containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Don't return a header name from auth.GetCredentials 

Almost every caller is using it only to wrap an error
in exactly the same way, so move that error context into GetCredentials
and simplify the users.

(The one other caller, build, was even wrapping the error incorrectly
talking about query parameters; so let it use the same text as the others.)

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This commit is contained in:
Miloslav Trmač 2021-09-11 22:15:23 +02:00
parent 491951d66e
commit 2aeb690d37
10 changed files with 27 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/api/handlers/compat/images.go
View File

@ -270,9 +270,9 @@ func CreateImageFromImage(w http.ResponseWriter, r *http.Request) {
return return
} }
authConf, authfile, key, err := auth.GetCredentials(r) authConf, authfile, err := auth.GetCredentials(r)
if err != nil { if err != nil {
utils.Error(w, "failed to retrieve repository credentials", http.StatusBadRequest, errors.Wrapf(err, "failed to parse %q header for %s", key, r.URL.String())) utils.Error(w, "failed to retrieve repository credentials", http.StatusBadRequest, err)
return return
} }
defer auth.RemoveAuthfile(authfile) defer auth.RemoveAuthfile(authfile)

4
pkg/api/handlers/compat/images_build.go
View File

@ -453,10 +453,10 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
} }
} }
creds, authfile, key, err := auth.GetCredentials(r) creds, authfile, err := auth.GetCredentials(r)
if err != nil { if err != nil {
// Credential value(s) not returned as their value is not human readable // Credential value(s) not returned as their value is not human readable
utils.BadRequest(w, key.String(), "n/a", err) utils.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest, err)
return return
} }
defer auth.RemoveAuthfile(authfile) defer auth.RemoveAuthfile(authfile)

4
pkg/api/handlers/compat/images_push.go
View File

@ -85,9 +85,9 @@ func PushImage(w http.ResponseWriter, r *http.Request) {
return return
} }
authconf, authfile, key, err := auth.GetCredentials(r) authconf, authfile, err := auth.GetCredentials(r)
if err != nil { if err != nil {
utils.Error(w, "Something went wrong.", http.StatusBadRequest, errors.Wrapf(err, "failed to parse %q header for %s", key, r.URL.String())) utils.Error(w, "Something went wrong.", http.StatusBadRequest, err)
return return
} }
defer auth.RemoveAuthfile(authfile) defer auth.RemoveAuthfile(authfile)

4
pkg/api/handlers/compat/images_search.go
View File

@ -34,9 +34,9 @@ func SearchImages(w http.ResponseWriter, r *http.Request) {
return return
} }
_, authfile, key, err := auth.GetCredentials(r) _, authfile, err := auth.GetCredentials(r)
if err != nil { if err != nil {
utils.Error(w, "failed to retrieve repository credentials", http.StatusBadRequest, errors.Wrapf(err, "failed to parse %q header for %s", key, r.URL.String())) utils.Error(w, "failed to retrieve repository credentials", http.StatusBadRequest, err)
return return
} }
defer auth.RemoveAuthfile(authfile) defer auth.RemoveAuthfile(authfile)

4
pkg/api/handlers/libpod/images.go
View File

@ -497,9 +497,9 @@ func PushImage(w http.ResponseWriter, r *http.Request) {
return return
} }
authconf, authfile, key, err := auth.GetCredentials(r) authconf, authfile, err := auth.GetCredentials(r)
if err != nil { if err != nil {
utils.Error(w, "failed to retrieve repository credentials", http.StatusBadRequest, errors.Wrapf(err, "failed to parse %q header for %s", key, r.URL.String())) utils.Error(w, "failed to retrieve repository credentials", http.StatusBadRequest, err)
return return
} }
defer auth.RemoveAuthfile(authfile) defer auth.RemoveAuthfile(authfile)

4
pkg/api/handlers/libpod/images_pull.go
View File

@ -68,9 +68,9 @@ func ImagesPull(w http.ResponseWriter, r *http.Request) {
} }
// Do the auth dance. // Do the auth dance.
authConf, authfile, key, err := auth.GetCredentials(r) authConf, authfile, err := auth.GetCredentials(r)
if err != nil { if err != nil {
utils.Error(w, "failed to retrieve repository credentials", http.StatusBadRequest, errors.Wrapf(err, "failed to parse %q header for %s", key, r.URL.String())) utils.Error(w, "failed to retrieve repository credentials", http.StatusBadRequest, err)
return return
} }
defer auth.RemoveAuthfile(authfile) defer auth.RemoveAuthfile(authfile)

4
pkg/api/handlers/libpod/manifests.go
View File

@ -176,9 +176,9 @@ func ManifestPush(w http.ResponseWriter, r *http.Request) {
} }
source := utils.GetName(r) source := utils.GetName(r)
authconf, authfile, key, err := auth.GetCredentials(r) authconf, authfile, err := auth.GetCredentials(r)
if err != nil { if err != nil {
utils.Error(w, "failed to retrieve repository credentials", http.StatusBadRequest, errors.Wrapf(err, "failed to parse %q header for %s", key, r.URL.String())) utils.Error(w, "failed to retrieve repository credentials", http.StatusBadRequest, err)
return return
} }
defer auth.RemoveAuthfile(authfile) defer auth.RemoveAuthfile(authfile)

4
pkg/api/handlers/libpod/play.go
View File

@ -86,9 +86,9 @@ func PlayKube(w http.ResponseWriter, r *http.Request) {
utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "error closing temporary file")) utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "error closing temporary file"))
return return
} }
authConf, authfile, key, err := auth.GetCredentials(r) authConf, authfile, err := auth.GetCredentials(r)
if err != nil { if err != nil {
utils.Error(w, "failed to retrieve repository credentials", http.StatusBadRequest, errors.Wrapf(err, "failed to parse %q header for %s", key, r.URL.String())) utils.Error(w, "failed to retrieve repository credentials", http.StatusBadRequest, err)
return return
} }
defer auth.RemoveAuthfile(authfile) defer auth.RemoveAuthfile(authfile)

14
pkg/auth/auth.go
View File

@ -32,17 +32,23 @@ const XRegistryConfigHeader HeaderAuthName = "X-Registry-Config"
// GetCredentials queries the http.Request for X-Registry-.* headers and extracts // GetCredentials queries the http.Request for X-Registry-.* headers and extracts
// the necessary authentication information for libpod operations // the necessary authentication information for libpod operations
func GetCredentials(r *http.Request) (*types.DockerAuthConfig, string, HeaderAuthName, error) { func GetCredentials(r *http.Request) (*types.DockerAuthConfig, string, error) {
has := func(key HeaderAuthName) bool { hdr, found := r.Header[string(key)]; return found && len(hdr) > 0 } has := func(key HeaderAuthName) bool { hdr, found := r.Header[string(key)]; return found && len(hdr) > 0 }
switch { switch {
case has(XRegistryConfigHeader): case has(XRegistryConfigHeader):
c, f, err := getConfigCredentials(r) c, f, err := getConfigCredentials(r)
return c, f, XRegistryConfigHeader, err if err != nil {
return nil, "", errors.Wrapf(err, "failed to parse %q header for %s", XRegistryConfigHeader, r.URL.String())
}
return c, f, nil
case has(XRegistryAuthHeader): case has(XRegistryAuthHeader):
c, f, err := getAuthCredentials(r) c, f, err := getAuthCredentials(r)
return c, f, XRegistryAuthHeader, err if err != nil {
return nil, "", errors.Wrapf(err, "failed to parse %q header for %s", XRegistryAuthHeader, r.URL.String())
} }
return nil, "", "", nil return c, f, nil
}
return nil, "", nil
} }
// getConfigCredentials extracts one or more docker.AuthConfig from the request's // getConfigCredentials extracts one or more docker.AuthConfig from the request's

8
pkg/auth/auth_test.go
View File

@ -104,7 +104,7 @@ func TestHeaderGetCredentialsRoundtrip(t *testing.T) {
req.Header.Set(k, v) req.Header.Set(k, v)
} }
override, resPath, parsedHeader, err := GetCredentials(req) override, resPath, err := GetCredentials(req)
require.NoError(t, err, name) require.NoError(t, err, name)
defer RemoveAuthfile(resPath) defer RemoveAuthfile(resPath)
if tc.expectedOverride == nil { if tc.expectedOverride == nil {
@ -118,12 +118,6 @@ func TestHeaderGetCredentialsRoundtrip(t *testing.T) {
require.NoError(t, err, name) require.NoError(t, err, name)
assert.Equal(t, expectedAuth, auth, "%s, key %s", name, key) assert.Equal(t, expectedAuth, auth, "%s, key %s", name, key)
} }
if len(headers) != 0 {
assert.Len(t, headers, 1)
assert.Equal(t, tc.headerName, parsedHeader)
} else {
assert.Equal(t, HeaderAuthName(""), parsedHeader)
}
} }
} }