Ignore malformed secrets when creating keychain #1834
Conversation
|
@imjasonh , @jonjohnsonjr wdyt? |
|
This Pull Request is stale because it has been open for 90 days with |
|
It would be great to have a review here 🙏 |
| @@ -186,7 +187,8 @@ func NewFromPullSecrets(ctx context.Context, secrets []corev1.Secret) (authn.Key | |||
| } | |||
| parsed, err := url.Parse(value) | |||
| if err != nil { | |||
| return nil, fmt.Errorf("Entry %q in dockercfg invalid (%w)", value, err) | |||
| logs.Warn.Printf("entry %q in dockercfg secret %s/%s invalid (%s); ignoring", secret.Namespace, secret.Name, value, err) | |||
| continue | |||
There was a problem hiding this comment.
Instead of continuing.
Can we throw an error if none of the secrets work? May be thats a failure mode?
This changes the behavior of the NewFromPullSecrets function to ignore secrets that contain malformed data. This allows processing of the other secrets which may be sufficient for authentication. Resolves google#1833 Signed-off-by: Luiz Carvalho <lucarval@redhat.com>
lcarva
force-pushed
the
ignore-malformed-secrets
branch
from
6701ddb
to
7a717a1
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #1834 +/- ##
=======================================
Coverage 71.67% 71.67%
=======================================
Files 123 123
Lines 9935 9935
=======================================
Hits 7121 7121
Misses 2115 2115
Partials 699 699 ☔ View full report in Codecov by Sentry. |
|
/approve |
|
This Pull Request is stale because it has been open for 90 days with |
|
This Pull Request is stale because it has been open for 90 days with |
|
This Pull Request is stale because it has been open for 90 days with |
This changes the behavior of the NewFromPullSecrets function to ignore secrets that contain malformed data. This allows processing of the other secrets which may be sufficient for authentication.
Resolves #1833.