Update the vendor of containers/common

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2025-09-03 15:46:42 +00:00 · 2022-01-20 13:29:54 -05:00
parent 43726bbc27
commit 923c58a8ee
53 changed files with 1015 additions and 632 deletions
--- a/vendor/github.com/containers/common/pkg/auth/auth.go
+++ b/vendor/github.com/containers/common/pkg/auth/auth.go
@@ -70,13 +70,10 @@ func Login(ctx context.Context, systemContext *types.SystemContext, opts *LoginO
 	systemContext = systemContextWithOptions(systemContext, opts.AuthFile, opts.CertDir)

 	var (
-		authConfig    types.DockerAuthConfig
 		key, registry string
-		ref           reference.Named
 		err           error
 	)
-	l := len(args)
-	switch l {
+	switch len(args) {
 	case 0:
 		if !opts.AcceptUnspecifiedRegistry {
 			return errors.New("please provide a registry to login to")
@@ -88,26 +85,18 @@ func Login(ctx context.Context, systemContext *types.SystemContext, opts *LoginO
 		logrus.Debugf("registry not specified, default to the first registry %q from registries.conf", key)

 	case 1:
-		key, registry, ref, err = parseRegistryArgument(args[0], opts.AcceptRepositories)
+		key, registry, err = parseCredentialsKey(args[0], opts.AcceptRepositories)
 		if err != nil {
 			return err
 		}

 	default:
 		return errors.New("login accepts only one registry to login to")
-
 	}

-	if ref != nil {
-		authConfig, err = config.GetCredentialsForRef(systemContext, ref)
-		if err != nil {
-			return errors.Wrap(err, "get credentials for repository")
-		}
-	} else {
-		authConfig, err = config.GetCredentials(systemContext, registry)
-		if err != nil {
-			return errors.Wrap(err, "get credentials")
-		}
+	authConfig, err := config.GetCredentials(systemContext, key)
+	if err != nil {
+		return errors.Wrap(err, "get credentials")
 	}

 	if opts.GetLoginSet {
@@ -173,39 +162,44 @@ func Login(ctx context.Context, systemContext *types.SystemContext, opts *LoginO
 	return errors.Wrapf(err, "authenticating creds for %q", key)
 }

-// parseRegistryArgument verifies the provided arg depending if we accept
-// repositories or not.
-func parseRegistryArgument(arg string, acceptRepositories bool) (key, registry string, maybeRef reference.Named, err error) {
+// parseCredentialsKey turns the provided argument into a valid credential key
+// and computes the registry part.
+func parseCredentialsKey(arg string, acceptRepositories bool) (key, registry string, err error) {
 	if !acceptRepositories {
 		registry = getRegistryName(arg)
 		key = registry
-		return key, registry, maybeRef, nil
+		return key, registry, nil
 	}

 	key = trimScheme(arg)
 	if key != arg {
-		return key, registry, nil, errors.New("credentials key has https[s]:// prefix")
+		return "", "", errors.New("credentials key has https[s]:// prefix")
 	}

 	registry = getRegistryName(key)
 	if registry == key {
-		// We cannot parse a reference from a registry, so we stop here
-		return key, registry, nil, nil
+		// The key is not namespaced
+		return key, registry, nil
 	}

-	ref, parseErr := reference.ParseNamed(key)
-	if parseErr != nil {
-		return key, registry, nil, errors.Wrapf(parseErr, "parse reference from %q", key)
+	// Sanity-check that the key looks reasonable (e.g. doesn't use invalid characters),
+	// and does not contain a tag or digest.
+	// WARNING: ref.Named() MUST NOT be used to compute key, because
+	// reference.ParseNormalizedNamed() turns docker.io/vendor to docker.io/library/vendor
+	// Ideally c/image should provide dedicated validation functionality.
+	ref, err := reference.ParseNormalizedNamed(key)
+	if err != nil {
+		return "", "", errors.Wrapf(err, "parse reference from %q", key)
 	}
-
 	if !reference.IsNameOnly(ref) {
-		return key, registry, nil, errors.Errorf("reference %q contains tag or digest", ref.String())
+		return "", "", errors.Errorf("reference %q contains tag or digest", ref.String())
+	}
+	refRegistry := reference.Domain(ref)
+	if refRegistry != registry { // This should never happen, check just to make sure
+		return "", "", fmt.Errorf("internal error: key %q registry mismatch, %q vs. %q", key, ref, refRegistry)
 	}

-	maybeRef = ref
-	registry = reference.Domain(ref)
-
-	return key, registry, maybeRef, nil
+	return key, registry, nil
 }

 // getRegistryName scrubs and parses the input to get the server name
@@ -271,15 +265,23 @@ func Logout(systemContext *types.SystemContext, opts *LogoutOptions, args []stri
 	}
 	systemContext = systemContextWithOptions(systemContext, opts.AuthFile, "")

+	if opts.All {
+		if len(args) != 0 {
+			return errors.New("--all takes no arguments")
+		}
+		if err := config.RemoveAllAuthentication(systemContext); err != nil {
+			return err
+		}
+		fmt.Fprintln(opts.Stdout, "Removed login credentials for all registries")
+		return nil
+	}
+
 	var (
 		key, registry string
-		ref           reference.Named
 		err           error
 	)
-	if len(args) > 1 {
-		return errors.New("logout accepts only one registry to logout from")
-	}
-	if len(args) == 0 && !opts.All {
+	switch len(args) {
+	case 0:
 		if !opts.AcceptUnspecifiedRegistry {
 			return errors.New("please provide a registry to logout from")
 		}
@@ -288,23 +290,15 @@ func Logout(systemContext *types.SystemContext, opts *LogoutOptions, args []stri
 		}
 		registry = key
 		logrus.Debugf("registry not specified, default to the first registry %q from registries.conf", key)
-	}
-	if len(args) != 0 {
-		if opts.All {
-			return errors.New("--all takes no arguments")
-		}
-		key, registry, ref, err = parseRegistryArgument(args[0], opts.AcceptRepositories)
+
+	case 1:
+		key, registry, err = parseCredentialsKey(args[0], opts.AcceptRepositories)
 		if err != nil {
 			return err
 		}
-	}

-	if opts.All {
-		if err := config.RemoveAllAuthentication(systemContext); err != nil {
-			return err
-		}
-		fmt.Fprintln(opts.Stdout, "Removed login credentials for all registries")
-		return nil
+	default:
+		return errors.New("logout accepts only one registry to logout from")
 	}

 	err = config.RemoveAuthentication(systemContext, key)
@@ -313,17 +307,9 @@ func Logout(systemContext *types.SystemContext, opts *LogoutOptions, args []stri
 		fmt.Fprintf(opts.Stdout, "Removed login credentials for %s\n", key)
 		return nil
 	case config.ErrNotLoggedIn:
-		var authConfig types.DockerAuthConfig
-		if ref != nil {
-			authConfig, err = config.GetCredentialsForRef(systemContext, ref)
-			if err != nil {
-				return errors.Wrap(err, "get credentials for repository")
-			}
-		} else {
-			authConfig, err = config.GetCredentials(systemContext, registry)
-			if err != nil {
-				return errors.Wrap(err, "get credentials")
-			}
+		authConfig, err := config.GetCredentials(systemContext, key)
+		if err != nil {
+			return errors.Wrap(err, "get credentials")
 		}

 		authInvalid := docker.CheckAuth(context.Background(), systemContext, authConfig.Username, authConfig.Password, registry)