From 07814933bb15991cd8d188b41f7bbc0645de9999 Mon Sep 17 00:00:00 2001 From: Chanseok Oh Date: Mon, 11 Mar 2019 11:58:40 -0400 Subject: [PATCH 1/3] Send client_id for OAuth2 registry auth --- .../google/cloud/tools/jib/registry/RegistryAuthenticator.java | 2 +- .../cloud/tools/jib/registry/RegistryAuthenticatorTest.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAuthenticator.java b/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAuthenticator.java index 5070f6d3d0..c21f96e726 100644 --- a/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAuthenticator.java +++ b/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAuthenticator.java @@ -269,7 +269,7 @@ String getAuthRequestParameters(String scope) { String serviceScope = getServiceScopeRequestParameters(scope); return isOAuth2Auth() ? serviceScope - + "&grant_type=refresh_token&refresh_token=" + + "&client_id=jib&grant_type=refresh_token&refresh_token=" // If OAuth2, credential.getPassword() is a refresh token. + Verify.verifyNotNull(credential).getPassword() : serviceScope; diff --git a/jib-core/src/test/java/com/google/cloud/tools/jib/registry/RegistryAuthenticatorTest.java b/jib-core/src/test/java/com/google/cloud/tools/jib/registry/RegistryAuthenticatorTest.java index 43fe8e79f8..43f4b6e495 100644 --- a/jib-core/src/test/java/com/google/cloud/tools/jib/registry/RegistryAuthenticatorTest.java +++ b/jib-core/src/test/java/com/google/cloud/tools/jib/registry/RegistryAuthenticatorTest.java @@ -70,7 +70,7 @@ public void testAuthRequestParameters_oauth2() { registryAuthenticator.setCredential(Credential.basic("", "oauth2_access_token")); Assert.assertEquals( "service=someservice&scope=repository:someimage:scope" - + "&grant_type=refresh_token&refresh_token=oauth2_access_token", + + "&client_id=jib&grant_type=refresh_token&refresh_token=oauth2_access_token", registryAuthenticator.getAuthRequestParameters("scope")); } From 2f60b454dbf28c80c0497b3933a41f7ad4d9a941 Mon Sep 17 00:00:00 2001 From: Chanseok Oh Date: Mon, 11 Mar 2019 13:27:59 -0400 Subject: [PATCH 2/3] Use MD5 hash of "jib" --- .../cloud/tools/jib/registry/RegistryAuthenticator.java | 4 +++- .../cloud/tools/jib/registry/RegistryAuthenticatorTest.java | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAuthenticator.java b/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAuthenticator.java index c21f96e726..ecbc0256e7 100644 --- a/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAuthenticator.java +++ b/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAuthenticator.java @@ -269,7 +269,9 @@ String getAuthRequestParameters(String scope) { String serviceScope = getServiceScopeRequestParameters(scope); return isOAuth2Auth() ? serviceScope - + "&client_id=jib&grant_type=refresh_token&refresh_token=" + // https://github.com/GoogleContainerTools/jib/pull/1545 + + "&client_id=da031fe481a93ac107a95a96462358f9" + + "&grant_type=refresh_token&refresh_token=" // If OAuth2, credential.getPassword() is a refresh token. + Verify.verifyNotNull(credential).getPassword() : serviceScope; diff --git a/jib-core/src/test/java/com/google/cloud/tools/jib/registry/RegistryAuthenticatorTest.java b/jib-core/src/test/java/com/google/cloud/tools/jib/registry/RegistryAuthenticatorTest.java index 43f4b6e495..8fc23307a7 100644 --- a/jib-core/src/test/java/com/google/cloud/tools/jib/registry/RegistryAuthenticatorTest.java +++ b/jib-core/src/test/java/com/google/cloud/tools/jib/registry/RegistryAuthenticatorTest.java @@ -70,7 +70,8 @@ public void testAuthRequestParameters_oauth2() { registryAuthenticator.setCredential(Credential.basic("", "oauth2_access_token")); Assert.assertEquals( "service=someservice&scope=repository:someimage:scope" - + "&client_id=jib&grant_type=refresh_token&refresh_token=oauth2_access_token", + + "&client_id=da031fe481a93ac107a95a96462358f9" + + "&grant_type=refresh_token&refresh_token=oauth2_access_token", registryAuthenticator.getAuthRequestParameters("scope")); } From c42d3b6b4c95e36aaf4ac0c5c3b6675c6b8a667b Mon Sep 17 00:00:00 2001 From: Chanseok Oh Date: Mon, 11 Mar 2019 16:15:30 -0400 Subject: [PATCH 3/3] Put "jib." in client_id --- .../google/cloud/tools/jib/registry/RegistryAuthenticator.java | 2 +- .../cloud/tools/jib/registry/RegistryAuthenticatorTest.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAuthenticator.java b/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAuthenticator.java index ecbc0256e7..1dc690afe9 100644 --- a/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAuthenticator.java +++ b/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAuthenticator.java @@ -270,7 +270,7 @@ String getAuthRequestParameters(String scope) { return isOAuth2Auth() ? serviceScope // https://github.com/GoogleContainerTools/jib/pull/1545 - + "&client_id=da031fe481a93ac107a95a96462358f9" + + "&client_id=jib.da031fe481a93ac107a95a96462358f9" + "&grant_type=refresh_token&refresh_token=" // If OAuth2, credential.getPassword() is a refresh token. + Verify.verifyNotNull(credential).getPassword() diff --git a/jib-core/src/test/java/com/google/cloud/tools/jib/registry/RegistryAuthenticatorTest.java b/jib-core/src/test/java/com/google/cloud/tools/jib/registry/RegistryAuthenticatorTest.java index 8fc23307a7..09f95d8e54 100644 --- a/jib-core/src/test/java/com/google/cloud/tools/jib/registry/RegistryAuthenticatorTest.java +++ b/jib-core/src/test/java/com/google/cloud/tools/jib/registry/RegistryAuthenticatorTest.java @@ -70,7 +70,7 @@ public void testAuthRequestParameters_oauth2() { registryAuthenticator.setCredential(Credential.basic("", "oauth2_access_token")); Assert.assertEquals( "service=someservice&scope=repository:someimage:scope" - + "&client_id=da031fe481a93ac107a95a96462358f9" + + "&client_id=jib.da031fe481a93ac107a95a96462358f9" + "&grant_type=refresh_token&refresh_token=oauth2_access_token", registryAuthenticator.getAuthRequestParameters("scope")); }