From b24e7f85a488da13dc2d5be87acdaab2652634bb Mon Sep 17 00:00:00 2001 From: Eric Bode Date: Fri, 10 Nov 2023 22:38:10 +0100 Subject: [PATCH] Fix setting ServerAddress property in NativeStore This will return the ServerAddress property when using the NativeStore. This happens when you use docker credential helpers, not the credential store. The reason this fix is needed is because it needs to be propagated properly down towards `moby/moby` project in the following logic: ```golang func authorizationCredsFromAuthConfig(authConfig registrytypes.AuthConfig) docker.AuthorizerOpt { cfgHost := registry.ConvertToHostname(authConfig.ServerAddress) if cfgHost == "" || cfgHost == registry.IndexHostname { cfgHost = registry.DefaultRegistryHost } return docker.WithAuthCreds(func(host string) (string, string, error) { if cfgHost != host { logrus.WithFields(logrus.Fields{ "host": host, "cfgHost": cfgHost, }).Warn("Host doesn't match") return "", "", nil } if authConfig.IdentityToken != "" { return "", authConfig.IdentityToken, nil } return authConfig.Username, authConfig.Password, nil }) } ``` This logic resides in the following file : `daemon/containerd/resolver.go` . In the case when using the containerd storage feature when setting the `cfgHost` variable from the `authConfig.ServerAddress` it will always be empty. Since it will never be returned from the NativeStore currently. Therefore Docker Hub images will work fine, but anything else will fail since the `cfgHost` will always be the `registry.DefaultRegistryHost`. Signed-off-by: Eric Bode --- cli/config/credentials/native_store.go | 4 ++++ cli/config/credentials/native_store_test.go | 8 +++++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/cli/config/credentials/native_store.go b/cli/config/credentials/native_store.go index f9619b0381..b9af145b9d 100644 --- a/cli/config/credentials/native_store.go +++ b/cli/config/credentials/native_store.go @@ -51,6 +51,7 @@ func (c *nativeStore) Get(serverAddress string) (types.AuthConfig, error) { auth.Username = creds.Username auth.IdentityToken = creds.IdentityToken auth.Password = creds.Password + auth.ServerAddress = creds.ServerAddress return auth, nil } @@ -76,6 +77,9 @@ func (c *nativeStore) GetAll() (map[string]types.AuthConfig, error) { ac.Username = creds.Username ac.Password = creds.Password ac.IdentityToken = creds.IdentityToken + if ac.ServerAddress == "" { + ac.ServerAddress = creds.ServerAddress + } authConfigs[registry] = ac } diff --git a/cli/config/credentials/native_store_test.go b/cli/config/credentials/native_store_test.go index 2c6f230f68..5abcca3587 100644 --- a/cli/config/credentials/native_store_test.go +++ b/cli/config/credentials/native_store_test.go @@ -145,9 +145,10 @@ func TestNativeStoreGet(t *testing.T) { assert.NilError(t, err) expected := types.AuthConfig{ - Username: "foo", - Password: "bar", - Email: "foo@example.com", + Username: "foo", + Password: "bar", + Email: "foo@example.com", + ServerAddress: validServerAddress, } assert.Check(t, is.DeepEqual(expected, actual)) } @@ -169,6 +170,7 @@ func TestNativeStoreGetIdentityToken(t *testing.T) { expected := types.AuthConfig{ IdentityToken: "abcd1234", Email: "foo@example2.com", + ServerAddress: validServerAddress2, } assert.Check(t, is.DeepEqual(expected, actual)) }