mirror of https://github.com/docker/cli.git
Merge pull request #2 from moby/cli-ghsa-99pg-grm5-qq3v-default-authconfig-20.10
[20.10] registry: ensure default auth config has address
This commit is contained in:
commit
893e52cf4b
|
@ -63,17 +63,14 @@ func RegistryAuthenticationPrivilegedFunc(cli Cli, index *registrytypes.IndexInf
|
||||||
indexServer := registry.GetAuthConfigKey(index)
|
indexServer := registry.GetAuthConfigKey(index)
|
||||||
isDefaultRegistry := indexServer == ElectAuthServer(context.Background(), cli)
|
isDefaultRegistry := indexServer == ElectAuthServer(context.Background(), cli)
|
||||||
authConfig, err := GetDefaultAuthConfig(cli, true, indexServer, isDefaultRegistry)
|
authConfig, err := GetDefaultAuthConfig(cli, true, indexServer, isDefaultRegistry)
|
||||||
if authConfig == nil {
|
|
||||||
authConfig = &types.AuthConfig{}
|
|
||||||
}
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Fprintf(cli.Err(), "Unable to retrieve stored credentials for %s, error: %s.\n", indexServer, err)
|
fmt.Fprintf(cli.Err(), "Unable to retrieve stored credentials for %s, error: %s.\n", indexServer, err)
|
||||||
}
|
}
|
||||||
err = ConfigureAuth(cli, "", "", authConfig, isDefaultRegistry)
|
err = ConfigureAuth(cli, "", "", &authConfig, isDefaultRegistry)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
return EncodeAuthToBase64(*authConfig)
|
return EncodeAuthToBase64(authConfig)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -92,7 +89,7 @@ func ResolveAuthConfig(ctx context.Context, cli Cli, index *registrytypes.IndexI
|
||||||
|
|
||||||
// GetDefaultAuthConfig gets the default auth config given a serverAddress
|
// GetDefaultAuthConfig gets the default auth config given a serverAddress
|
||||||
// If credentials for given serverAddress exists in the credential store, the configuration will be populated with values in it
|
// If credentials for given serverAddress exists in the credential store, the configuration will be populated with values in it
|
||||||
func GetDefaultAuthConfig(cli Cli, checkCredStore bool, serverAddress string, isDefaultRegistry bool) (*types.AuthConfig, error) {
|
func GetDefaultAuthConfig(cli Cli, checkCredStore bool, serverAddress string, isDefaultRegistry bool) (types.AuthConfig, error) {
|
||||||
if !isDefaultRegistry {
|
if !isDefaultRegistry {
|
||||||
serverAddress = registry.ConvertToHostname(serverAddress)
|
serverAddress = registry.ConvertToHostname(serverAddress)
|
||||||
}
|
}
|
||||||
|
@ -101,13 +98,15 @@ func GetDefaultAuthConfig(cli Cli, checkCredStore bool, serverAddress string, is
|
||||||
if checkCredStore {
|
if checkCredStore {
|
||||||
authconfig, err = cli.ConfigFile().GetAuthConfig(serverAddress)
|
authconfig, err = cli.ConfigFile().GetAuthConfig(serverAddress)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return types.AuthConfig{
|
||||||
|
ServerAddress: serverAddress,
|
||||||
|
}, err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
authconfig.ServerAddress = serverAddress
|
authconfig.ServerAddress = serverAddress
|
||||||
authconfig.IdentityToken = ""
|
authconfig.IdentityToken = ""
|
||||||
res := types.AuthConfig(authconfig)
|
res := types.AuthConfig(authconfig)
|
||||||
return &res, nil
|
return res, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// ConfigureAuth handles prompting of user's username and password if needed
|
// ConfigureAuth handles prompting of user's username and password if needed
|
||||||
|
|
|
@ -114,22 +114,19 @@ func runLogin(dockerCli command.Cli, opts loginOptions) error { //nolint: gocycl
|
||||||
var response registrytypes.AuthenticateOKBody
|
var response registrytypes.AuthenticateOKBody
|
||||||
isDefaultRegistry := serverAddress == authServer
|
isDefaultRegistry := serverAddress == authServer
|
||||||
authConfig, err := command.GetDefaultAuthConfig(dockerCli, opts.user == "" && opts.password == "", serverAddress, isDefaultRegistry)
|
authConfig, err := command.GetDefaultAuthConfig(dockerCli, opts.user == "" && opts.password == "", serverAddress, isDefaultRegistry)
|
||||||
if authConfig == nil {
|
|
||||||
authConfig = &types.AuthConfig{}
|
|
||||||
}
|
|
||||||
if err == nil && authConfig.Username != "" && authConfig.Password != "" {
|
if err == nil && authConfig.Username != "" && authConfig.Password != "" {
|
||||||
response, err = loginWithCredStoreCreds(ctx, dockerCli, authConfig)
|
response, err = loginWithCredStoreCreds(ctx, dockerCli, &authConfig)
|
||||||
}
|
}
|
||||||
if err != nil || authConfig.Username == "" || authConfig.Password == "" {
|
if err != nil || authConfig.Username == "" || authConfig.Password == "" {
|
||||||
err = command.ConfigureAuth(dockerCli, opts.user, opts.password, authConfig, isDefaultRegistry)
|
err = command.ConfigureAuth(dockerCli, opts.user, opts.password, &authConfig, isDefaultRegistry)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
response, err = clnt.RegistryLogin(ctx, *authConfig)
|
response, err = clnt.RegistryLogin(ctx, authConfig)
|
||||||
if err != nil && client.IsErrConnectionFailed(err) {
|
if err != nil && client.IsErrConnectionFailed(err) {
|
||||||
// If the server isn't responding (yet) attempt to login purely client side
|
// If the server isn't responding (yet) attempt to login purely client side
|
||||||
response, err = loginClientSide(ctx, *authConfig)
|
response, err = loginClientSide(ctx, authConfig)
|
||||||
}
|
}
|
||||||
// If we (still) have an error, give up
|
// If we (still) have an error, give up
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -152,7 +149,7 @@ func runLogin(dockerCli command.Cli, opts loginOptions) error { //nolint: gocycl
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := creds.Store(configtypes.AuthConfig(*authConfig)); err != nil {
|
if err := creds.Store(configtypes.AuthConfig(authConfig)); err != nil {
|
||||||
return errors.Errorf("Error saving credentials: %v", err)
|
return errors.Errorf("Error saving credentials: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -145,7 +145,21 @@ func TestGetDefaultAuthConfig(t *testing.T) {
|
||||||
assert.Check(t, is.Equal(tc.expectedErr, err.Error()))
|
assert.Check(t, is.Equal(tc.expectedErr, err.Error()))
|
||||||
} else {
|
} else {
|
||||||
assert.NilError(t, err)
|
assert.NilError(t, err)
|
||||||
assert.Check(t, is.DeepEqual(tc.expectedAuthConfig, *authconfig))
|
assert.Check(t, is.DeepEqual(tc.expectedAuthConfig, authconfig))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestGetDefaultAuthConfig_HelperError(t *testing.T) {
|
||||||
|
cli := test.NewFakeCli(&fakeClient{})
|
||||||
|
errBuf := new(bytes.Buffer)
|
||||||
|
cli.SetErr(errBuf)
|
||||||
|
cli.ConfigFile().CredentialsStore = "fake-does-not-exist"
|
||||||
|
serverAddress := "test-server-address"
|
||||||
|
expectedAuthConfig := types.AuthConfig{
|
||||||
|
ServerAddress: serverAddress,
|
||||||
|
}
|
||||||
|
authconfig, err := GetDefaultAuthConfig(cli, true, serverAddress, serverAddress == "https://index.docker.io/v1/")
|
||||||
|
assert.Check(t, is.DeepEqual(expectedAuthConfig, authconfig))
|
||||||
|
assert.Check(t, is.ErrorContains(err, "docker-credential-fake-does-not-exist"))
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue