From c9baa6b93b38b96b2b85bfb732c3677f31574ba1 Mon Sep 17 00:00:00 2001 From: Milivoje Legenovic Date: Tue, 19 Jan 2021 23:12:14 +0100 Subject: [PATCH] Accept and ignore 'null' as value for X-Registry-Auth docker-client is a library written in Java and used in Eclipse to speak with Docker API. When endpoint /images/search is called, HTTP header attribute X-Registry-Auth has value "null". This is for sure wrong but Docker tolerates this value, and call works. With this patch call works also with Podman. #7857 Signed-off-by: Milivoje Legenovic --- pkg/auth/auth.go | 8 +++-- test/apiv2/rest_api/test_rest_v2_0_0.py | 46 +++++++++++++++++++++++++ 2 files changed, 52 insertions(+), 2 deletions(-) diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go index fcbf6fe392..86d92c0287 100644 --- a/pkg/auth/auth.go +++ b/pkg/auth/auth.go @@ -297,7 +297,9 @@ func imageAuthToDockerAuth(authConfig types.DockerAuthConfig) dockerAPITypes.Aut func singleAuthHeader(r *http.Request) (map[string]types.DockerAuthConfig, error) { authHeader := r.Header.Get(string(XRegistryAuthHeader)) authConfig := dockerAPITypes.AuthConfig{} - if len(authHeader) > 0 { + // Accept "null" and handle it as empty value for compatibility reason with Docker. + // Some java docker clients pass this value, e.g. this one used in Eclipse. + if len(authHeader) > 0 && authHeader != "null" { authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authHeader)) if err := json.NewDecoder(authJSON).Decode(&authConfig); err != nil { return nil, err @@ -312,7 +314,9 @@ func singleAuthHeader(r *http.Request) (map[string]types.DockerAuthConfig, error // The header content is a map[string]DockerAuthConfigs. func multiAuthHeader(r *http.Request) (map[string]types.DockerAuthConfig, error) { authHeader := r.Header.Get(string(XRegistryAuthHeader)) - if len(authHeader) == 0 { + // Accept "null" and handle it as empty value for compatibility reason with Docker. + // Some java docker clients pass this value, e.g. this one used in Eclipse. + if len(authHeader) == 0 || authHeader == "null" { return nil, nil } diff --git a/test/apiv2/rest_api/test_rest_v2_0_0.py b/test/apiv2/rest_api/test_rest_v2_0_0.py index cc66dd5af4..5676ff65dc 100644 --- a/test/apiv2/rest_api/test_rest_v2_0_0.py +++ b/test/apiv2/rest_api/test_rest_v2_0_0.py @@ -356,6 +356,52 @@ def test_pull(self): self.assertTrue(keys["stream"], "Expected to find stream progress stanza's") def test_search_compat(self): + url = PODMAN_URL + "/v1.40/images/search" + # Had issues with this test hanging when repositories not happy + def do_search1(): + payload = {'term': 'alpine'} + r = requests.get(url, params=payload, timeout=5) + self.assertEqual(r.status_code, 200, r.text) + objs = json.loads(r.text) + self.assertIn(type(objs), (list,)) + + def do_search2(): + payload = {'term': 'alpine', 'limit': 1} + r = requests.get(url, params=payload, timeout=5) + self.assertEqual(r.status_code, 200, r.text) + objs = json.loads(r.text) + self.assertIn(type(objs), (list,)) + self.assertEqual(len(objs), 1) + + def do_search3(): + payload = {'term': 'alpine', 'filters': {'is-official': True}} + r = requests.get(url, params=payload, timeout=5) + self.assertEqual(r.status_code, 200, r.text) + objs = json.loads(r.text) + self.assertIn(type(objs), (list,)) +# TODO: Request should return only one item, but it returns more. For now this check is commented out. +# self.assertEqual(len(objs), 1) + + def do_search4(): + headers = {'X-Registry-Auth': 'null'} + payload = {'term': 'alpine'} + r = requests.get(url, params=payload, headers=headers, timeout=5) + self.assertEqual(r.status_code, 200, r.text) + + def do_search5(): + headers = {'X-Registry-Auth': 'invalid value'} + payload = {'term': 'alpine'} + r = requests.get(url, params=payload, headers=headers, timeout=5) + self.assertEqual(r.status_code, 400, r.text) + + search_methods = [do_search1, do_search2, do_search3, do_search4, do_search5] + for search_method in search_methods: + search = Process(target=search_method) + search.start() + search.join(timeout=10) + self.assertFalse(search.is_alive(), "/images/search took too long") + + def test_search_compat_with_(self): # Had issues with this test hanging when repositories not happy def do_search(): r = requests.get(PODMAN_URL + "/v1.40/images/search?term=alpine", timeout=5)