feat: support anonymous detect registry scheme (#331)

Co-authored-by: qingliu <[email protected]>
katanomi · Dec 9, 2022 · a661831 · a661831
1 parent 05b96cd
commit a661831
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 11 deletions.
diff --git a/apis/artifacts/v1alpha1/registry_types.go b/apis/artifacts/v1alpha1/registry_types.go
@@ -19,6 +19,7 @@ package v1alpha1
 import (
 	"encoding/json"
 	"fmt"
+	"strings"
 )
 
 // ImageConfig define sever and multiple docker credentials related content.
@@ -59,6 +60,7 @@ func GetAuthFromDockerConfigJson(registry string, dockerConfigJsonBytes []byte)
 		return "", "", fmt.Errorf("no auths found")
 	}
 
+	registry = strings.TrimPrefix(strings.TrimPrefix(registry, "http://"), "https://")
 	for _, address := range []string{registry, "http://" + registry, "https://" + registry} {
 		if auth, ok := dockerConfig.Auths[address]; ok {
 			return auth.Username, auth.Password, nil

diff --git a/registry/detect_scheme_by_secret.go b/registry/detect_scheme_by_secret.go
@@ -81,10 +81,11 @@ func (d *RegistrySchemeDetectionBySecret) DetectScheme(ctx context.Context, regi
 		}
 		username, password, err := getDockerAuthFromSecret(registry, secret)
 		if err != nil {
-			log.Infow("failed to get username and password from secret", "error", err)
-			return "", fmt.Errorf("failed to get auth from %s: %w", secretKey.String(), err)
+			log.Debugw("failed to get username and password from secret", "error", err)
+		}
+		if username != "" && password != "" {
+			auths = append(auths, WithBasicAuth(username, password))
 		}
-		auths = append(auths, WithBasicAuth(username, password))
 	}
 
 	return d.DefaultRegistrySchemeDetection.DetectScheme(ctx, registry, auths...)

diff --git a/registry/detect_scheme_by_secret_test.go b/registry/detect_scheme_by_secret_test.go
@@ -156,25 +156,25 @@ var _ = Describe("Test.RegistrySchemeDetectionBySecret", func() {
 			})
 		})
 
-		When("secret type is dockerconfig but not matched", func() {
+		When("secret type is dockerconfig but not matched, no authentication information", func() {
 			BeforeEach(func() {
 				detect = detect.WithSecretRef(ref)
 				Expect(testing.LoadKubeResources("testdata/secret.dockerconfig.yaml", clt)).To(Succeed())
 			})
-			It("should return error", func() {
-				Expect(err).ShouldNot(BeNil())
-				Expect(err.Error()).To(ContainSubstring(`no auth found for registry:`))
+			It("should NOT return error", func() {
+				Expect(err).Should(BeNil())
+				Expect(protocols).Should(Equal("https"))
 			})
 		})
 
-		When("secret type is token", func() {
+		When("secret type is token, no authentication information", func() {
 			BeforeEach(func() {
 				detect = detect.WithSecretRef(ref)
 				Expect(testing.LoadKubeResources("testdata/secret.token.yaml", clt)).To(Succeed())
 			})
-			It("should return error", func() {
-				Expect(err).ShouldNot(BeNil())
-				Expect(err.Error()).To(Equal(`failed to get auth from default/secret-name: unsupported secret type kubernetes.io/service-account-token`))
+			It("should NOT return error", func() {
+				Expect(err).Should(BeNil())
+				Expect(protocols).Should(Equal("https"))
 			})
 		})
 	})