From 7a69f1f54fb2bc0dfc689cb104cba66a7f3e5cf3 Mon Sep 17 00:00:00 2001 From: Jacob Straszynski Date: Tue, 2 Jun 2020 16:17:46 -0700 Subject: [PATCH] fix: remove special _json_key handling The approach of base64 encoding the json-like structure appears to work fine. The shape of the moving parts (username, password) was largely reverse engineered by: 1. Generating a service account with gcr access and saving to `key.json`. 2. `cat key.json | docker login -u _json_key --password-stdin https://gcr.io` 3. `cat `~/.docker/config.json` should now contain somethin like:``` "gcr.io" : { "auth" : "..." } The password should typically itself be a json-encoded service account i.e. the contents of `key.json` above. We've replaced the parent commits sprintf json-encoding by using the upstream types. Note: we're panicking on the error here vs. propagating it. This is partially laziness, the perceived unlikihood, and finally the desire to keep this change set as straightforward as possible. ``` --- docker/config/config.go | 19 ++++++++++++------- docker/config/config_test.go | 4 ++-- vendor/modules.txt | 1 + 3 files changed, 15 insertions(+), 9 deletions(-) diff --git a/docker/config/config.go b/docker/config/config.go index 7fb1130..80efe00 100644 --- a/docker/config/config.go +++ b/docker/config/config.go @@ -8,6 +8,7 @@ import ( "strings" "github.com/ivanilves/lstags/docker/config/credhelper" + "github.com/moby/moby/api/types" "github.com/ivanilves/lstags/util/fix" ) @@ -54,15 +55,19 @@ func (c *Config) GetCredentials(registry string) (string, string, bool) { } func getAuthJSONString(username, password string) string { - if username == "_json_key" { - return fmt.Sprintf("%s:%s", username, password) + b, err := json.Marshal(types.AuthConfig{ + Username: "_json_key", + Password: password, + }) + + // Because of the shape of the struct and inputs involved, this should never + // happen. We preserve the non error-propagating API for callers, but want + // some visibility into this that's better than simply swallowing the error. + if err != nil { + panic(err) } - return fmt.Sprintf( - `{ "username": "%s", "password": "%s" }`, - username, - password, - ) + return string(b) } // GetRegistryAuth gets per-registry base64 authentication string diff --git a/docker/config/config_test.go b/docker/config/config_test.go index 0322f06..b7b21a8 100644 --- a/docker/config/config_test.go +++ b/docker/config/config_test.go @@ -10,8 +10,8 @@ var configFile = "../../fixtures/docker/config.json" func TestGetRegistryAuth(t *testing.T) { examples := map[string]string{ - "registry.company.io": "eyAidXNlcm5hbWUiOiAidXNlcjEiLCAicGFzc3dvcmQiOiAicGFzczEiIH0=", - "registry.hub.docker.com": "eyAidXNlcm5hbWUiOiAidXNlcjIiLCAicGFzc3dvcmQiOiAicGFzczIiIH0=", + "registry.company.io": "eyJ1c2VybmFtZSI6Il9qc29uX2tleSIsInBhc3N3b3JkIjoicGFzczEifQ==", + "registry.hub.docker.com": "eyJ1c2VybmFtZSI6Il9qc29uX2tleSIsInBhc3N3b3JkIjoicGFzczIifQ==", "registry.mindundi.org": "", } diff --git a/vendor/modules.txt b/vendor/modules.txt index 660d745..2406180 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -49,6 +49,7 @@ github.com/mitchellh/copystructure # github.com/mitchellh/reflectwalk v1.0.1 github.com/mitchellh/reflectwalk # github.com/moby/moby v1.13.2-0.20170524085120-eef6495eddab +github.com/moby/moby/api/types github.com/moby/moby/client # github.com/pkg/errors v0.8.1 github.com/pkg/errors