Check nonexsit authfile

Signed-off-by: Qi Wang <[email protected]>
containers · Nov 6, 2019 · 156e79e · 156e79e
1 parent fba62fd
commit 156e79e
Show file tree

Hide file tree

Showing 15 changed files with 81 additions and 4 deletions.
diff --git a/cmd/buildah/bud.go b/cmd/buildah/bud.go
@@ -100,6 +100,10 @@ func budCmd(c *cobra.Command, inputArgs []string, iopts budResults) error {
 			tags = tags[1:]
 		}
 	}
+	if err := buildahcli.CheckAuthFile(iopts.BudResults.Authfile); err != nil {
+		return err
+	}
+
 	pullPolicy := imagebuildah.PullNever
 	if iopts.Pull {
 		pullPolicy = imagebuildah.PullIfMissing

diff --git a/cmd/buildah/commit.go b/cmd/buildah/commit.go
@@ -97,6 +97,10 @@ func commitCmd(c *cobra.Command, args []string, iopts commitInputOptions) error
 	if err := buildahcli.VerifyFlagsArgsOrder(args); err != nil {
 		return err
 	}
+	if err := buildahcli.CheckAuthFile(iopts.authfile); err != nil {
+		return err
+	}
+
 	name := args[0]
 	args = Tail(args)
 	if len(args) > 1 {

diff --git a/cmd/buildah/from.go b/cmd/buildah/from.go
@@ -167,6 +167,10 @@ func fromCmd(c *cobra.Command, args []string, iopts fromReply) error {
 		return errors.Errorf("too many arguments specified")
 	}
 
+	if err := buildahcli.CheckAuthFile(iopts.authfile); err != nil {
+		return err
+	}
+
 	systemContext, err := parse.SystemContextFromOptions(c)
 	if err != nil {
 		return errors.Wrapf(err, "error building system context")

diff --git a/cmd/buildah/logout.go b/cmd/buildah/logout.go
@@ -49,6 +49,9 @@ func logoutCmd(c *cobra.Command, args []string, iopts *logoutReply) error {
 	if len(args) == 1 {
 		server = parse.ScrubServer(args[0])
 	}
+	if err := buildahcli.CheckAuthFile(iopts.authfile); err != nil {
+		return err
+	}
 
 	systemContext, err := parse.SystemContextFromOptions(c)
 	if err != nil {

diff --git a/cmd/buildah/manifest.go b/cmd/buildah/manifest.go
@@ -586,6 +586,10 @@ func manifestInspectCmd(c *cobra.Command, args []string, opts manifestInspectOpt
 }
 
 func manifestPushCmd(c *cobra.Command, args []string, opts manifestPushOpts) error {
+	if err := buildahcli.CheckAuthFile(opts.authfile); err != nil {
+		return err
+	}
+
 	listImageSpec := ""
 	destSpec := ""
 	switch len(args) {

diff --git a/cmd/buildah/pull.go b/cmd/buildah/pull.go
@@ -85,6 +85,9 @@ func pullCmd(c *cobra.Command, args []string, iopts pullResults) error {
 	if len(args) > 1 {
 		return errors.Errorf("too many arguments specified")
 	}
+	if err := buildahcli.CheckAuthFile(iopts.authfile); err != nil {
+		return err
+	}
 
 	systemContext, err := parse.SystemContextFromOptions(c)
 	if err != nil {

diff --git a/cmd/buildah/push.go b/cmd/buildah/push.go
@@ -89,6 +89,9 @@ func pushCmd(c *cobra.Command, args []string, iopts pushResults) error {
 	if err := buildahcli.VerifyFlagsArgsOrder(args); err != nil {
 		return err
 	}
+	if err := buildahcli.CheckAuthFile(iopts.authfile); err != nil {
+		return err
+	}
 
 	switch len(args) {
 	case 0:

diff --git a/pkg/cli/common.go b/pkg/cli/common.go
@@ -265,9 +265,15 @@ func VerifyFlagsArgsOrder(args []string) error {
 }
 
 func GetDefaultAuthFile() string {
-	authfile := os.Getenv("REGISTRY_AUTH_FILE")
-	if authfile != "" {
-		return authfile
+	return os.Getenv("REGISTRY_AUTH_FILE")
+}
+
+func CheckAuthFile(authfile string) error {
+	if authfile == "" {
+		return nil
 	}
-	return ""
+	if _, err := os.Stat(authfile); err != nil {
+		return errors.Wrapf(err, "error checking authfile path %s", authfile)
+	}
+	return nil
 }
diff --git a/tests/authenticate.bats b/tests/authenticate.bats
@@ -8,6 +8,14 @@ load helpers
   run_buildah 0 logout docker.io
 }
 
+@test "logout should fail with nonexist authfile" {
+  run_buildah 0 login --username testuserfoo --password testpassword docker.io
+
+  run_buildah 1 logout --authfile /tmp/nonexist docker.io
+
+  run_buildah 0 logout docker.io
+}
+
 @test "from-authenticate-cert-and-creds" {
 
   run_buildah from --pull --name "alpine" --signature-policy ${TESTSDIR}/policy.json alpine

diff --git a/tests/bud.bats b/tests/bud.bats
@@ -1821,3 +1821,8 @@ load helpers
 
   rm -f ${TESTSDIR}/bud/${target}/test*
 }
+
+@test "bud with Containerfile should fail with nonexist authfile" {
+  target=alpine-image
+  run_buildah 1 bud --authfile /tmp/nonexist --signature-policy ${TESTSDIR}/policy.json -t ${target} ${TESTSDIR}/bud/containerfile
+}
diff --git a/tests/commit.bats b/tests/commit.bats
@@ -96,3 +96,11 @@ load helpers
   cid=$(buildah from --pull --signature-policy ${TESTSDIR}/policy.json alpine)
   run_buildah commit --signature-policy ${TESTSDIR}/policy.json $cid
 }
+
+@test "commit should fail with nonexist authfile" {
+  cid=$(buildah from --pull --signature-policy ${TESTSDIR}/policy.json alpine)
+  buildah commit --authfile /tmp/nonexist --signature-policy ${TESTSDIR}/policy.json $cid alpine-image
+  [ "${status}" -ne 0 ]
+  buildah rm $cid
+  buildah rmi -a
+}
diff --git a/tests/from.bats b/tests/from.bats
@@ -345,3 +345,8 @@ load helpers
   run_buildah --log-level=error containers -f id=${cid}
   buildah rm ${cid}
 }
+
+@test "from should fail with nonexist authfil" {
+  buildah from --authfile /tmp/nonexist --pull --signature-policy ${TESTSDIR}/policy.json alpine
+  [ "$status" -ne 0 ]
+}
diff --git a/tests/lists.bats b/tests/lists.bats
@@ -97,6 +97,14 @@ IMAGE_LIST_S390X_INSTANCE_DIGEST=sha256:882a20ee0df7399a445285361d38b711c299ca09
     run_buildah 1 manifest inspect foo
 }
 
+@test "manifest-push should fail with nonexist authfile" {
+    run_buildah manifest create foo
+    run_buildah manifest add --override-arch=arm64 foo ${IMAGE_LIST}
+    run_buildah manifest inspect foo
+    run_buildah 1 manifest push --signature-policy ${TESTSDIR}/policy.json --purge foo dir:${TESTDIR}/pushed
+
+}
+
 @test "manifest-from-tag" {
     run_buildah from --signature-policy ${TESTSDIR}/policy.json --name test-container ${IMAGE_LIST}
     run_buildah inspect --format ''{{.OCIv1.Architecture}}' ${IMAGE_LIST}

diff --git a/tests/pull.bats b/tests/pull.bats
@@ -147,3 +147,7 @@ load helpers
   run_buildah 1 pull --signature-policy ${TESTSDIR}/policy.json --registries-conf ${TESTSDIR}/registries.conf.hub --quiet busybox
   expect_output --substring 'pull from registry at "docker.io" denied by policy: not in allowed registries list'
 }
+
+@test "pull should fail with nonexist authfile" {
+  run_buildah 1 pull --signature-policy ${TESTSDIR}/policy.json alpine
+}
diff --git a/tests/push.bats b/tests/push.bats
@@ -80,6 +80,14 @@ load helpers
   buildah rmi busybox
 }
 
+@test "push should fail with nonexist authfile" {
+  cid=$(buildah from --pull --signature-policy ${TESTSDIR}/policy.json alpine)
+  imageid=$(buildah images -q)
+  run_buildah 1 push --signature-policy ${TESTSDIR}/policy.json --authfile /tmp/nonexsit $imageid dir:my-dir
+  buildah rm "$cid"
+  buildah rmi alpine
+}
+
 @test "push-denied-by-registry-sources" {
   export BUILD_REGISTRY_SOURCES='{"blockedRegistries": ["registry.example.com"]}'