Default keychain looks also into $HOME/.config/containers/auth.json

google · Nov 18, 2024 · 809d53b · 809d53b
1 parent 6bce25e
commit 809d53b
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 5 deletions.
diff --git a/pkg/authn/keychain.go b/pkg/authn/keychain.go
@@ -137,6 +137,16 @@ func (dk *defaultKeychain) ResolveContext(_ context.Context, target Resource) (A
 		if err != nil {
 			return nil, err
 		}
+	} else if fileExists(filepath.Join(home, ".config/containers/auth.json")) {
+		f, err := os.Open(filepath.Join(home, ".config/containers/auth.json"))
+		if err != nil {
+			return nil, err
+		}
+		defer f.Close()
+		cf, err = config.LoadFromReader(f)
+		if err != nil {
+			return nil, err
+		}
 	} else {
 		return Anonymous, nil
 	}

diff --git a/pkg/authn/keychain_test.go b/pkg/authn/keychain_test.go
@@ -110,22 +110,44 @@ func TestPodmanConfig(t *testing.T) {
 
 	os.Unsetenv("DOCKER_CONFIG")
 	// At first, $DOCKER_CONFIG is unset and $HOME/.docker/config.json isn't
-	// found, but Podman auth $XDG_RUNTIME_DIR/containers/auth.json is configured.
-	// This should return Podman's auth $XDG_RUNTIME_DIR/containers/auth.json.
+	// found. $XDG_RUNTIME_DIR is unset too to simulate macOS/Windows environment
+	// This should return Podman's auth $HOME/.config/containers/auth.json.
+	writeConfig(t, filepath.Join(os.Getenv("HOME"), ".config", "containers"), "auth.json",
+		fmt.Sprintf(`{"auths": {"test.io": {"auth": %q}}}`,
+			encode("DEFAULT-MAC-WIN-foo", "DEFAULT-MAC-WIN-bar")))
+	defer func() { os.Remove(filepath.Join(os.Getenv("HOME"), ".config/containers/auth.json")) }()
+	auth, err := DefaultKeychain.Resolve(testRegistry)
+	if err != nil {
+		t.Fatalf("Resolve() = %v", err)
+	}
+	got, err := auth.Authorization()
+	if err != nil {
+		t.Fatal(err)
+	}
+	want := &AuthConfig{
+		Username: "DEFAULT-MAC-WIN-foo",
+		Password: "DEFAULT-MAC-WIN-bar",
+	}
+	if !reflect.DeepEqual(got, want) {
+		t.Errorf("got %+v, want %+v", got, want)
+	}
+
+	// Then, XDG_RUNTIME_DIR is populated, to simulate a Linux environment,
+	// and Podman auth $XDG_RUNTIME_DIR/containers/auth.json is configured.
 	p := filepath.Join(tmpdir, fmt.Sprintf("%d", fresh))
 	t.Setenv("XDG_RUNTIME_DIR", p)
 	writeConfig(t, filepath.Join(p, "containers"), "auth.json",
 		fmt.Sprintf(`{"auths": {"test.io": {"auth": %q}}}`,
 			encode("XDG_RUNTIME_DIR-foo", "XDG_RUNTIME_DIR-bar")))
-	auth, err := DefaultKeychain.Resolve(testRegistry)
+	auth, err = DefaultKeychain.Resolve(testRegistry)
 	if err != nil {
 		t.Fatalf("Resolve() = %v", err)
 	}
-	got, err := auth.Authorization()
+	got, err = auth.Authorization()
 	if err != nil {
 		t.Fatal(err)
 	}
-	want := &AuthConfig{
+	want = &AuthConfig{
 		Username: "XDG_RUNTIME_DIR-foo",
 		Password: "XDG_RUNTIME_DIR-bar",
 	}