Commit Graph

35 Commits

Author SHA1 Message Date
Sascha Grunert a46f798831
pkg: switch to golang native error wrapping
We now use the golang error wrapping format specifier `%w` instead of
the deprecated github.com/pkg/errors package.

[NO NEW TESTS NEEDED]

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
2022-07-08 08:54:47 +02:00
Valentin Rothberg 60e31d87d1 pkg/auth: drop the TODO
It is not a TODO item and if, it should be added to c/image.

Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
2022-05-25 12:33:34 +02:00
Daniel J Walsh 5736649eb8
Run codespell on code
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2022-01-21 09:52:12 -05:00
Jhon Honce 8a7e70919f Refactor manifest list operations
* Update method/function signatures use the manifest list name and
  images associated with the operation explicitly, in general

  func f(ctx context.Context, manifestListName string,
         ImageNames []string, options *fOptions)

* Leverage gorilla/mux Subrouters to support API v3.x and v4.x for
  manifests
* Make manifest API endpoints more RESTful
* Add PUT /manifest/{id} to update existing manifests
* Add manifests.Annotate to go bindings, uncommented unit test
* Add DELETE /manifest/{Id} to remove existing manifest list, use
  PUT /manifest/{id} to remove images from a list
* Deprecated POST /manifest/{id}/add and /manifest/{id}/remove, use
  PUT /manifest/{id} instead
* Corrected swagger godoc and updated to cover API changes
* Update podman manifest commands to use registry.Context()
* Expose utils.GetVar() to obtain query parameters by name
* Unexpose server.registerSwaggerHandlers, not sure why this was ever
  exposed.
* Refactored code to use http.Header instead of map[string]string when
  operating on HTTP headers.
* Add API-Version header support in bindings to allow calling explicate
  versions of the API. Header is _NOT_ forwarded to the API service.

Signed-off-by: Jhon Honce <jhonce@redhat.com>
2022-01-14 16:13:35 -07:00
Miloslav Trmač 5bbcfaf4aa Make XRegistryAuthHeader and XRegistryConfigHeader private
... now that they have no public users.

Also remove the HeaderAuthName type, we don't need the type-safety
so much for private constants, and using plain strings results in
less visual noise.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2021-12-10 18:16:27 +01:00
Miloslav Trmač 3cfefa1248 Remove the authfile parameter of MakeXRegistryAuthHeader
Having a parameter that modifies the provides types.SystemContext
seems rather unexpected and risky to have around - and the only
user of that is actually a no-op, others only provide a nil
SystemContext; so, remove that option and simplify (well, somewhat;
many callers now have extra &types.SystemContext{AuthFilePath}
boilerplate; at least that's consistent with that code carrying
a TODO to create a larger-scope SystemContext).

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2021-12-10 18:16:27 +01:00
Miloslav Trmač f9be326274 Remove the authfile parameter of MakeXRegistryConfigHeader
Having a parameter that modifies the provides types.SystemContext
seems rather unexpected and risky to have around - and the only
user of that is actually a no-op; so, remove that option and simplify.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2021-12-10 18:16:26 +01:00
Miloslav Trmač 935dcbb008 Remove no-longer-useful name variables
which used to contain more context, but now are just
a pointless copy.

Should not change (test) behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2021-12-10 18:16:25 +01:00
Miloslav Trmač 0e29b89753 Consolidate creation of SystemContext with auth.json into a helper
Should not change (test) behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2021-12-10 18:16:25 +01:00
Miloslav Trmač fe1230ef70 Remove pkg/auth.Header
It is no longer used.

Split the existing tests into MakeXRegistryConfigHeader
and MakeXRegistryAuthHeader variants. For now we don't modify
the implementations at all, to make review simpler; cleanups
will follow.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2021-12-10 18:16:24 +01:00
Miloslav Trmač 78dd797520 Turn headerAuth into MakeXRegistryAuthHeader
... which can be called independently.

For now, there are no new callers, to test that the behavior
has not changed.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2021-12-10 18:16:23 +01:00
Miloslav Trmač 8155fb5658 Turn headerConfig into MakeXRegistryConfigHeader
... which can be called independently.

For now, there are no new callers, to test that the behavior
has not changed.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2021-12-10 18:16:22 +01:00
Miloslav Trmač 29f4088713 Move the auth file creation to GetCredentials
This shares the code, and makes getConfigCredentials
and getAuthCredentials side-effect free and possibly easier to test.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2021-12-10 18:16:22 +01:00
Miloslav Trmač 9d56ebb611 Consolidate the error handling path in GetCredentials
We'll share even more code here in the future.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2021-12-10 18:16:21 +01:00
Miloslav Trmač da86a23285 Only look up HTTP header values once in GetCredentials
... and have GetCredentials pass the values down to
getConfigCredentials and getAuthCredentials.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2021-12-10 18:16:21 +01:00
Miloslav Trmač 1589d70bcb Use Header.Values in GetCredentials.has
It's possibly a bit more expensive, but semantically safer
because it does header normalization.

And we'll regain the cost by not looking up the value repeatedly.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2021-12-10 18:16:20 +01:00
Miloslav Trmač 2946e83493 Beautify GetCredentials.has a bit
Use separate lines, and use the provided .String() API.

Should not change behaivor.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2021-12-10 18:16:20 +01:00
Miloslav Trmač 1ecc6ba728 Pass a header value directly to parseSingleAuthHeader and parseMultiAuthHeader
Both have a single caller, so there's no point in looking up
the header value twice.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2021-12-10 18:16:19 +01:00
Miloslav Trmač 6f1a26b04f Simplify parseSingleAuthHeader
In the "no input" case, return a constant instead of
continuing with the decode/convert path, converting empty data.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2021-12-10 18:16:19 +01:00
Miloslav Trmač 7674f2f76b Simplify the interface of parseSingleAuthHeader
Don't create a single-element map only for the only caller
to laboriously extract an element of that map; just return
a single entry.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2021-12-10 18:16:18 +01:00
Miloslav Trmač 2aeb690d37 Don't return a header name from auth.GetCredentials
Almost every caller is using it only to wrap an error
in exactly the same way, so move that error context into GetCredentials
and simplify the users.

(The one other caller, build, was even wrapping the error incorrectly
talking about query parameters; so let it use the same text as the others.)

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2021-12-10 18:16:18 +01:00
Miloslav Trmač 491951d66e Fix normalizeAuthFileKey to use the correct semantics
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2021-12-10 18:16:17 +01:00
Miloslav Trmač 1b6bf97130 Rename normalize and a few variables
... to refer to auth file keys instead of servers and the like.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2021-12-10 18:16:17 +01:00
Miloslav Trmač d29a4a6d17 Add TestHeaderGetCredentialsRoundtrip
... as an end-to-end unit test of the header creation/parsing
code.

Leave the docker.io and docker.io/vendor test cases commented out,
because they are currently failing.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2021-12-10 18:16:15 +01:00
Miloslav Trmač ad7e5e34f2 Add tests for auth.Header
Just a single function that handles all of Header,
headerConfig and headerAuth; we will split that later.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2021-12-10 18:16:14 +01:00
Miloslav Trmač 5a5aa6009f Improve TestAuthConfigsToAuthFile
Remove the created temporary file.

Use more appropriate assertion calls.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2021-12-10 18:09:55 +01:00
Miloslav Trmač ff003928b2 Add unit tests for singleAuthHeader
Also rename it to parseSingleAuthHeader

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2021-12-10 18:09:55 +01:00
Miloslav Trmač b162d8868c Add unit tests for multiAuthHeader
Also rename it to parseMultiAuthHeader.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2021-12-10 18:09:55 +01:00
Daniel J Walsh 1c4e6d8624
standardize logrus messages to upper case
Remove ERROR: Error stutter from logrus messages also.

[ NO TESTS NEEDED] This is just code cleanup.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-09-22 15:29:34 -04:00
Sascha Grunert bbdaf837b1
Normalize auth key before calling `SetAuthentication`
Recent changes in c/image caused the `SetAuthentication` API to be more
restrictive in terms of validating the `key` (`server`) input. To ensure
that manually modified or entries in `~/.docker/config.json` still work,
we now strip the leading `http[s]://` prefix.

Fixes https://github.com/containers/podman/issues/11235

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
2021-09-09 09:17:22 +02:00
Paul Holzinger 78c8a87362 Enable whitespace linter
Use the whitespace linter and fix the reported problems.

[NO TESTS NEEDED]

Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
2021-02-11 23:01:56 +01:00
Milivoje Legenovic c9baa6b93b Accept and ignore 'null' as value for X-Registry-Auth
docker-client is a library written in Java and used in Eclipse to
speak with Docker API. When endpoint /images/search is called,
HTTP header attribute X-Registry-Auth has value "null". This is for
sure wrong but Docker tolerates this value, and call works. With this
patch call works also with Podman. #7857

Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
2021-01-22 18:26:21 +01:00
Jhon Honce 5aead1509c Add X-Registry-Config support
* Refactor auth pkg to support X-Registry-Config
* Refactor build endpoint to support X-Registry-Config. Supports:
  * --creds
  * --authfile
* Added X-Reference-Id Header to http.Request to support log event
  correlation
* Log headers from http.Request

Signed-off-by: Jhon Honce <jhonce@redhat.com>
2020-09-29 08:46:44 -07:00
Daniel J Walsh 526f01cdf5
Fix up errors found by codespell
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-09-11 06:14:25 -04:00
Valentin Rothberg dc80267b59 compat handlers: add X-Registry-Auth header support
* Support the `X-Registry-Auth` http-request header.

 * The content of the header is a base64 encoded JSON payload which can
   either be a single auth config or a map of auth configs (user+pw or
   token) with the corresponding registries being the keys.  Vanilla
   Docker, projectatomic Docker and the bindings are transparantly
   supported.

 * Add a hidden `--registries-conf` flag.  Buildah exposes the same
   flag, mostly for testing purposes.

 * Do all credential parsing in the client (i.e., `cmd/podman`) pass
   the username and password in the backend instead of unparsed
   credentials.

 * Add a `pkg/auth` which handles most of the heavy lifting.

 * Go through the authentication-handling code of most commands, bindings
   and endpoints.  Migrate them to the new code and fix issues as seen.
   A final evaluation and more tests is still required *after* this
   change.

 * The manifest-push endpoint is missing certain parameters and should
   use the ABI function instead.  Adding auth-support isn't really
   possible without these parts working.

 * The container commands and endpoints (i.e., create and run) have not
   been changed yet.  The APIs don't yet account for the authfile.

 * Add authentication tests to `pkg/bindings`.

Fixes: #6384
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2020-05-29 15:39:37 +02:00