Add support for --compat-auth-file in login/logout

This mostly just inherits the c/common/pkg/auth implementation, except that AuthFilePath and DockerCompatAuthFilePath can not be set simultaneously, so don't unnecessarily explicitly set AuthFilePath. c/common already handles that. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2025-05-20 16:47:39 +08:00 · 2023-11-07 20:41:09 +01:00
parent a3d5814e0e
commit d0b32255e4
6 changed files with 59 additions and 5 deletions
--- a/cmd/podman/login.go
+++ b/cmd/podman/login.go
@ -96,8 +96,6 @@ func login(cmd *cobra.Command, args []string) error {
 	}

 	sysCtx := &types.SystemContext{
-		AuthFilePath:                loginOptions.AuthFile,
-		DockerCertPath:              loginOptions.CertDir,
 		DockerInsecureSkipTLSVerify: skipTLS,
 	}
 	setRegistriesConfPath(sysCtx)
--- a/cmd/podman/logout.go
+++ b/cmd/podman/logout.go
@ -48,9 +48,7 @@ func init() {

 // Implementation of podman-logout.
 func logout(cmd *cobra.Command, args []string) error {
-	sysCtx := &types.SystemContext{
-		AuthFilePath: logoutOptions.AuthFile,
-	}
+	sysCtx := &types.SystemContext{}
 	setRegistriesConfPath(sysCtx)
 	return auth.Logout(sysCtx, &logoutOptions, args)
 }
--- a/docs/source/markdown/podman-login.1.md.in
+++ b/docs/source/markdown/podman-login.1.md.in
@ -32,6 +32,10 @@ For more details about format and configurations of the auth.json file, see cont

@@option cert-dir

+#### **--compat-auth-file**=*path*
+
+Instead of updating the default credentials file, update the one at *path*, and use a Docker-compatible format.
+
 #### **--get-login**

 Return the logged-in user for the registry.  Return error if no login is found.
--- a/docs/source/markdown/podman-logout.1.md.in
+++ b/docs/source/markdown/podman-logout.1.md.in
@ -27,6 +27,10 @@ Remove the cached credentials for all registries in the auth file

@@option authfile

+#### **--compat-auth-file**=*path*
+
+Instead of updating the default credentials file, update the one at *path*, and use a Docker-compatible format.
+
 #### **--help**, **-h**

 Print usage statement
--- a/test/e2e/login_logout_test.go
+++ b/test/e2e/login_logout_test.go
@ -189,6 +189,45 @@ var _ = Describe("Podman login and logout", func() {
 		Expect(session).Should(ExitCleanly())
 	})

+	It("podman login and logout --compat-auth-file flag handling", func() {
+		// A minimal smoke test
+		compatAuthFile := filepath.Join(podmanTest.TempDir, "config.json")
+		session := podmanTest.Podman([]string{"login", "--username", "podmantest", "--password", "test", "--compat-auth-file", compatAuthFile, server})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(ExitCleanly())
+
+		readAuthInfo(compatAuthFile)
+
+		session = podmanTest.Podman([]string{"logout", "--compat-auth-file", compatAuthFile, server})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(ExitCleanly())
+
+		// logout should fail with nonexistent authfile
+		session = podmanTest.Podman([]string{"logout", "--compat-auth-file", "/tmp/nonexistent", server})
+		session.WaitWithDefaultTimeout()
+		Expect(session).To(ExitWithError())
+		Expect(session.ErrorToString()).To(Equal("Error: credential file is not accessible: stat /tmp/nonexistent: no such file or directory"))
+
+		// inconsistent command line flags are rejected
+		// Pre-create the files to make sure we are not hitting the “file not found” path
+		authFile := filepath.Join(podmanTest.TempDir, "auth.json")
+		err := os.WriteFile(authFile, []byte("{}"), 0o700)
+		Expect(err).ToNot(HaveOccurred())
+		err = os.WriteFile(compatAuthFile, []byte("{}"), 0o700)
+		Expect(err).ToNot(HaveOccurred())
+
+		session = podmanTest.Podman([]string{"login", "--username", "podmantest", "--password", "test",
+			"--authfile", authFile, "--compat-auth-file", compatAuthFile, server})
+		session.WaitWithDefaultTimeout()
+		Expect(session).To(ExitWithError())
+		Expect(session.ErrorToString()).To(Equal("Error: options for paths to the credential file and to the Docker-compatible credential file can not be set simultaneously"))
+
+		session = podmanTest.Podman([]string{"logout", "--authfile", authFile, "--compat-auth-file", compatAuthFile, server})
+		session.WaitWithDefaultTimeout()
+		Expect(session).To(ExitWithError())
+		Expect(session.ErrorToString()).To(Equal("Error: options for paths to the credential file and to the Docker-compatible credential file can not be set simultaneously"))
+	})
+
 	It("podman manifest with --authfile", func() {
 		os.Unsetenv("REGISTRY_AUTH_FILE")

--- a/test/system/150-login.bats
+++ b/test/system/150-login.bats
@ -80,6 +80,17 @@ function setup() {
    is "$output" "{}" "credentials removed from $authfile"
 }

+@test "podman login inconsistent authfiles" {
+    ambiguous_file=${PODMAN_LOGIN_WORKDIR}/ambiguous-auth.json
+    echo '{}' > $ambiguous_file # To make sure we are not hitting the “file not found” path
+
+    run_podman 125 login --authfile "$ambiguous_file" --compat-auth-file "$ambiguous_file" localhost:5000
+    assert "$output" =~ "Error: options for paths to the credential file and to the Docker-compatible credential file can not be set simultaneously"
+
+    run_podman 125 logout --authfile "$ambiguous_file" --compat-auth-file "$ambiguous_file" localhost:5000
+    assert "$output" =~ "Error: options for paths to the credential file and to the Docker-compatible credential file can not be set simultaneously"
+}
+
 # Some push tests
@test "podman push fail" {