From 84df28971722daac0b5a2b6b776a193de8e91cac Mon Sep 17 00:00:00 2001
From: Lars Wander <lwander@google.com>
Date: Sat, 7 Oct 2017 13:33:25 -0400
Subject: [PATCH] chore(provider/docker): Only log trailing whitespace warning
 during failure

---
 .../v2/auth/DockerBearerTokenService.groovy   | 22 +++++++++++++------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/clouddriver-docker/src/main/groovy/com/netflix/spinnaker/clouddriver/docker/registry/api/v2/auth/DockerBearerTokenService.groovy b/clouddriver-docker/src/main/groovy/com/netflix/spinnaker/clouddriver/docker/registry/api/v2/auth/DockerBearerTokenService.groovy
index 8170c2528d8..0c2d9f50f27 100644
--- a/clouddriver-docker/src/main/groovy/com/netflix/spinnaker/clouddriver/docker/registry/api/v2/auth/DockerBearerTokenService.groovy
+++ b/clouddriver-docker/src/main/groovy/com/netflix/spinnaker/clouddriver/docker/registry/api/v2/auth/DockerBearerTokenService.groovy
@@ -32,6 +32,7 @@ class DockerBearerTokenService {
   String username
   String password
   File passwordFile
+  String authWarning
 
   final static String userAgent = DockerUserAgent.getUserAgent()
 
@@ -70,11 +71,11 @@ class DockerBearerTokenService {
     if (resolvedPassword?.length() > 0) {
       def message = "Your registry password has %s whitespace, if this is unintentional authentication will fail."
       if (resolvedPassword.charAt(0).isWhitespace()) {
-        log.warn sprintf(message, ["leading"])
+        authWarning = sprintf(message, ["leading"])
       }
 
       if (resolvedPassword.charAt(resolvedPassword.length() - 1).isWhitespace()) {
-        log.warn sprintf(message, ["trailing"])
+        authWarning = sprintf(message, ["trailing"])
       }
     }
 
@@ -192,11 +193,18 @@ class DockerBearerTokenService {
 
     def tokenService = getTokenService(authenticateDetails.realm)
     def token
-    if (basicAuthHeader) {
-      token = tokenService.getToken(authenticateDetails.path, authenticateDetails.service, authenticateDetails.scope, basicAuthHeader, userAgent)
-    }
-    else {
-      token = tokenService.getToken(authenticateDetails.path, authenticateDetails.service, authenticateDetails.scope, userAgent)
+    try {
+      if (basicAuthHeader) {
+        token = tokenService.getToken(authenticateDetails.path, authenticateDetails.service, authenticateDetails.scope, basicAuthHeader, userAgent)
+      } else {
+        token = tokenService.getToken(authenticateDetails.path, authenticateDetails.service, authenticateDetails.scope, userAgent)
+      }
+    } catch (Exception e) {
+      if (authWarning) {
+        throw new DockerRegistryAuthenticationException("Authentication failed ($authWarning): ${e.getMessage()}", e)
+      } else {
+        throw new DockerRegistryAuthenticationException("Authentication failed: ${e.getMessage()}", e)
+      }
     }
 
     cachedTokens[repository] = token