Add support for --compat-auth-file in login/logout

This mostly just inherits the c/common/pkg/auth implementation, except that AuthFilePath and DockerCompatAuthFilePath can not be set simultaneously, so don't unnecessarily explicitly set AuthFilePath. c/common already handles that. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2025-12-09 15:19:35 +08:00 · 2023-11-07 20:41:09 +01:00
parent a3d5814e0e
commit d0b32255e4
6 changed files with 59 additions and 5 deletions
--- a/test/e2e/login_logout_test.go
+++ b/test/e2e/login_logout_test.go
@@ -189,6 +189,45 @@ var _ = Describe("Podman login and logout", func() {
 		Expect(session).Should(ExitCleanly())
 	})

+	It("podman login and logout --compat-auth-file flag handling", func() {
+		// A minimal smoke test
+		compatAuthFile := filepath.Join(podmanTest.TempDir, "config.json")
+		session := podmanTest.Podman([]string{"login", "--username", "podmantest", "--password", "test", "--compat-auth-file", compatAuthFile, server})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(ExitCleanly())
+
+		readAuthInfo(compatAuthFile)
+
+		session = podmanTest.Podman([]string{"logout", "--compat-auth-file", compatAuthFile, server})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(ExitCleanly())
+
+		// logout should fail with nonexistent authfile
+		session = podmanTest.Podman([]string{"logout", "--compat-auth-file", "/tmp/nonexistent", server})
+		session.WaitWithDefaultTimeout()
+		Expect(session).To(ExitWithError())
+		Expect(session.ErrorToString()).To(Equal("Error: credential file is not accessible: stat /tmp/nonexistent: no such file or directory"))
+
+		// inconsistent command line flags are rejected
+		// Pre-create the files to make sure we are not hitting the “file not found” path
+		authFile := filepath.Join(podmanTest.TempDir, "auth.json")
+		err := os.WriteFile(authFile, []byte("{}"), 0o700)
+		Expect(err).ToNot(HaveOccurred())
+		err = os.WriteFile(compatAuthFile, []byte("{}"), 0o700)
+		Expect(err).ToNot(HaveOccurred())
+
+		session = podmanTest.Podman([]string{"login", "--username", "podmantest", "--password", "test",
+			"--authfile", authFile, "--compat-auth-file", compatAuthFile, server})
+		session.WaitWithDefaultTimeout()
+		Expect(session).To(ExitWithError())
+		Expect(session.ErrorToString()).To(Equal("Error: options for paths to the credential file and to the Docker-compatible credential file can not be set simultaneously"))
+
+		session = podmanTest.Podman([]string{"logout", "--authfile", authFile, "--compat-auth-file", compatAuthFile, server})
+		session.WaitWithDefaultTimeout()
+		Expect(session).To(ExitWithError())
+		Expect(session.ErrorToString()).To(Equal("Error: options for paths to the credential file and to the Docker-compatible credential file can not be set simultaneously"))
+	})
+
 	It("podman manifest with --authfile", func() {
 		os.Unsetenv("REGISTRY_AUTH_FILE")

--- a/test/system/150-login.bats
+++ b/test/system/150-login.bats
@@ -80,6 +80,17 @@ function setup() {
    is "$output" "{}" "credentials removed from $authfile"
 }

+@test "podman login inconsistent authfiles" {
+    ambiguous_file=${PODMAN_LOGIN_WORKDIR}/ambiguous-auth.json
+    echo '{}' > $ambiguous_file # To make sure we are not hitting the “file not found” path
+
+    run_podman 125 login --authfile "$ambiguous_file" --compat-auth-file "$ambiguous_file" localhost:5000
+    assert "$output" =~ "Error: options for paths to the credential file and to the Docker-compatible credential file can not be set simultaneously"
+
+    run_podman 125 logout --authfile "$ambiguous_file" --compat-auth-file "$ambiguous_file" localhost:5000
+    assert "$output" =~ "Error: options for paths to the credential file and to the Docker-compatible credential file can not be set simultaneously"
+}
+
 # Some push tests
@test "podman push fail" {