From a10732b57e42ede3904fb255caa79e2a0610be1a Mon Sep 17 00:00:00 2001 From: Jacob Straszynski Date: Fri, 29 May 2020 15:24:29 -0700 Subject: [PATCH] fix: base64 encoded json service accounts When encoding json service accounts, the base64 encoded json may contain newlines. These resulted in > 2 elements in the strings.Split. This modification makes the function resilient to differences whitespace within the embedded service account.json. --- drive-by fix to error string generation We're using a formatting string, but not the `f` variant of `Sprint`. --- address linter complaint -> use fmt.Errorf --- docker/config/config.go | 15 ++++++--------- docker/config/config_test.go | 6 ++++++ fixtures/docker/config.json | 4 +++- fixtures/docker/gcr-serviceaccount.json | 8 ++++++++ 4 files changed, 23 insertions(+), 10 deletions(-) create mode 100644 fixtures/docker/gcr-serviceaccount.json diff --git a/docker/config/config.go b/docker/config/config.go index b0d5505..7fb1130 100644 --- a/docker/config/config.go +++ b/docker/config/config.go @@ -3,7 +3,6 @@ package config import ( "encoding/base64" "encoding/json" - "errors" "fmt" "os" "strings" @@ -103,7 +102,7 @@ func Load(fileName string) (*Config, error) { } authenticationToken := string(b) - usernameAndPassword := strings.Split(authenticationToken, ":") + usernameAndPassword := strings.SplitN(authenticationToken, ":", 2) if len(usernameAndPassword) == 2 { c.usernames[registry] = usernameAndPassword[0] @@ -118,13 +117,11 @@ func Load(fileName string) (*Config, error) { if fileName != DefaultDockerJSON { errStr := "Invalid auth for Docker registry: %s\nBase64-encoded string is wrong: %s (%s)\n" - return nil, errors.New( - fmt.Sprint( - errStr, - registry, - a.B64Auth, - authenticationToken, - ), + return nil, fmt.Errorf( + errStr, + registry, + a.B64Auth, + authenticationToken, ) } } diff --git a/docker/config/config_test.go b/docker/config/config_test.go index be7603c..0322f06 100644 --- a/docker/config/config_test.go +++ b/docker/config/config_test.go @@ -1,6 +1,8 @@ package config import ( + "fmt" + "io/ioutil" "testing" ) @@ -34,9 +36,13 @@ func TestGetRegistryAuth(t *testing.T) { } func TestLoad(t *testing.T) { + + gcrJSONKey, _ := ioutil.ReadFile("../../fixtures/docker/gcr-serviceaccount.json") + examples := map[string]string{ "registry.company.io": "user1:pass1", "registry.hub.docker.com": "user2:pass2", + "us.gcr.io": fmt.Sprintf("%s:%s", "_json_key", string(gcrJSONKey)), } c, err := Load(configFile) diff --git a/fixtures/docker/config.json b/fixtures/docker/config.json index f781426..1b6806a 100644 --- a/fixtures/docker/config.json +++ b/fixtures/docker/config.json @@ -6,7 +6,9 @@ "registry.hub.docker.com": { "auth": "dXNlcjI6cGFzczI=" }, - "registry.credhelper.com": { + "registry.credhelper.com": {}, + "us.gcr.io": { + "auth": "X2pzb25fa2V5OnsKICAidHlwZSI6ICJzZXJ2aWNlX2FjY291bnQiLAogICJwcm9qZWN0X2lkIjogImxzdGFncy1leGFtcGxlIiwKICAicHJpdmF0ZV9rZXlfaWQiOiAibHN0YWdzLWV4YW1wbGUta2V5IiwKICAicHJpdmF0ZV9rZXkiOiAiLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tXG5cbi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS1cbiIsCiAgImNsaWVudF9lbWFpbCI6ICJleGFtcGxlQGV4YW1wbGUuaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20iLAogICJjbGllbnRfeDUwOV9jZXJ0X3VybCI6ICJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9yb2JvdC92MS9tZXRhZGF0YS94NTA5L3Rlc3QlNDBleGFtcGxlLmlhbS5nc2VydmljZWFjY291bnQuY29tIgp9Cg==" } } } diff --git a/fixtures/docker/gcr-serviceaccount.json b/fixtures/docker/gcr-serviceaccount.json new file mode 100644 index 0000000..6cb1d89 --- /dev/null +++ b/fixtures/docker/gcr-serviceaccount.json @@ -0,0 +1,8 @@ +{ + "type": "service_account", + "project_id": "lstags-example", + "private_key_id": "lstags-example-key", + "private_key": "-----BEGIN PRIVATE KEY-----\n\n-----END PRIVATE KEY-----\n", + "client_email": "example@example.iam.gserviceaccount.com", + "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/test%40example.iam.gserviceaccount.com" +}