Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check for Podman's auth.json in DefaultKeychain #1181

Merged
merged 2 commits into from
Nov 16, 2021

Conversation

imjasonh
Copy link
Collaborator

Fixes #1145

This changes authn.DefaultKeychain to always check Podman's preferred auth config location (${XDG_RUNTIME_DIR}/containers/auth.json) for auth configuration first, and only if that file doesn't exist, fallback to using Docker's config.Load and ${DOCKER_CONFIG} to look for the user's registry auth config.

This matches Podman's documented behavior:

The default path for reading and writing credentials is ${XDG_RUNTIME_DIR}/containers/auth.json. Podman will use existing credentials if the user does not pass in a username. Podman will first search for the username and password in the ${XDG_RUNTIME_DIR}/containers/auth.json, if they are not valid, Podman will then use any existing credentials found in $HOME/.docker/config.json.

This may result in a subtle behavior change for users who have auth configured in both locations. Before this change, the Podman config would be ignored completely; after this change, it will be preferred over Docker's preferred location.

@jonjohnsonjr
Copy link
Collaborator

This may result in a subtle behavior change for users who have auth configured in both locations. Before this change, the Podman config would be ignored completely; after this change, it will be preferred over Docker's preferred location.

I think for this reason I'd prefer falling back to podman config rather than falling back to docker config. Any reason to do this order?

@imjasonh
Copy link
Collaborator Author

It was a bit more difficult because config.Load doesn't tell us if the file doesn't exist, but I just did an os.Stat on ${DOCKER_CONFIG}/config.json first and that seems to work.

@imjasonh imjasonh merged commit 309df09 into google:main Nov 16, 2021
imjasonh added a commit to imjasonh/go-containerregistry that referenced this pull request Nov 17, 2021
imjasonh added a commit that referenced this pull request Nov 17, 2021
imjasonh added a commit to imjasonh/go-containerregistry that referenced this pull request Nov 17, 2021
imjasonh added a commit that referenced this pull request Nov 17, 2021
* Revert "Revert "Check for Podman's auth.json in DefaultKeychain (#1181)" (#1184)"

This reverts commit bce5496.

* Attempt 2: Check for Podman's auth in DefaultKeychain

* go mod download in k8schain to pick up the new dep

* remove some debug logging
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

authn: Also consult ~/.config/containers/auth.json for auth config
2 participants