Skip to content

Commit

Permalink
Merge pull request #221 from jacobstr/koobz/fix-gcr-sa
Browse files Browse the repository at this point in the history
Fix whitespace handling with gcr service accounts in mind.
  • Loading branch information
ivanilves authored Jun 7, 2020
2 parents b44e208 + e33c4e2 commit 8706a12
Show file tree
Hide file tree
Showing 23 changed files with 1,859 additions and 19 deletions.
34 changes: 18 additions & 16 deletions docker/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,12 @@ package config
import (
"encoding/base64"
"encoding/json"
"errors"
"fmt"
"os"
"strings"

"github.com/ivanilves/lstags/docker/config/credhelper"
"github.com/moby/moby/api/types"

"github.com/ivanilves/lstags/util/fix"
)
Expand Down Expand Up @@ -55,15 +55,19 @@ func (c *Config) GetCredentials(registry string) (string, string, bool) {
}

func getAuthJSONString(username, password string) string {
if username == "_json_key" {
return fmt.Sprintf("%s:%s", username, password)
b, err := json.Marshal(types.AuthConfig{
Username: "_json_key",
Password: password,
})

// Because of the shape of the struct and inputs involved, this should never
// happen. We preserve the non error-propagating API for callers, but want
// some visibility into this that's better than simply swallowing the error.
if err != nil {
panic(err)
}

return fmt.Sprintf(
`{ "username": "%s", "password": "%s" }`,
username,
password,
)
return string(b)
}

// GetRegistryAuth gets per-registry base64 authentication string
Expand Down Expand Up @@ -103,7 +107,7 @@ func Load(fileName string) (*Config, error) {
}

authenticationToken := string(b)
usernameAndPassword := strings.Split(authenticationToken, ":")
usernameAndPassword := strings.SplitN(authenticationToken, ":", 2)

if len(usernameAndPassword) == 2 {
c.usernames[registry] = usernameAndPassword[0]
Expand All @@ -118,13 +122,11 @@ func Load(fileName string) (*Config, error) {

if fileName != DefaultDockerJSON {
errStr := "Invalid auth for Docker registry: %s\nBase64-encoded string is wrong: %s (%s)\n"
return nil, errors.New(
fmt.Sprint(
errStr,
registry,
a.B64Auth,
authenticationToken,
),
return nil, fmt.Errorf(
errStr,
registry,
a.B64Auth,
authenticationToken,
)
}
}
Expand Down
10 changes: 8 additions & 2 deletions docker/config/config_test.go
Original file line number Diff line number Diff line change
@@ -1,15 +1,17 @@
package config

import (
"fmt"
"io/ioutil"
"testing"
)

var configFile = "../../fixtures/docker/config.json"

func TestGetRegistryAuth(t *testing.T) {
examples := map[string]string{
"registry.company.io": "eyAidXNlcm5hbWUiOiAidXNlcjEiLCAicGFzc3dvcmQiOiAicGFzczEiIH0=",
"registry.hub.docker.com": "eyAidXNlcm5hbWUiOiAidXNlcjIiLCAicGFzc3dvcmQiOiAicGFzczIiIH0=",
"registry.company.io": "eyJ1c2VybmFtZSI6Il9qc29uX2tleSIsInBhc3N3b3JkIjoicGFzczEifQ==",
"registry.hub.docker.com": "eyJ1c2VybmFtZSI6Il9qc29uX2tleSIsInBhc3N3b3JkIjoicGFzczIifQ==",
"registry.mindundi.org": "",
}

Expand All @@ -34,9 +36,13 @@ func TestGetRegistryAuth(t *testing.T) {
}

func TestLoad(t *testing.T) {

gcrJSONKey, _ := ioutil.ReadFile("../../fixtures/docker/gcr-serviceaccount.json")

examples := map[string]string{
"registry.company.io": "user1:pass1",
"registry.hub.docker.com": "user2:pass2",
"us.gcr.io": fmt.Sprintf("%s:%s", "_json_key", string(gcrJSONKey)),
}

c, err := Load(configFile)
Expand Down
4 changes: 3 additions & 1 deletion fixtures/docker/config.json
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,9 @@
"registry.hub.docker.com": {
"auth": "dXNlcjI6cGFzczI="
},
"registry.credhelper.com": {
"registry.credhelper.com": {},
"us.gcr.io": {
"auth": "X2pzb25fa2V5OnsKICAidHlwZSI6ICJzZXJ2aWNlX2FjY291bnQiLAogICJwcm9qZWN0X2lkIjogImxzdGFncy1leGFtcGxlIiwKICAicHJpdmF0ZV9rZXlfaWQiOiAibHN0YWdzLWV4YW1wbGUta2V5IiwKICAicHJpdmF0ZV9rZXkiOiAiLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tXG5cbi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS1cbiIsCiAgImNsaWVudF9lbWFpbCI6ICJleGFtcGxlQGV4YW1wbGUuaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20iLAogICJjbGllbnRfeDUwOV9jZXJ0X3VybCI6ICJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9yb2JvdC92MS9tZXRhZGF0YS94NTA5L3Rlc3QlNDBleGFtcGxlLmlhbS5nc2VydmljZWFjY291bnQuY29tIgp9Cg=="
}
}
}
8 changes: 8 additions & 0 deletions fixtures/docker/gcr-serviceaccount.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{
"type": "service_account",
"project_id": "lstags-example",
"private_key_id": "lstags-example-key",
"private_key": "-----BEGIN PRIVATE KEY-----\n\n-----END PRIVATE KEY-----\n",
"client_email": "example@example.iam.gserviceaccount.com",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/test%40example.iam.gserviceaccount.com"
}
22 changes: 22 additions & 0 deletions vendor/github.com/moby/moby/api/types/auth.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 8706a12

Please sign in to comment.