Fix normalizeAuthFileKey to use the correct semantics

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2021-09-11 21:56:40 +02:00 · 2021-09-11 21:56:40 +02:00 · 491951d66e
parent 1b6bf97130
commit 491951d66e
2 changed files with 23 additions and 19 deletions
--- a/pkg/auth/auth.go
+++ b/pkg/auth/auth.go
@ -272,20 +272,24 @@ func authConfigsToAuthFile(authConfigs map[string]types.DockerAuthConfig) (strin
 	return authFilePath, nil
 }

-// normalizeAuthFileKey takes an auth file key and removes the leading "http[s]://" prefix as well
-// as removes path suffixes from docker registries.
+// normalizeAuthFileKey takes an auth file key and converts it into a new-style credential key
+// in the canonical format, as interpreted by c/image/pkg/docker/config.
 func normalizeAuthFileKey(authFileKey string) string {
 	stripped := strings.TrimPrefix(authFileKey, "http://")
 	stripped = strings.TrimPrefix(stripped, "https://")

-	/// Normalize docker registries
-	if strings.HasPrefix(stripped, "index.docker.io/") ||
-		strings.HasPrefix(stripped, "registry-1.docker.io/") ||
-		strings.HasPrefix(stripped, "docker.io/") {
+	if stripped != authFileKey { // URLs are interpreted to mean complete registries
 		stripped = strings.SplitN(stripped, "/", 2)[0]
 	}

-	return stripped
+	// Only non-namespaced registry names (or URLs) need to be normalized; repo namespaces
+	// always use the simple format.
+	switch stripped {
+	case "registry-1.docker.io", "index.docker.io":
+		return "docker.io"
+	default:
+		return stripped
+	}
 }

 // dockerAuthToImageAuth converts a docker auth config to one we're using
--- a/pkg/auth/auth_test.go
+++ b/pkg/auth/auth_test.go
@ -24,10 +24,10 @@ const largeAuthFile = `{"auths":{

 // Semantics of largeAuthFile
 var largeAuthFileValues = map[string]types.DockerAuthConfig{
-	// "docker.io/vendor": {Username: "docker", Password: "vendor"},
-	// "docker.io":        {Username: "docker", Password: "top"},
-	"quay.io/libpod": {Username: "quay", Password: "libpod"},
-	"quay.io":        {Username: "quay", Password: "top"},
+	"docker.io/vendor": {Username: "docker", Password: "vendor"},
+	"docker.io":        {Username: "docker", Password: "top"},
+	"quay.io/libpod":   {Username: "quay", Password: "libpod"},
+	"quay.io":          {Username: "quay", Password: "top"},
 }

 // Test that GetCredentials() correctly parses what Header() produces
@ -260,28 +260,28 @@ func TestAuthConfigsToAuthFile(t *testing.T) {
 			expectedContains: "{}",
 		},
 		{
-			name:             "registry with prefix",
+			name:             "registry with a namespace prefix",
 			server:           "my-registry.local/username",
 			shouldErr:        false,
 			expectedContains: `"my-registry.local/username":`,
 		},
 		{
-			name:             "normalize https:// prefix",
+			name:             "URLs are interpreted as full registries",
 			server:           "http://my-registry.local/username",
 			shouldErr:        false,
-			expectedContains: `"my-registry.local/username":`,
+			expectedContains: `"my-registry.local":`,
 		},
 		{
-			name:             "normalize docker registry with https prefix",
+			name:             "the old-style docker registry URL is normalized",
 			server:           "http://index.docker.io/v1/",
 			shouldErr:        false,
-			expectedContains: `"index.docker.io":`,
+			expectedContains: `"docker.io":`,
 		},
 		{
-			name:             "normalize docker registry without https prefix",
-			server:           "docker.io/v2/",
+			name:             "docker.io vendor namespace",
+			server:           "docker.io/vendor",
 			shouldErr:        false,
-			expectedContains: `"docker.io":`,
+			expectedContains: `"docker.io/vendor":`,
 		},
 	} {
 		configs := map[string]types.DockerAuthConfig{}