Merge pull request #6078 from QiWang19/auth-common

auth pkg support emtpy argument & enable login test

cmd/podman/login.go

@@ -8,6 +8,7 @@ import (
 	"github.com/containers/image/v5/types"
 	"github.com/containers/libpod/cmd/podman/registry"
 	"github.com/containers/libpod/pkg/domain/entities"
+	"github.com/containers/libpod/pkg/registries"
 	"github.com/spf13/cobra"
 )
 
@@ -23,7 +24,7 @@ var (
 		Short: "Login to a container registry",
 		Long:  "Login to a container registry on a specified server.",
 		RunE:  login,
-		Args:  cobra.ExactArgs(1),
+		Args:  cobra.MaximumNArgs(1),
 		Example: `podman login quay.io
   podman login --username ... --password ... quay.io
   podman login --authfile dir/auth.json quay.io`,
@@ -48,6 +49,7 @@ func init() {
 	flags.BoolVarP(&loginOptions.GetLoginSet, "get-login", "", false, "Return the current login user for the registry")
 	loginOptions.Stdin = os.Stdin
 	loginOptions.Stdout = os.Stdout
+	loginOptions.AcceptUnspecifiedRegistry = true
 }
 
 // Implementation of podman-login.
@@ -62,7 +64,8 @@ func login(cmd *cobra.Command, args []string) error {
 		AuthFilePath:                loginOptions.AuthFile,
 		DockerCertPath:              loginOptions.CertDir,
 		DockerInsecureSkipTLSVerify: skipTLS,
+		SystemRegistriesConfPath:    registries.SystemRegistriesConfPath(),
 	}
 	loginOptions.GetLoginSet = cmd.Flag("get-login").Changed
-	return auth.Login(context.Background(), &sysCtx, &loginOptions.LoginOptions, args[0])
+	return auth.Login(context.Background(), &sysCtx, &loginOptions.LoginOptions, args)
 }

cmd/podman/logout.go

@@ -7,7 +7,7 @@ import (
 	"github.com/containers/image/v5/types"
 	"github.com/containers/libpod/cmd/podman/registry"
 	"github.com/containers/libpod/pkg/domain/entities"
-	"github.com/pkg/errors"
+	"github.com/containers/libpod/pkg/registries"
 	"github.com/spf13/cobra"
 )
 
@@ -39,19 +39,14 @@ func init() {
 	flags.AddFlagSet(auth.GetLogoutFlags(&logoutOptions))
 	logoutOptions.Stdin = os.Stdin
 	logoutOptions.Stdout = os.Stdout
+	logoutOptions.AcceptUnspecifiedRegistry = true
 }
 
 // Implementation of podman-logout.
 func logout(cmd *cobra.Command, args []string) error {
-	sysCtx := types.SystemContext{AuthFilePath: logoutOptions.AuthFile}
+	sysCtx := types.SystemContext{
-
+		AuthFilePath:             logoutOptions.AuthFile,
-	registry := ""
+		SystemRegistriesConfPath: registries.SystemRegistriesConfPath(),
-	if len(args) > 0 {
-		if logoutOptions.All {
-			return errors.New("--all takes no arguments")
-		}
-		registry = args[0]
 	}
-
+	return auth.Logout(&sysCtx, &logoutOptions, args)
-	return auth.Logout(&sysCtx, &logoutOptions, registry)
 }

go.mod

@@ -10,7 +10,7 @@ require (
 	github.com/containernetworking/cni v0.7.2-0.20200304161608-4fae32b84921
 	github.com/containernetworking/plugins v0.8.5
 	github.com/containers/buildah v1.14.9-0.20200501175434-42a48f9373d9
-	github.com/containers/common v0.10.0
+	github.com/containers/common v0.11.0
 	github.com/containers/conmon v2.0.14+incompatible
 	github.com/containers/image/v5 v5.4.3
 	github.com/containers/psgo v1.5.0

go.sum

@@ -72,6 +72,8 @@ github.com/containers/buildah v1.14.9-0.20200501175434-42a48f9373d9 h1:EGegltin1
 github.com/containers/buildah v1.14.9-0.20200501175434-42a48f9373d9/go.mod h1:+2aNsVcd4pVzmVAbOfWN5X+0Lpz2rtICSGXbTSCzdBU=
 github.com/containers/common v0.10.0 h1:Km1foMJJBIxceA1/UCZcIuwf8sCF71sP5DwE6Oh1BEA=
 github.com/containers/common v0.10.0/go.mod h1:6A/moCuQITXLqBe5A0WKKTcCfCmEQRbknI05HcPzOL0=
+github.com/containers/common v0.11.0 h1:uFSBIl9iqoTIv8icBe9lPrYKkmSiGrAWr0a2PyJLrO4=
+github.com/containers/common v0.11.0/go.mod h1:ag8p8Xp2o1wPAPz/+bA7LVQlDavtg3M15RZLBWt/2KE=
 github.com/containers/conmon v2.0.14+incompatible h1:knU1O1QxXy5YxtjMQVKEyCajROaehizK9FHaICl+P5Y=
 github.com/containers/conmon v2.0.14+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
 github.com/containers/image/v5 v5.4.3 h1:zn2HR7uu4hpvT5QQHgjqonOzKDuM1I1UHUEmzZT5sbs=

test/e2e/login_logout_test.go

@@ -32,7 +32,6 @@ var _ = Describe("Podman login and logout", func() {
 	)
 
 	BeforeEach(func() {
-		Skip(v2fail)
 		tempdir, err = CreateTempDirInTempDir()
 		if err != nil {
 			os.Exit(1)

vendor/github.com/containers/common/pkg/auth/auth.go

@@ -9,6 +9,7 @@ import (
 
 	"github.com/containers/image/v5/docker"
 	"github.com/containers/image/v5/pkg/docker/config"
+	"github.com/containers/image/v5/pkg/sysregistriesv2"
 	"github.com/containers/image/v5/types"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -33,9 +34,27 @@ func CheckAuthFile(authfile string) error {
 	return nil
 }
 
-// Login login to the server with creds from Stdin or CLI
+// Login implements a “log in” command with the provided opts and args
-func Login(ctx context.Context, systemContext *types.SystemContext, opts *LoginOptions, registry string) error {
+// reading the password from opts.Stdin or the options in opts.
-	server := getRegistryName(registry)
+func Login(ctx context.Context, systemContext *types.SystemContext, opts *LoginOptions, args []string) error {
+	var (
+		server string
+		err    error
+	)
+	if len(args) > 1 {
+		return errors.Errorf("login accepts only one registry to login to")
+	}
+	if len(args) == 0 {
+		if !opts.AcceptUnspecifiedRegistry {
+			return errors.Errorf("please provide a registry to login to")
+		}
+		if server, err = defaultRegistryWhenUnspecified(systemContext); err != nil {
+			return err
+		}
+		logrus.Debugf("registry not specified, default to the first registry %q from registries.conf", server)
+	} else {
+		server = getRegistryName(args[0])
+	}
 	authConfig, err := config.GetCredentials(systemContext, server)
 	if err != nil {
 		return errors.Wrapf(err, "error reading auth file")
@@ -151,11 +170,29 @@ func getUserAndPass(opts *LoginOptions, password, userFromAuthFile string) (stri
 	return strings.TrimSpace(username), password, err
 }
 
-// Logout removes the authentication of server from authfile
+// Logout implements a “log out” command with the provided opts and args
-// removes all authtication if specifies all in the options
+func Logout(systemContext *types.SystemContext, opts *LogoutOptions, args []string) error {
-func Logout(systemContext *types.SystemContext, opts *LogoutOptions, server string) error {
+	var (
-	if server != "" {
+		server string
-		server = getRegistryName(server)
+		err    error
+	)
+	if len(args) > 1 {
+		return errors.Errorf("logout accepts only one registry to logout from")
+	}
+	if len(args) == 0 && !opts.All {
+		if !opts.AcceptUnspecifiedRegistry {
+			return errors.Errorf("please provide a registry to logout from")
+		}
+		if server, err = defaultRegistryWhenUnspecified(systemContext); err != nil {
+			return err
+		}
+		logrus.Debugf("registry not specified, default to the first registry %q from registries.conf", server)
+	}
+	if len(args) != 0 {
+		if opts.All {
+			return errors.Errorf("--all takes no arguments")
+		}
+		server = getRegistryName(args[0])
 	}
 	if err := CheckAuthFile(opts.AuthFile); err != nil {
 		return err
@@ -169,7 +206,7 @@ func Logout(systemContext *types.SystemContext, opts *LogoutOptions, server stri
 		return nil
 	}
 
-	err := config.RemoveAuthentication(systemContext, server)
+	err = config.RemoveAuthentication(systemContext, server)
 	switch err {
 	case nil:
 		fmt.Fprintf(opts.Stdout, "Removed login credentials for %s\n", server)
@@ -180,3 +217,16 @@ func Logout(systemContext *types.SystemContext, opts *LogoutOptions, server stri
 		return errors.Wrapf(err, "error logging out of %q", server)
 	}
 }
+
+// defaultRegistryWhenUnspecified returns first registry from search list of registry.conf
+// used by login/logout when registry argument is not specified
+func defaultRegistryWhenUnspecified(systemContext *types.SystemContext) (string, error) {
+	registriesFromFile, err := sysregistriesv2.UnqualifiedSearchRegistries(systemContext)
+	if err != nil {
+		return "", errors.Wrapf(err, "error getting registry from registry.conf, please specify a registry")
+	}
+	if len(registriesFromFile) == 0 {
+		return "", errors.Errorf("no registries found in registries.conf, a registry must be provided")
+	}
+	return registriesFromFile[0], nil
+}

vendor/github.com/containers/common/pkg/auth/cli.go

@@ -9,22 +9,28 @@ import (
 // LoginOptions represents common flags in login
 // caller should define bool or optionalBool fields for flags --get-login and --tls-verify
 type LoginOptions struct {
+	// CLI flags managed by the FlagSet returned by GetLoginFlags
 	AuthFile      string
 	CertDir       string
-	GetLoginSet   bool
 	Password      string
 	Username      string
 	StdinPassword bool
-	Stdin         io.Reader
+	// Options caller can set
-	Stdout        io.Writer
+	GetLoginSet               bool      // set to true if --get-login is explicitly set
+	Stdin                     io.Reader // set to os.Stdin
+	Stdout                    io.Writer // set to os.Stdout
+	AcceptUnspecifiedRegistry bool      // set to true if allows login with unspecified registry
 }
 
 // LogoutOptions represents the results for flags in logout
 type LogoutOptions struct {
+	// CLI flags managed by the FlagSet returned by GetLogoutFlags
 	AuthFile string
 	All      bool
-	Stdin    io.Reader
+	// Options caller can set
-	Stdout   io.Writer
+	Stdin                     io.Reader // set to os.Stdin
+	Stdout                    io.Writer // set to os.Stdout
+	AcceptUnspecifiedRegistry bool      // set to true if allows logout with unspecified registry
 }
 
 // GetLoginFlags defines and returns login flags for containers tools

vendor/github.com/containers/common/pkg/config/default.go

@@ -105,6 +105,9 @@ const (
 	DefaultPidsLimit = 2048
 	// DefaultPullPolicy pulls the image if it does not exist locally
 	DefaultPullPolicy = "missing"
+	// DefaultSignaturePolicyPath is the default value for the
+	// policy.json file.
+	DefaultSignaturePolicyPath = "/etc/containers/policy.json"
 	// DefaultRootlessSignaturePolicyPath is the default value for the
 	// rootless policy.json file.
 	DefaultRootlessSignaturePolicyPath = ".config/containers/policy.json"
@@ -129,14 +132,19 @@ func DefaultConfig() (*Config, error) {
 	}
 
 	netns := "bridge"
+
+	defaultEngineConfig.SignaturePolicyPath = DefaultSignaturePolicyPath
 	if unshare.IsRootless() {
 		home, err := unshare.HomeDir()
 		if err != nil {
 			return nil, err
 		}
 		sigPath := filepath.Join(home, DefaultRootlessSignaturePolicyPath)
-		if _, err := os.Stat(sigPath); err == nil {
+		defaultEngineConfig.SignaturePolicyPath = sigPath
-			defaultEngineConfig.SignaturePolicyPath = sigPath
+		if _, err := os.Stat(sigPath); err != nil {
+			if _, err := os.Stat(DefaultSignaturePolicyPath); err == nil {
+				defaultEngineConfig.SignaturePolicyPath = DefaultSignaturePolicyPath
+			}
 		}
 		netns = "slirp4netns"
 	}

vendor/modules.txt

@@ -82,7 +82,7 @@ github.com/containers/buildah/pkg/secrets
 github.com/containers/buildah/pkg/supplemented
 github.com/containers/buildah/pkg/umask
 github.com/containers/buildah/util
-# github.com/containers/common v0.10.0
+# github.com/containers/common v0.11.0
 github.com/containers/common/pkg/apparmor
 github.com/containers/common/pkg/auth
 github.com/containers/common/pkg/capabilities