opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-27 21:50:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

Make XRegistryAuthHeader and XRegistryConfigHeader private

Browse Source 
... now that they have no public users.

Also remove the HeaderAuthName type, we don't need the type-safety
so much for private constants, and using plain strings results in
less visual noise.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This commit is contained in:
Miloslav Trmač
2021-10-21 20:52:38 +02:00
parent 3cfefa1248
commit 5bbcfaf4aa
2 changed files with 26 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
pkg/auth/auth.go
View File

@ -15,37 +15,33 @@ import (
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
) )
type HeaderAuthName string // xRegistryAuthHeader is the key to the encoded registry authentication configuration in an http-request header.
func (h HeaderAuthName) String() string { return string(h) }
// XRegistryAuthHeader is the key to the encoded registry authentication configuration in an http-request header.
// This header supports one registry per header occurrence. To support N registries provide N headers, one per registry. // This header supports one registry per header occurrence. To support N registries provide N headers, one per registry.
// As of Docker API 1.40 and Libpod API 1.0.0, this header is supported by all endpoints. // As of Docker API 1.40 and Libpod API 1.0.0, this header is supported by all endpoints.
const XRegistryAuthHeader HeaderAuthName = "X-Registry-Auth" const xRegistryAuthHeader = "X-Registry-Auth"
// XRegistryConfigHeader is the key to the encoded registry authentication configuration in an http-request header. // xRegistryConfigHeader is the key to the encoded registry authentication configuration in an http-request header.
// This header supports N registries in one header via a Base64 encoded, JSON map. // This header supports N registries in one header via a Base64 encoded, JSON map.
// As of Docker API 1.40 and Libpod API 2.0.0, this header is supported by build endpoints. // As of Docker API 1.40 and Libpod API 2.0.0, this header is supported by build endpoints.
const XRegistryConfigHeader HeaderAuthName = "X-Registry-Config" const xRegistryConfigHeader = "X-Registry-Config"
// GetCredentials queries the http.Request for X-Registry-.* headers and extracts // GetCredentials queries the http.Request for X-Registry-.* headers and extracts
// the necessary authentication information for libpod operations, possibly // the necessary authentication information for libpod operations, possibly
// creating a config file. If that is the case, the caller must call RemoveAuthFile. // creating a config file. If that is the case, the caller must call RemoveAuthFile.
func GetCredentials(r *http.Request) (*types.DockerAuthConfig, string, error) { func GetCredentials(r *http.Request) (*types.DockerAuthConfig, string, error) {
nonemptyHeaderValue := func(key HeaderAuthName) ([]string, bool) { nonemptyHeaderValue := func(key string) ([]string, bool) {
hdr := r.Header.Values(key.String()) hdr := r.Header.Values(key)
return hdr, len(hdr) > 0 return hdr, len(hdr) > 0
} }
var override *types.DockerAuthConfig var override *types.DockerAuthConfig
var fileContents map[string]types.DockerAuthConfig var fileContents map[string]types.DockerAuthConfig
var headerName HeaderAuthName var headerName string
var err error var err error
if hdr, ok := nonemptyHeaderValue(XRegistryConfigHeader); ok { if hdr, ok := nonemptyHeaderValue(xRegistryConfigHeader); ok {
headerName = XRegistryConfigHeader headerName = xRegistryConfigHeader
override, fileContents, err = getConfigCredentials(r, hdr) override, fileContents, err = getConfigCredentials(r, hdr)
} else if hdr, ok := nonemptyHeaderValue(XRegistryAuthHeader); ok { } else if hdr, ok := nonemptyHeaderValue(xRegistryAuthHeader); ok {
headerName = XRegistryAuthHeader headerName = xRegistryAuthHeader
override, fileContents, err = getAuthCredentials(hdr) override, fileContents, err = getAuthCredentials(hdr)
} else { } else {
return nil, "", nil return nil, "", nil
@ -67,7 +63,7 @@ func GetCredentials(r *http.Request) (*types.DockerAuthConfig, string, error) {
} }
// getConfigCredentials extracts one or more docker.AuthConfig from a request and its // getConfigCredentials extracts one or more docker.AuthConfig from a request and its
// XRegistryConfigHeader value. An empty key will be used as default while a named registry will be // xRegistryConfigHeader value. An empty key will be used as default while a named registry will be
// returned as types.DockerAuthConfig // returned as types.DockerAuthConfig
func getConfigCredentials(r *http.Request, headers []string) (*types.DockerAuthConfig, map[string]types.DockerAuthConfig, error) { func getConfigCredentials(r *http.Request, headers []string) (*types.DockerAuthConfig, map[string]types.DockerAuthConfig, error) {
var auth *types.DockerAuthConfig var auth *types.DockerAuthConfig
@ -76,13 +72,13 @@ func getConfigCredentials(r *http.Request, headers []string) (*types.DockerAuthC
for _, h := range headers { for _, h := range headers {
param, err := base64.URLEncoding.DecodeString(h) param, err := base64.URLEncoding.DecodeString(h)
if err != nil { if err != nil {
return nil, nil, errors.Wrapf(err, "failed to decode %q", XRegistryConfigHeader) return nil, nil, errors.Wrapf(err, "failed to decode %q", xRegistryConfigHeader)
} }
ac := make(map[string]dockerAPITypes.AuthConfig) ac := make(map[string]dockerAPITypes.AuthConfig)
err = json.Unmarshal(param, &ac) err = json.Unmarshal(param, &ac)
if err != nil { if err != nil {
return nil, nil, errors.Wrapf(err, "failed to unmarshal %q", XRegistryConfigHeader) return nil, nil, errors.Wrapf(err, "failed to unmarshal %q", xRegistryConfigHeader)
} }
for k, v := range ac { for k, v := range ac {
@ -112,16 +108,16 @@ func getConfigCredentials(r *http.Request, headers []string) (*types.DockerAuthC
if auth == nil { if auth == nil {
logrus.Debugf("%q header found in request, but \"registry=%v\" query parameter not provided", logrus.Debugf("%q header found in request, but \"registry=%v\" query parameter not provided",
XRegistryConfigHeader, registries) xRegistryConfigHeader, registries)
} else { } else {
logrus.Debugf("%q header found in request for username %q", XRegistryConfigHeader, auth.Username) logrus.Debugf("%q header found in request for username %q", xRegistryConfigHeader, auth.Username)
} }
} }
return auth, configs, nil return auth, configs, nil
} }
// getAuthCredentials extracts one or more DockerAuthConfigs from an XRegistryAuthHeader // getAuthCredentials extracts one or more DockerAuthConfigs from an xRegistryAuthHeader
// value. The header could specify a single-auth config in which case the // value. The header could specify a single-auth config in which case the
// first return value is set. In case of a multi-auth header, the contents are // first return value is set. In case of a multi-auth header, the contents are
// returned in the second return value. // returned in the second return value.
@ -142,7 +138,7 @@ func getAuthCredentials(headers []string) (*types.DockerAuthConfig, map[string]t
return &authConfig, nil, nil return &authConfig, nil, nil
} }
// MakeXRegistryConfigHeader returns a map with the XRegistryConfigHeader set which can // MakeXRegistryConfigHeader returns a map with the "X-Registry-Config" header set, which can
// conveniently be used in the http stack. // conveniently be used in the http stack.
func MakeXRegistryConfigHeader(sys *types.SystemContext, username, password string) (map[string]string, error) { func MakeXRegistryConfigHeader(sys *types.SystemContext, username, password string) (map[string]string, error) {
if sys == nil { if sys == nil {
@ -167,10 +163,10 @@ func MakeXRegistryConfigHeader(sys *types.SystemContext, username, password stri
if err != nil { if err != nil {
return nil, err return nil, err
} }
return map[string]string{XRegistryConfigHeader.String(): content}, nil return map[string]string{xRegistryConfigHeader: content}, nil
} }
// MakeXRegistryAuthHeader returns a map with the XRegistryAuthHeader set which can // MakeXRegistryAuthHeader returns a map with the "X-Registry-Auth" header set, which can
// conveniently be used in the http stack. // conveniently be used in the http stack.
func MakeXRegistryAuthHeader(sys *types.SystemContext, username, password string) (map[string]string, error) { func MakeXRegistryAuthHeader(sys *types.SystemContext, username, password string) (map[string]string, error) {
if username != "" { if username != "" {
@ -178,7 +174,7 @@ func MakeXRegistryAuthHeader(sys *types.SystemContext, username, password string
if err != nil { if err != nil {
return nil, err return nil, err
} }
return map[string]string{XRegistryAuthHeader.String(): content}, nil return map[string]string{xRegistryAuthHeader: content}, nil
} }
if sys == nil { if sys == nil {
@ -192,7 +188,7 @@ func MakeXRegistryAuthHeader(sys *types.SystemContext, username, password string
if err != nil { if err != nil {
return nil, err return nil, err
} }
return map[string]string{XRegistryAuthHeader.String(): content}, nil return map[string]string{xRegistryAuthHeader: content}, nil
} }
// RemoveAuthfile is a convenience function that is meant to be called in a // RemoveAuthfile is a convenience function that is meant to be called in a
@ -309,7 +305,7 @@ func imageAuthToDockerAuth(authConfig types.DockerAuthConfig) dockerAPITypes.Aut
} }
} }
// parseSingleAuthHeader extracts a DockerAuthConfig from an XRegistryAuthHeader value. // parseSingleAuthHeader extracts a DockerAuthConfig from an xRegistryAuthHeader value.
// The header content is a single DockerAuthConfig. // The header content is a single DockerAuthConfig.
func parseSingleAuthHeader(authHeader string) (types.DockerAuthConfig, error) { func parseSingleAuthHeader(authHeader string) (types.DockerAuthConfig, error) {
// Accept "null" and handle it as empty value for compatibility reason with Docker. // Accept "null" and handle it as empty value for compatibility reason with Docker.
@ -326,7 +322,7 @@ func parseSingleAuthHeader(authHeader string) (types.DockerAuthConfig, error) {
return dockerAuthToImageAuth(authConfig), nil return dockerAuthToImageAuth(authConfig), nil
} }
// parseMultiAuthHeader extracts a DockerAuthConfig from an XRegistryAuthHeader value. // parseMultiAuthHeader extracts a DockerAuthConfig from an xRegistryAuthHeader value.
// The header content is a map[string]DockerAuthConfigs. // The header content is a map[string]DockerAuthConfigs.
func parseMultiAuthHeader(authHeader string) (map[string]types.DockerAuthConfig, error) { func parseMultiAuthHeader(authHeader string) (map[string]types.DockerAuthConfig, error) {
// Accept "null" and handle it as empty value for compatibility reason with Docker. // Accept "null" and handle it as empty value for compatibility reason with Docker.

4
pkg/auth/auth_test.go
View File

@ -217,7 +217,7 @@ func TestMakeXRegistryConfigHeader(t *testing.T) {
assert.Empty(t, res, tc.name) assert.Empty(t, res, tc.name)
} else { } else {
require.Len(t, res, 1, tc.name) require.Len(t, res, 1, tc.name)
header, ok := res[XRegistryConfigHeader.String()] header, ok := res[xRegistryConfigHeader]
require.True(t, ok, tc.name) require.True(t, ok, tc.name)
decodedHeader, err := base64.URLEncoding.DecodeString(header) decodedHeader, err := base64.URLEncoding.DecodeString(header)
require.NoError(t, err, tc.name) require.NoError(t, err, tc.name)
@ -280,7 +280,7 @@ func TestMakeXRegistryAuthHeader(t *testing.T) {
assert.Empty(t, res, tc.name) assert.Empty(t, res, tc.name)
} else { } else {
require.Len(t, res, 1, tc.name) require.Len(t, res, 1, tc.name)
header, ok := res[XRegistryAuthHeader.String()] header, ok := res[xRegistryAuthHeader]
require.True(t, ok, tc.name) require.True(t, ok, tc.name)
decodedHeader, err := base64.URLEncoding.DecodeString(header) decodedHeader, err := base64.URLEncoding.DecodeString(header)
require.NoError(t, err, tc.name) require.NoError(t, err, tc.name)