.Check(t, is.DeepEqual(tc.expectedAuthConfig, *authconfig)) assert.Check(t, is.DeepEqual(tc.expectedAuthConfig, authconfig))
} }
} }
} }
func TestGetDefaultAuthConfig_HelperError(t *testing.T) {
cli := test.NewFakeCli(&fakeClient{})
errBuf := new(bytes.Buffer)
cli.SetErr(errBuf)
cli.ConfigFile().CredentialsStore = "fake-does-not-exist"
serverAddress := "test-server-address"
expectedAuthConfig := types.AuthConfig{
ServerAddress: serverAddress,
}
authconfig, err := GetDefaultAuthConfig(cli, true, serverAddress, serverAddress == "https://index.docker.io/v1/")
assert.Check(t, is.DeepEqual(expectedAuthConfig, authconfig))
assert.Check(t, is.ErrorContains(err, "docker-credential-fake-does-not-exist"))
}