diff --git a/pkg/registry/client.go b/pkg/registry/client.go index 829f6b494..c75b03970 100644 --- a/pkg/registry/client.go +++ b/pkg/registry/client.go @@ -105,7 +105,12 @@ func NewClient(options ...ClientOption) (*Client, error) { if err != nil { return nil, fmt.Errorf("unable to retrieve credentials: %w", err) } - authHeader(username, password, &headers) + // A blank returned username and password value is a bearer token + if username == "" && password != "" { + headers.Set("Authorization", fmt.Sprintf("Bearer %s", password)) + } else { + headers.Set("Authorization", fmt.Sprintf("Basic %s", basicAuth(username, password))) + } } opts := []auth.ResolverOption{auth.WithResolverHeaders(headers)} diff --git a/pkg/registry/util.go b/pkg/registry/util.go index 6fb1d0cda..ca93297e6 100644 --- a/pkg/registry/util.go +++ b/pkg/registry/util.go @@ -256,22 +256,3 @@ func basicAuth(username, password string) string { auth := username + ":" + password return base64.StdEncoding.EncodeToString([]byte(auth)) } - -// authHeader generates an HTTP authorization header based on the provided -// username and password and sets it in the provided HTTP headers pointer. -// -// If both username and password are empty, no header is set. -// If only the password is provided, a "Bearer" token is created and set in -// the Authorization header. -// If both username and password are provided, a "Basic" authentication token -// is created using the basicAuth function, and set in the Authorization header. -func authHeader(username, password string, headers *http.Header) { - if username == "" && password == "" { - return - } - if username == "" { - headers.Set("Authorization", fmt.Sprintf("Bearer %s", password)) - return - } - headers.Set("Authorization", fmt.Sprintf("Basic %s", basicAuth(username, password))) -} diff --git a/pkg/registry/util_test.go b/pkg/registry/util_test.go index f641801fe..f08c1fef1 100644 --- a/pkg/registry/util_test.go +++ b/pkg/registry/util_test.go @@ -17,7 +17,6 @@ limitations under the License. package registry // import "helm.sh/helm/v3/pkg/registry" import ( - "net/http" "reflect" "testing" "time" @@ -267,49 +266,3 @@ func Test_basicAuth(t *testing.T) { }) } } - -func Test_authHeader(t *testing.T) { - tests := []struct { - name string - username string - password string - expectedHeader http.Header - }{ - { - name: "basic login header with username and password", - username: "admin", - password: "passw0rd", - expectedHeader: func() http.Header { - header := http.Header{} - header.Set("Authorization", "Basic YWRtaW46cGFzc3cwcmQ=") - return header - }(), - }, - { - name: "bearer login header with no username and password", - username: "", - password: "hunter2", - expectedHeader: func() http.Header { - header := http.Header{} - header.Set("Authorization", "Bearer hunter2") - return header - }(), - }, - { - name: "no change in header with neither username nor password", - username: "", - password: "", - expectedHeader: http.Header{}, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - got := &http.Header{} - authHeader(tt.username, tt.password, got) - if !reflect.DeepEqual(*got, tt.expectedHeader) { - t.Errorf("authHeader got %#v wanted %#v", *got, tt.expectedHeader) - } - }) - } -}