-
Notifications
You must be signed in to change notification settings - Fork 41.2k
DockerRegistryConfigAuthentication does not align with Docker CLI #45292
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
Conversation
Signed-off-by: Dmytro Nosan <dimanosan@gmail.com>
@@ -134,10 +132,10 @@ private Credential computeCredentialsFromHelper(String serverUrl) { | |||
|
|||
private CredentialHelper getCredentialHelper(String serverUrl) { | |||
String name = this.dockerConfig.getCredHelpers().getOrDefault(serverUrl, this.dockerConfig.getCredsStore()); | |||
return (name != null) ? this.credentialHelperFactory.apply(name.trim()) : null; | |||
return (StringUtils.hasLength(name)) ? this.credentialHelperFactory.apply(name) : null; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Docker CLI does not Trim
the helper name:
func (configFile *ConfigFile) GetCredentialsStore(registryHostname string) credentials.Store {
if helper := getConfiguredCredentialStore(configFile, registryHostname); helper != "" {
return newNativeStore(configFile, helper)
}
return credentials.NewFileStore(configFile)
}
// var for unit testing.
var newNativeStore = func(configFile *ConfigFile, helperSuffix string) credentials.Store {
return credentials.NewNativeStore(configFile, helperSuffix)
}
func NewNativeStore(file store, helperSuffix string) Store {
name := remoteCredentialsPrefix + helperSuffix
return &nativeStore{
programFunc: client.NewShellProgramFunc(name),
fileStore: NewFileStore(file),
}
}
I think trim()
here looks logical, I can't imagine that credential helper would have whitespaces.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've verified this today once again with the following JSON
{
"credHelpers": {
"662409547778.dkr.ecr.eu-central-1.amazonaws.com": " ecr-login "
}
}
And indeed, Docker CLI does not trim the helper; it fails to use the helper and falls back to basic auth.
The push refers to repository [662409547778.dkr.ecr.eu-central-1.amazonaws.com/gh-44633]
1dc94a70dbaa: Preparing
f11551f94b2b: Preparing
7130a16bceef: Preparing
41ee45b75d9f: Preparing
97d38fb9a19d: Preparing
508c281dc5cd: Preparing
09173eaeddc8: Waiting
1a6d2f237874: Waiting
c059b6f20445: Waiting
cdd4575ae9b3: Waiting
f0e9078fd509: Waiting
109d6909a2e0: Waiting
417e5bfc3c82: Waiting
a838c55de6ff: Waiting
bea0a3dc2651: Waiting
9c1f69b4e68a: Waiting
0560872d3bba: Waiting
e7cd92e3f4c6: Waiting
95305ea8b76a: Waiting
5953c33dbcf5: Waiting
no basic auth credentials
Everything worked fine when I removed any leading and trailing whitespace from a helper.
{
"credHelpers": {
"662409547778.dkr.ecr.eu-central-1.amazonaws.com": "ecr-login"
}
}
The push refers to repository [662409547778.dkr.ecr.eu-central-1.amazonaws.com/gh-44633]
1dc94a70dbaa: Pushed
f11551f94b2b: Pushed
7130a16bceef: Pushed
41ee45b75d9f: Pushed
97d38fb9a19d: Pushed
508c281dc5cd: Pushed
09173eaeddc8: Pushed
1a6d2f237874: Pushed
c059b6f20445: Pushed
cdd4575ae9b3: Pushed
f0e9078fd509: Pushed
109d6909a2e0: Pushed
417e5bfc3c82: Pushed
a838c55de6ff: Pushed
bea0a3dc2651: Pushed
9c1f69b4e68a: Pushed
0560872d3bba: Pushed
e7cd92e3f4c6: Pushed
95305ea8b76a: Pushed
5953c33dbcf5: Pushed
latest: digest: sha256:65a43497ecee869b28f7a93b7b6f638e42c2fe91ecff395dc2fbedddd0b7f260 size: 4500
They appear to use the configurations provided by users as they are, except the ""
string, which is the default value for the string type in Go.
See gh-45292 Signed-off-by: Dmytro Nosan <dimanosan@gmail.com>
Thanks @nosan ! |
No description provided.