Skip to content

Commit

Permalink
feat: support anonymous detect registry scheme
Browse files Browse the repository at this point in the history
  • Loading branch information
l-qing committed Dec 9, 2022
1 parent 05b96cd commit ff98864
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 11 deletions.
2 changes: 2 additions & 0 deletions apis/artifacts/v1alpha1/registry_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ package v1alpha1
import (
"encoding/json"
"fmt"
"strings"
)

// ImageConfig define sever and multiple docker credentials related content.
Expand Down Expand Up @@ -59,6 +60,7 @@ func GetAuthFromDockerConfigJson(registry string, dockerConfigJsonBytes []byte)
return "", "", fmt.Errorf("no auths found")
}

registry = strings.TrimPrefix(strings.TrimPrefix(registry, "http://"), "https://")
for _, address := range []string{registry, "http://" + registry, "https://" + registry} {
if auth, ok := dockerConfig.Auths[address]; ok {
return auth.Username, auth.Password, nil
Expand Down
7 changes: 4 additions & 3 deletions registry/detect_scheme_by_secret.go
Original file line number Diff line number Diff line change
Expand Up @@ -81,10 +81,11 @@ func (d *RegistrySchemeDetectionBySecret) DetectScheme(ctx context.Context, regi
}
username, password, err := getDockerAuthFromSecret(registry, secret)
if err != nil {
log.Infow("failed to get username and password from secret", "error", err)
return "", fmt.Errorf("failed to get auth from %s: %w", secretKey.String(), err)
log.Debugw("failed to get username and password from secret", "error", err)
}
if username != "" && password != "" {
auths = append(auths, WithBasicAuth(username, password))
}
auths = append(auths, WithBasicAuth(username, password))
}

return d.DefaultRegistrySchemeDetection.DetectScheme(ctx, registry, auths...)
Expand Down
16 changes: 8 additions & 8 deletions registry/detect_scheme_by_secret_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -156,25 +156,25 @@ var _ = Describe("Test.RegistrySchemeDetectionBySecret", func() {
})
})

When("secret type is dockerconfig but not matched", func() {
When("secret type is dockerconfig but not matched, no authentication information", func() {
BeforeEach(func() {
detect = detect.WithSecretRef(ref)
Expect(testing.LoadKubeResources("testdata/secret.dockerconfig.yaml", clt)).To(Succeed())
})
It("should return error", func() {
Expect(err).ShouldNot(BeNil())
Expect(err.Error()).To(ContainSubstring(`no auth found for registry:`))
It("should NOT return error", func() {
Expect(err).Should(BeNil())
Expect(protocols).Should(Equal("https"))
})
})

When("secret type is token", func() {
When("secret type is token, no authentication information", func() {
BeforeEach(func() {
detect = detect.WithSecretRef(ref)
Expect(testing.LoadKubeResources("testdata/secret.token.yaml", clt)).To(Succeed())
})
It("should return error", func() {
Expect(err).ShouldNot(BeNil())
Expect(err.Error()).To(Equal(`failed to get auth from default/secret-name: unsupported secret type kubernetes.io/service-account-token`))
It("should NOT return error", func() {
Expect(err).Should(BeNil())
Expect(protocols).Should(Equal("https"))
})
})
})
Expand Down

0 comments on commit ff98864

Please sign in to comment.