Skip to content

DockerRegistryConfigAuthentication does not align with Docker CLI #45292

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

DockerRegistryConfigAuthentication does not align with Docker CLI #45292

wants to merge 1 commit into from

Conversation

nosan
Copy link
Contributor

@nosan nosan commented Apr 25, 2025

No description provided.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Apr 25, 2025
@nosan
Align DockerRegistryConfigAuthentication with Docker CLI
c04d39c 
Signed-off-by: Dmytro Nosan <dimanosan@gmail.com>
nosan
nosan commented Apr 25, 2025
View reviewed changes
...amework/boot/buildpack/platform/docker/configuration/DockerRegistryConfigAuthentication.java
@@ -134,10 +132,10 @@ private Credential computeCredentialsFromHelper(String serverUrl) {

private CredentialHelper getCredentialHelper(String serverUrl) {
String name = this.dockerConfig.getCredHelpers().getOrDefault(serverUrl, this.dockerConfig.getCredsStore());
return (name != null) ? this.credentialHelperFactory.apply(name.trim()) : null;
return (StringUtils.hasLength(name)) ? this.credentialHelperFactory.apply(name) : null;
Copy link
Contributor Author

@nosan nosan Apr 25, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Docker CLI does not Trim the helper name:

func (configFile *ConfigFile) GetCredentialsStore(registryHostname string) credentials.Store {
	if helper := getConfiguredCredentialStore(configFile, registryHostname); helper != "" {
		return newNativeStore(configFile, helper)
	}
	return credentials.NewFileStore(configFile)
}

// var for unit testing.
var newNativeStore = func(configFile *ConfigFile, helperSuffix string) credentials.Store {
	return credentials.NewNativeStore(configFile, helperSuffix)
}


func NewNativeStore(file store, helperSuffix string) Store {
	name := remoteCredentialsPrefix + helperSuffix
	return &nativeStore{
		programFunc: client.NewShellProgramFunc(name),
		fileStore:   NewFileStore(file),
	}
}

I think trim() here looks logical, I can't imagine that credential helper would have whitespaces.

Copy link
Contributor Author

@nosan nosan Apr 26, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've verified this today once again with the following JSON

{
	"credHelpers": {
		"662409547778.dkr.ecr.eu-central-1.amazonaws.com": " ecr-login "
	}
}

And indeed, Docker CLI does not trim the helper; it fails to use the helper and falls back to basic auth.

The push refers to repository [662409547778.dkr.ecr.eu-central-1.amazonaws.com/gh-44633]
1dc94a70dbaa: Preparing
f11551f94b2b: Preparing
7130a16bceef: Preparing
41ee45b75d9f: Preparing
97d38fb9a19d: Preparing
508c281dc5cd: Preparing
09173eaeddc8: Waiting
1a6d2f237874: Waiting
c059b6f20445: Waiting
cdd4575ae9b3: Waiting
f0e9078fd509: Waiting
109d6909a2e0: Waiting
417e5bfc3c82: Waiting
a838c55de6ff: Waiting
bea0a3dc2651: Waiting
9c1f69b4e68a: Waiting
0560872d3bba: Waiting
e7cd92e3f4c6: Waiting
95305ea8b76a: Waiting
5953c33dbcf5: Waiting
no basic auth credentials

Everything worked fine when I removed any leading and trailing whitespace from a helper.

{
	"credHelpers": {
		"662409547778.dkr.ecr.eu-central-1.amazonaws.com": "ecr-login"
	}
}

The push refers to repository [662409547778.dkr.ecr.eu-central-1.amazonaws.com/gh-44633]
1dc94a70dbaa: Pushed
f11551f94b2b: Pushed
7130a16bceef: Pushed
41ee45b75d9f: Pushed
97d38fb9a19d: Pushed
508c281dc5cd: Pushed
09173eaeddc8: Pushed
1a6d2f237874: Pushed
c059b6f20445: Pushed
cdd4575ae9b3: Pushed
f0e9078fd509: Pushed
109d6909a2e0: Pushed
417e5bfc3c82: Pushed
a838c55de6ff: Pushed
bea0a3dc2651: Pushed
9c1f69b4e68a: Pushed
0560872d3bba: Pushed
e7cd92e3f4c6: Pushed
95305ea8b76a: Pushed
5953c33dbcf5: Pushed
latest: digest: sha256:65a43497ecee869b28f7a93b7b6f638e42c2fe91ecff395dc2fbedddd0b7f260 size: 4500

They appear to use the configurations provided by users as they are, except the "" string, which is the default value for the string type in Go.

@philwebb philwebb changed the title Align DockerRegistryConfigAuthentication with Docker CLI DockerRegistryConfigAuthentication does not align with Docker CLI Apr 25, 2025
@philwebb philwebb added type: bug A general bug and removed status: waiting-for-triage An issue we've not yet triaged labels Apr 25, 2025
@philwebb philwebb added this to the 3.5.x milestone Apr 25, 2025
@mhalbritter mhalbritter self-assigned this Apr 29, 2025
mhalbritter pushed a commit that referenced this pull request Apr 29, 2025
@nosan @mhalbritter
Align DockerRegistryConfigAuthentication with Docker CLI
3f22d4b 
See gh-45292

Signed-off-by: Dmytro Nosan <dimanosan@gmail.com>
@mhalbritter
Copy link
Contributor

mhalbritter commented Apr 29, 2025
edited
Loading

Thanks @nosan !

@mhalbritter mhalbritter modified the milestones: 3.5.x, 3.5.0 Apr 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@mhalbritter mhalbritter

Labels
type: bug A general bug
Projects
None yet
Milestone
3.5.0
Development

Successfully merging this pull request may close these issues.
4 participants
@nosan @mhalbritter @philwebb @spring-projects-issues