mirror of
https://github.com/containers/podman.git
synced 2025-06-22 18:08:11 +08:00
Merge pull request #19348 from rhatdan/authfile
Verify authfile exists if user specifies it
This commit is contained in:
OpenShift Merge Robot
@ -68,6 +68,9 @@ func autoUpdate(cmd *cobra.Command, args []string) error {
|
||||
return fmt.Errorf("`%s` takes no arguments", cmd.CommandPath())
|
||||
}
|
||||
|
||||
if err := auth.CheckAuthFile(autoUpdateOptions.Authfile); err != nil {
|
||||
return err
|
||||
}
|
||||
if cmd.Flags().Changed("tls-verify") {
|
||||
autoUpdateOptions.InsecureSkipTLSVerify = types.NewOptionalBool(!autoUpdateOptions.tlsVerify)
|
||||
}
|
||||
|
||||
@ -9,6 +9,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"github.com/containers/buildah/pkg/cli"
|
||||
"github.com/containers/common/pkg/auth"
|
||||
"github.com/containers/common/pkg/config"
|
||||
cutil "github.com/containers/common/pkg/util"
|
||||
"github.com/containers/image/v5/transports/alltransports"
|
||||
@ -154,6 +155,11 @@ func create(cmd *cobra.Command, args []string) error {
|
||||
}
|
||||
imageName = name
|
||||
}
|
||||
|
||||
if err := auth.CheckAuthFile(cliVals.Authfile); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
s := specgen.NewSpecGenerator(imageName, cliVals.RootFS)
|
||||
if err := specgenutil.FillOutSpecGen(s, &cliVals, args); err != nil {
|
||||
return err
|
||||
|
||||
@ -5,6 +5,7 @@ import (
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
"github.com/containers/common/pkg/auth"
|
||||
"github.com/containers/common/pkg/completion"
|
||||
"github.com/containers/podman/v4/cmd/podman/common"
|
||||
"github.com/containers/podman/v4/cmd/podman/registry"
|
||||
@ -114,10 +115,8 @@ func run(cmd *cobra.Command, args []string) error {
|
||||
logrus.Warnf("The input device is not a TTY. The --tty and --interactive flags might not work properly")
|
||||
}
|
||||
|
||||
if af := cliVals.Authfile; len(af) > 0 {
|
||||
if _, err := os.Stat(af); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := auth.CheckAuthFile(cliVals.Authfile); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
runOpts.CIDFile = cliVals.CIDFile
|
||||
|
||||
@ -2,7 +2,6 @@ package containers
|
||||
|
||||
import (
|
||||
"context"
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
"github.com/containers/common/pkg/auth"
|
||||
@ -91,10 +90,8 @@ func runlabel(cmd *cobra.Command, args []string) error {
|
||||
if cmd.Flags().Changed("tls-verify") {
|
||||
runlabelOptions.SkipTLSVerify = types.NewOptionalBool(!runlabelOptions.TLSVerifyCLI)
|
||||
}
|
||||
if runlabelOptions.Authfile != "" {
|
||||
if _, err := os.Stat(runlabelOptions.Authfile); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := auth.CheckAuthFile(runlabelOptions.Authfile); err != nil {
|
||||
return err
|
||||
}
|
||||
return registry.ContainerEngine().ContainerRunlabel(context.Background(), strings.TrimPrefix(args[0], "/"), args[1], args[2:], runlabelOptions.ContainerRunlabelOptions)
|
||||
}
|
||||
|
||||
@ -363,6 +363,10 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil
|
||||
}
|
||||
}
|
||||
|
||||
if err := auth.CheckAuthFile(flags.Authfile); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
commonOpts, err := parse.CommonBuildOptions(c)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@ -398,12 +402,6 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil
|
||||
pullPolicy = buildahDefine.PullNever
|
||||
}
|
||||
|
||||
if c.Flag("authfile").Changed {
|
||||
if err := auth.CheckAuthFile(flags.Authfile); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
var cleanTmpFile bool
|
||||
flags.Authfile, cleanTmpFile = buildahUtil.MirrorToTempFileIfPathIsDescriptor(flags.Authfile)
|
||||
if cleanTmpFile {
|
||||
|
||||
@ -136,10 +136,8 @@ func imagePull(cmd *cobra.Command, args []string) error {
|
||||
if cmd.Flags().Changed("tls-verify") {
|
||||
pullOptions.SkipTLSVerify = types.NewOptionalBool(!pullOptions.TLSVerifyCLI)
|
||||
}
|
||||
if pullOptions.Authfile != "" {
|
||||
if _, err := os.Stat(pullOptions.Authfile); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := auth.CheckAuthFile(pullOptions.Authfile); err != nil {
|
||||
return err
|
||||
}
|
||||
platform, err := cmd.Flags().GetString("platform")
|
||||
if err != nil {
|
||||
|
||||
@ -173,10 +173,8 @@ func imagePush(cmd *cobra.Command, args []string) error {
|
||||
pushOptions.SkipTLSVerify = types.NewOptionalBool(!pushOptions.TLSVerifyCLI)
|
||||
}
|
||||
|
||||
if pushOptions.Authfile != "" {
|
||||
if _, err := os.Stat(pushOptions.Authfile); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := auth.CheckAuthFile(pushOptions.Authfile); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if pushOptions.CredentialsCLI != "" {
|
||||
|
||||
@ -138,10 +138,8 @@ func imageSearch(cmd *cobra.Command, args []string) error {
|
||||
searchOptions.SkipTLSVerify = types.NewOptionalBool(!searchOptions.TLSVerifyCLI)
|
||||
}
|
||||
|
||||
if searchOptions.Authfile != "" {
|
||||
if _, err := os.Stat(searchOptions.Authfile); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := auth.CheckAuthFile(searchOptions.Authfile); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if searchOptions.CredentialsCLI != "" {
|
||||
|
||||
@ -56,6 +56,9 @@ func init() {
|
||||
}
|
||||
|
||||
func sign(cmd *cobra.Command, args []string) error {
|
||||
if err := auth.CheckAuthFile(signOptions.Authfile); err != nil {
|
||||
return err
|
||||
}
|
||||
if signOptions.SignBy == "" {
|
||||
return errors.New("no identity provided")
|
||||
}
|
||||
|
||||
@ -217,10 +217,8 @@ func play(cmd *cobra.Command, args []string) error {
|
||||
if cmd.Flags().Changed("build") {
|
||||
playOptions.Build = types.NewOptionalBool(playOptions.BuildCLI)
|
||||
}
|
||||
if playOptions.Authfile != "" {
|
||||
if _, err := os.Stat(playOptions.Authfile); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := auth.CheckAuthFile(playOptions.Authfile); err != nil {
|
||||
return err
|
||||
}
|
||||
if playOptions.ContextDir != "" && playOptions.Build != types.OptionalBoolTrue {
|
||||
return errors.New("--build must be specified when using --context-dir option")
|
||||
|
||||
@ -44,6 +44,9 @@ func init() {
|
||||
}
|
||||
|
||||
func inspect(cmd *cobra.Command, args []string) error {
|
||||
if err := auth.CheckAuthFile(inspectOptions.Authfile); err != nil {
|
||||
return err
|
||||
}
|
||||
if cmd.Flags().Changed("tls-verify") {
|
||||
inspectOptions.SkipTLSVerify = types.NewOptionalBool(!tlsVerifyCLI)
|
||||
} else if cmd.Flags().Changed("insecure") {
|
||||
|
||||
@ -311,10 +311,11 @@ var _ = Describe("Podman create", func() {
|
||||
})
|
||||
|
||||
It("podman create --authfile with nonexistent authfile", func() {
|
||||
// FIXME (#18938): this test should fail but does not!
|
||||
session := podmanTest.Podman([]string{"create", "--authfile", "/tmp/nonexistent", "--name=foo", ALPINE})
|
||||
bogus := filepath.Join(podmanTest.TempDir, "bogus.conf")
|
||||
session := podmanTest.Podman([]string{"create", "--authfile", bogus, "--name=foo", ALPINE})
|
||||
session.WaitWithDefaultTimeout()
|
||||
Expect(session).Should(Exit(0))
|
||||
Expect(session).To(ExitWithError())
|
||||
Expect(session.ErrorToString()).To(ContainSubstring("no such file or directory"))
|
||||
})
|
||||
|
||||
It("podman create --signature-policy", func() {
|
||||
|
||||
@ -169,7 +169,7 @@ var _ = Describe("Podman login and logout", func() {
|
||||
session = podmanTest.Podman([]string{"push", "--authfile", "/tmp/nonexistent", ALPINE, testImg})
|
||||
session.WaitWithDefaultTimeout()
|
||||
Expect(session).To(ExitWithError())
|
||||
Expect(session.ErrorToString()).To(Equal("Error: stat /tmp/nonexistent: no such file or directory"))
|
||||
Expect(session.ErrorToString()).To(Equal("Error: checking authfile: stat /tmp/nonexistent: no such file or directory"))
|
||||
|
||||
session = podmanTest.Podman([]string{"push", "--authfile", authFile, ALPINE, testImg})
|
||||
session.WaitWithDefaultTimeout()
|
||||
|
||||
@ -1158,4 +1158,35 @@ EOF
|
||||
run_podman rm -f -t0 $ctr
|
||||
}
|
||||
|
||||
@test "podman --authfile=/tmp/bogus " {
|
||||
bogus=$PODMAN_TMPDIR/bogus-authfile
|
||||
for command in "run" "create" "pull" "push" "manifest push" "manifest add" "container runlabel"; do
|
||||
if is_remote -a $command -eq "container runlabel"; then
|
||||
continue
|
||||
fi
|
||||
run_podman 125 $command --authfile=$bogus $IMAGE argument
|
||||
is "$output" "Error: checking authfile: stat $bogus: no such file or directory" "$command should fail with not such file"
|
||||
done
|
||||
|
||||
for command in "search" "manifest inspect" "logout" "image sign"; do
|
||||
if is_remote -a $command -eq "image sign"; then
|
||||
continue
|
||||
fi
|
||||
|
||||
run_podman 125 $command --authfile=$bogus $IMAGE
|
||||
is "$output" "Error: checking authfile: stat $bogus: no such file or directory" "$command should fail with not such file"
|
||||
done
|
||||
|
||||
if !is_remote; then
|
||||
for command in "auto-update"; do
|
||||
run_podman 125 $command --authfile=$bogus
|
||||
is "$output" "Error: checking authfile: stat $bogus: no such file or directory" "$command should fail with not such file"
|
||||
done
|
||||
fi
|
||||
|
||||
touch $PODMAN_TMPDIR/Containerfile
|
||||
run_podman 125 build --authfile=$bogus $PODMAN_TMPDIR
|
||||
is "$output" "Error: checking authfile: stat $bogus: no such file or directory" "build should fail with not such file"
|
||||
}
|
||||
|
||||
# vim: filetype=sh
|
||||
|
||||
@ -724,3 +724,13 @@ spec:
|
||||
|
||||
run_podman kube down $pod_file
|
||||
}
|
||||
|
||||
@test "podman kube with --authfile=/tmp/bogus" {
|
||||
TESTDIR=$PODMAN_TMPDIR/testdir
|
||||
mkdir -p $TESTDIR
|
||||
echo "$testYaml" | sed "s|TESTDIR|${TESTDIR}|g" > $PODMAN_TMPDIR/test.yaml
|
||||
bogus=$PODMAN_TMPDIR/bogus-authfile
|
||||
|
||||
run_podman 125 kube play --authfile=$bogus - < $PODMAN_TMPDIR/test.yaml
|
||||
is "$output" "Error: checking authfile: stat $bogus: no such file or directory" "$command should fail with not such file"
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user