Skip to content

Commit

Permalink
fix: fallback to URL-path when parsing auth config URL without scheme (
Browse files Browse the repository at this point in the history
  • Loading branch information
p-jahn authored Apr 20, 2024
1 parent e45c2fa commit 2334844
Show file tree
Hide file tree
Showing 2 changed files with 39 additions and 3 deletions.
13 changes: 11 additions & 2 deletions docker_auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,14 @@ import (
"github.com/testcontainers/testcontainers-go/internal/core"
)

// defaultRegistryFn is variable overwritten in tests to check for behaviour with different default values.
var defaultRegistryFn = defaultRegistry

// DockerImageAuth returns the auth config for the given Docker image, extracting first its Docker registry.
// Finally, it will use the credential helpers to extract the information from the docker config file
// for that registry, if it exists.
func DockerImageAuth(ctx context.Context, image string) (string, registry.AuthConfig, error) {
defaultRegistry := defaultRegistry(ctx)
defaultRegistry := defaultRegistryFn(ctx)
reg := core.ExtractRegistry(image, defaultRegistry)

cfgs, err := getDockerAuthConfigs()
Expand All @@ -44,7 +47,13 @@ func getRegistryAuth(reg string, cfgs map[string]registry.AuthConfig) (registry.
continue
}

if keyURL.Host == reg {
host := keyURL.Host
if keyURL.Scheme == "" {
// url.Parse: The url may be relative (a path, without a host) [...]
host = keyURL.Path
}

if host == reg {
return cfg, true
}
}
Expand Down
29 changes: 28 additions & 1 deletion docker_auth_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,34 @@ func TestGetDockerConfig(t *testing.T) {
}`)

registry, cfg, err := DockerImageAuth(context.Background(), imageReg+imagePath)
require.Equal(t, err, dockercfg.ErrCredentialsNotFound)
require.ErrorIs(t, err, dockercfg.ErrCredentialsNotFound)
require.Empty(t, cfg)

assert.Equal(t, imageReg, registry)
})

t.Run("fail to match registry authentication by host with empty URL scheme creds and missing default", func(t *testing.T) {
origDefaultRegistryFn := defaultRegistryFn
t.Cleanup(func() {
defaultRegistryFn = origDefaultRegistryFn
})
defaultRegistryFn = func(ctx context.Context) string {
return ""
}

base64 := "Z29waGVyOnNlY3JldA==" // gopher:secret
imageReg := ""
imagePath := "image:latest"

t.Setenv("DOCKER_AUTH_CONFIG", `{
"auths": {
"example-auth.com": { "username": "gopher", "password": "secret", "auth": "`+base64+`" }
},
"credsStore": "desktop"
}`)

registry, cfg, err := DockerImageAuth(context.Background(), imageReg+imagePath)
require.ErrorIs(t, err, dockercfg.ErrCredentialsNotFound)
require.Empty(t, cfg)

assert.Equal(t, imageReg, registry)
Expand Down

0 comments on commit 2334844

Please sign in to comment.