mirror of
https://github.com/containers/podman.git
synced 2025-07-15 03:02:52 +08:00
Add --accept-repositories integration tests
This adds the integration tests for the repository or namespaced registry feature introduced in c/common. Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
This commit is contained in:
Sascha Grunert
153
vendor/github.com/containers/common/pkg/auth/auth.go
generated
vendored
153
vendor/github.com/containers/common/pkg/auth/auth.go
generated
vendored
@ -9,6 +9,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"github.com/containers/image/v5/docker"
|
||||
"github.com/containers/image/v5/docker/reference"
|
||||
"github.com/containers/image/v5/pkg/docker/config"
|
||||
"github.com/containers/image/v5/pkg/sysregistriesv2"
|
||||
"github.com/containers/image/v5/types"
|
||||
@ -69,30 +70,50 @@ func Login(ctx context.Context, systemContext *types.SystemContext, opts *LoginO
|
||||
systemContext = systemContextWithOptions(systemContext, opts.AuthFile, opts.CertDir)
|
||||
|
||||
var (
|
||||
server string
|
||||
err error
|
||||
authConfig types.DockerAuthConfig
|
||||
key, registry string
|
||||
ref reference.Named
|
||||
err error
|
||||
)
|
||||
if len(args) > 1 {
|
||||
return errors.New("login accepts only one registry to login to")
|
||||
}
|
||||
if len(args) == 0 {
|
||||
l := len(args)
|
||||
switch l {
|
||||
case 0:
|
||||
if !opts.AcceptUnspecifiedRegistry {
|
||||
return errors.New("please provide a registry to login to")
|
||||
}
|
||||
if server, err = defaultRegistryWhenUnspecified(systemContext); err != nil {
|
||||
if key, err = defaultRegistryWhenUnspecified(systemContext); err != nil {
|
||||
return err
|
||||
}
|
||||
logrus.Debugf("registry not specified, default to the first registry %q from registries.conf", server)
|
||||
registry = key
|
||||
logrus.Debugf("registry not specified, default to the first registry %q from registries.conf", key)
|
||||
|
||||
case 1:
|
||||
key, registry, ref, err = parseRegistryArgument(args[0], opts.AcceptRepositories)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
default:
|
||||
return errors.New("login accepts only one registry to login to")
|
||||
|
||||
}
|
||||
|
||||
if ref != nil {
|
||||
authConfig, err = config.GetCredentialsForRef(systemContext, ref)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "get credentials for repository")
|
||||
}
|
||||
} else {
|
||||
server = getRegistryName(args[0])
|
||||
}
|
||||
authConfig, err := config.GetCredentials(systemContext, server)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "reading auth file")
|
||||
// nolint: staticcheck
|
||||
authConfig, err = config.GetCredentials(systemContext, registry)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "get credentials")
|
||||
}
|
||||
}
|
||||
|
||||
if opts.GetLoginSet {
|
||||
if authConfig.Username == "" {
|
||||
return errors.Errorf("not logged into %s", server)
|
||||
return errors.Errorf("not logged into %s", key)
|
||||
}
|
||||
fmt.Fprintf(opts.Stdout, "%s\n", authConfig.Username)
|
||||
return nil
|
||||
@ -119,9 +140,9 @@ func Login(ctx context.Context, systemContext *types.SystemContext, opts *LoginO
|
||||
|
||||
// If no username and no password is specified, try to use existing ones.
|
||||
if opts.Username == "" && password == "" && authConfig.Username != "" && authConfig.Password != "" {
|
||||
fmt.Println("Authenticating with existing credentials...")
|
||||
if err := docker.CheckAuth(ctx, systemContext, authConfig.Username, authConfig.Password, server); err == nil {
|
||||
fmt.Fprintln(opts.Stdout, "Existing credentials are valid. Already logged in to", server)
|
||||
fmt.Fprintf(opts.Stdout, "Authenticating with existing credentials for %s\n", key)
|
||||
if err := docker.CheckAuth(ctx, systemContext, authConfig.Username, authConfig.Password, registry); err == nil {
|
||||
fmt.Fprintf(opts.Stdout, "Existing credentials are valid. Already logged in to %s\n", registry)
|
||||
return nil
|
||||
}
|
||||
fmt.Fprintln(opts.Stdout, "Existing credentials are invalid, please enter valid username and password")
|
||||
@ -132,9 +153,9 @@ func Login(ctx context.Context, systemContext *types.SystemContext, opts *LoginO
|
||||
return errors.Wrap(err, "getting username and password")
|
||||
}
|
||||
|
||||
if err = docker.CheckAuth(ctx, systemContext, username, password, server); err == nil {
|
||||
if err = docker.CheckAuth(ctx, systemContext, username, password, registry); err == nil {
|
||||
// Write the new credentials to the authfile
|
||||
desc, err := config.SetCredentials(systemContext, server, username, password)
|
||||
desc, err := config.SetCredentials(systemContext, key, username, password)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@ -147,10 +168,45 @@ func Login(ctx context.Context, systemContext *types.SystemContext, opts *LoginO
|
||||
return nil
|
||||
}
|
||||
if unauthorized, ok := err.(docker.ErrUnauthorizedForCredentials); ok {
|
||||
logrus.Debugf("error logging into %q: %v", server, unauthorized)
|
||||
return errors.Errorf("error logging into %q: invalid username/password", server)
|
||||
logrus.Debugf("error logging into %q: %v", key, unauthorized)
|
||||
return errors.Errorf("error logging into %q: invalid username/password", key)
|
||||
}
|
||||
return errors.Wrapf(err, "authenticating creds for %q", server)
|
||||
return errors.Wrapf(err, "authenticating creds for %q", key)
|
||||
}
|
||||
|
||||
// parseRegistryArgument verifies the provided arg depending if we accept
|
||||
// repositories or not.
|
||||
func parseRegistryArgument(arg string, acceptRepositories bool) (key, registry string, maybeRef reference.Named, err error) {
|
||||
if !acceptRepositories {
|
||||
registry = getRegistryName(arg)
|
||||
key = registry
|
||||
return key, registry, maybeRef, nil
|
||||
}
|
||||
|
||||
key = trimScheme(arg)
|
||||
if key != arg {
|
||||
return key, registry, nil, errors.New("credentials key has https[s]:// prefix")
|
||||
}
|
||||
|
||||
registry = getRegistryName(key)
|
||||
if registry == key {
|
||||
// We cannot parse a reference from a registry, so we stop here
|
||||
return key, registry, nil, nil
|
||||
}
|
||||
|
||||
ref, parseErr := reference.ParseNamed(key)
|
||||
if parseErr != nil {
|
||||
return key, registry, nil, errors.Wrapf(parseErr, "parse reference from %q", key)
|
||||
}
|
||||
|
||||
if !reference.IsNameOnly(ref) {
|
||||
return key, registry, nil, errors.Errorf("reference %q contains tag or digest", ref.String())
|
||||
}
|
||||
|
||||
maybeRef = ref
|
||||
registry = reference.Domain(ref)
|
||||
|
||||
return key, registry, maybeRef, nil
|
||||
}
|
||||
|
||||
// getRegistryName scrubs and parses the input to get the server name
|
||||
@ -158,13 +214,21 @@ func getRegistryName(server string) string {
|
||||
// removes 'http://' or 'https://' from the front of the
|
||||
// server/registry string if either is there. This will be mostly used
|
||||
// for user input from 'Buildah login' and 'Buildah logout'.
|
||||
server = strings.TrimPrefix(strings.TrimPrefix(server, "https://"), "http://")
|
||||
server = trimScheme(server)
|
||||
// gets the registry from the input. If the input is of the form
|
||||
// quay.io/myuser/myimage, it will parse it and just return quay.io
|
||||
split := strings.Split(server, "/")
|
||||
return split[0]
|
||||
}
|
||||
|
||||
// trimScheme removes the HTTP(s) scheme from the provided repository.
|
||||
func trimScheme(repository string) string {
|
||||
// removes 'http://' or 'https://' from the front of the
|
||||
// server/registry string if either is there. This will be mostly used
|
||||
// for user input from 'Buildah login' and 'Buildah logout'.
|
||||
return strings.TrimPrefix(strings.TrimPrefix(repository, "https://"), "http://")
|
||||
}
|
||||
|
||||
// getUserAndPass gets the username and password from STDIN if not given
|
||||
// using the -u and -p flags. If the username prompt is left empty, the
|
||||
// displayed userFromAuthFile will be used instead.
|
||||
@ -209,8 +273,9 @@ func Logout(systemContext *types.SystemContext, opts *LogoutOptions, args []stri
|
||||
systemContext = systemContextWithOptions(systemContext, opts.AuthFile, "")
|
||||
|
||||
var (
|
||||
server string
|
||||
err error
|
||||
key, registry string
|
||||
ref reference.Named
|
||||
err error
|
||||
)
|
||||
if len(args) > 1 {
|
||||
return errors.New("logout accepts only one registry to logout from")
|
||||
@ -219,16 +284,20 @@ func Logout(systemContext *types.SystemContext, opts *LogoutOptions, args []stri
|
||||
if !opts.AcceptUnspecifiedRegistry {
|
||||
return errors.New("please provide a registry to logout from")
|
||||
}
|
||||
if server, err = defaultRegistryWhenUnspecified(systemContext); err != nil {
|
||||
if key, err = defaultRegistryWhenUnspecified(systemContext); err != nil {
|
||||
return err
|
||||
}
|
||||
logrus.Debugf("registry not specified, default to the first registry %q from registries.conf", server)
|
||||
registry = key
|
||||
logrus.Debugf("registry not specified, default to the first registry %q from registries.conf", key)
|
||||
}
|
||||
if len(args) != 0 {
|
||||
if opts.All {
|
||||
return errors.New("--all takes no arguments")
|
||||
}
|
||||
server = getRegistryName(args[0])
|
||||
key, registry, ref, err = parseRegistryArgument(args[0], opts.AcceptRepositories)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
if opts.All {
|
||||
@ -239,24 +308,34 @@ func Logout(systemContext *types.SystemContext, opts *LogoutOptions, args []stri
|
||||
return nil
|
||||
}
|
||||
|
||||
err = config.RemoveAuthentication(systemContext, server)
|
||||
err = config.RemoveAuthentication(systemContext, key)
|
||||
switch errors.Cause(err) {
|
||||
case nil:
|
||||
fmt.Fprintf(opts.Stdout, "Removed login credentials for %s\n", server)
|
||||
fmt.Fprintf(opts.Stdout, "Removed login credentials for %s\n", key)
|
||||
return nil
|
||||
case config.ErrNotLoggedIn:
|
||||
authConfig, err := config.GetCredentials(systemContext, server)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "reading auth file")
|
||||
var authConfig types.DockerAuthConfig
|
||||
if ref != nil {
|
||||
authConfig, err = config.GetCredentialsForRef(systemContext, ref)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "get credentials for repository")
|
||||
}
|
||||
} else {
|
||||
// nolint: staticcheck
|
||||
authConfig, err = config.GetCredentials(systemContext, registry)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "get credentials")
|
||||
}
|
||||
}
|
||||
authInvalid := docker.CheckAuth(context.Background(), systemContext, authConfig.Username, authConfig.Password, server)
|
||||
|
||||
authInvalid := docker.CheckAuth(context.Background(), systemContext, authConfig.Username, authConfig.Password, registry)
|
||||
if authConfig.Username != "" && authConfig.Password != "" && authInvalid == nil {
|
||||
fmt.Printf("Not logged into %s with current tool. Existing credentials were established via docker login. Please use docker logout instead.\n", server)
|
||||
fmt.Printf("Not logged into %s with current tool. Existing credentials were established via docker login. Please use docker logout instead.\n", key)
|
||||
return nil
|
||||
}
|
||||
return errors.Errorf("Not logged into %s\n", server)
|
||||
return errors.Errorf("Not logged into %s\n", key)
|
||||
default:
|
||||
return errors.Wrapf(err, "logging out of %q", server)
|
||||
return errors.Wrapf(err, "logging out of %q", key)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user