From 86e658a2bc457c3eb394331a78820b5b85c83646 Mon Sep 17 00:00:00 2001 From: Noah Costello <29776732+nmcostello@users.noreply.github.com> Date: Fri, 20 Sep 2024 11:25:21 -0400 Subject: [PATCH] add keychain support for docker desktop on mac --- pkg/authn/keychain.go | 10 ++++++++++ pkg/authn/keychain_test.go | 31 ++++++++++++++++++++++++++----- 2 files changed, 36 insertions(+), 5 deletions(-) diff --git a/pkg/authn/keychain.go b/pkg/authn/keychain.go index f4c452bdc..2dce7f837 100644 --- a/pkg/authn/keychain.go +++ b/pkg/authn/keychain.go @@ -137,6 +137,16 @@ func (dk *defaultKeychain) ResolveContext(ctx context.Context, target Resource) if err != nil { return nil, err } + } else if fileExists(filepath.Join(os.Getenv("HOME"), ".config/containers/auth.json")) { + f, err := os.Open(filepath.Join(os.Getenv("HOME"), ".config/containers/auth.json")) + if err != nil { + return nil, err + } + defer f.Close() + cf, err = config.LoadFromReader(f) + if err != nil { + return nil, err + } } else { return Anonymous, nil } diff --git a/pkg/authn/keychain_test.go b/pkg/authn/keychain_test.go index 5a79db9bf..4ab0472bb 100644 --- a/pkg/authn/keychain_test.go +++ b/pkg/authn/keychain_test.go @@ -110,22 +110,43 @@ func TestPodmanConfig(t *testing.T) { os.Unsetenv("DOCKER_CONFIG") // At first, $DOCKER_CONFIG is unset and $HOME/.docker/config.json isn't - // found, but Podman auth $XDG_RUNTIME_DIR/containers/auth.json is configured. - // This should return Podman's auth $XDG_RUNTIME_DIR/containers/auth.json. + // found, but Podman auth $HOME/.config/containers.auth.json is configured. + // This should return Podman's auth $$HOME/.config/containers.auth.json. + writeConfig(t, filepath.Join(os.Getenv("HOME"), ".config/containers"), "auth.json", + fmt.Sprintf(`{"auths": {"test.io": {"auth": %q}}}`, encode("home-foo", "home-bar"))) + defer func() { os.Remove(filepath.Join(os.Getenv("HOME"), ".config/containers/auth.json")) }() + auth, err := DefaultKeychain.Resolve(testRegistry) + if err != nil { + t.Fatalf("Resolve() = %v", err) + } + got, err := auth.Authorization() + if err != nil { + t.Fatal(err) + } + want := &AuthConfig{ + Username: "home-foo", + Password: "home-bar", + } + if !reflect.DeepEqual(got, want) { + t.Errorf("got %+v, want %+v", got, want) + } + + // Then, configure Podman auth $XDG_RUNTIME_DIR. + // This demonstrates that $XDG_RUNTIME_DIR is preferred over $HOME/.config/containers/auth.json. p := filepath.Join(tmpdir, fmt.Sprintf("%d", fresh)) t.Setenv("XDG_RUNTIME_DIR", p) writeConfig(t, filepath.Join(p, "containers"), "auth.json", fmt.Sprintf(`{"auths": {"test.io": {"auth": %q}}}`, encode("XDG_RUNTIME_DIR-foo", "XDG_RUNTIME_DIR-bar"))) - auth, err := DefaultKeychain.Resolve(testRegistry) + auth, err = DefaultKeychain.Resolve(testRegistry) if err != nil { t.Fatalf("Resolve() = %v", err) } - got, err := auth.Authorization() + got, err = auth.Authorization() if err != nil { t.Fatal(err) } - want := &AuthConfig{ + want = &AuthConfig{ Username: "XDG_RUNTIME_DIR-foo", Password: "XDG_RUNTIME_DIR-bar", }