Merge pull request #12527 from mattfarina/revert-12237

Revert "fix(main): fix basic auth for helm pull or push"
pull/12530/head
Matt Farina 1 year ago committed by GitHub
commit f3099cdb67
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -96,23 +96,8 @@ func NewClient(options ...ClientOption) (*Client, error) {
return resolver, nil return resolver, nil
} }
} }
headers := http.Header{} headers := http.Header{}
headers.Set("User-Agent", version.GetUserAgent()) headers.Set("User-Agent", version.GetUserAgent())
dockerClient, ok := client.authorizer.(*dockerauth.Client)
if ok {
username, password, err := dockerClient.Credential(ref.Registry)
if err != nil {
return nil, fmt.Errorf("unable to retrieve credentials: %w", err)
}
// A blank returned username and password value is a bearer token
if username == "" && password != "" {
headers.Set("Authorization", fmt.Sprintf("Bearer %s", password))
} else {
headers.Set("Authorization", fmt.Sprintf("Basic %s", basicAuth(username, password)))
}
}
opts := []auth.ResolverOption{auth.WithResolverHeaders(headers)} opts := []auth.ResolverOption{auth.WithResolverHeaders(headers)}
if client.httpClient != nil { if client.httpClient != nil {
opts = append(opts, auth.WithResolverClient(client.httpClient)) opts = append(opts, auth.WithResolverClient(client.httpClient))
@ -144,6 +129,7 @@ func NewClient(options ...ClientOption) (*Client, error) {
if !ok { if !ok {
return registryauth.EmptyCredential, errors.New("unable to obtain docker client") return registryauth.EmptyCredential, errors.New("unable to obtain docker client")
} }
username, password, err := dockerClient.Credential(reg) username, password, err := dockerClient.Credential(reg)
if err != nil { if err != nil {
return registryauth.EmptyCredential, errors.New("unable to retrieve credentials") return registryauth.EmptyCredential, errors.New("unable to retrieve credentials")
@ -607,6 +593,7 @@ func (c *Client) Push(data []byte, ref string, options ...PushOption) (*PushResu
if err := memoryStore.StoreManifest(parsedRef.String(), manifest, manifestData); err != nil { if err := memoryStore.StoreManifest(parsedRef.String(), manifest, manifestData); err != nil {
return nil, err return nil, err
} }
remotesResolver, err := c.resolver(parsedRef) remotesResolver, err := c.resolver(parsedRef)
if err != nil { if err != nil {
return nil, err return nil, err

@ -19,7 +19,6 @@ package registry // import "helm.sh/helm/v3/pkg/registry"
import ( import (
"bytes" "bytes"
"context" "context"
"encoding/base64"
"fmt" "fmt"
"io" "io"
"net/http" "net/http"
@ -246,13 +245,3 @@ func addToMap(inputMap map[string]string, newKey string, newValue string) map[st
return inputMap return inputMap
} }
// See 2 (end of page 4) https://www.ietf.org/rfc/rfc2617.txt
// "To receive authorization, the client sends the userid and password,
// separated by a single colon (":") character, within a base64
// encoded string in the credentials."
// It is not meant to be urlencoded.
func basicAuth(username, password string) string {
auth := username + ":" + password
return base64.StdEncoding.EncodeToString([]byte(auth))
}

@ -238,31 +238,3 @@ func TestGenerateOCICreatedAnnotations(t *testing.T) {
} }
} }
func Test_basicAuth(t *testing.T) {
type args struct {
username string
password string
}
tests := []struct {
name string
args args
want string
}{
{
name: "Basic Auth",
args: args{
username: "admin",
password: "passw0rd",
},
want: "YWRtaW46cGFzc3cwcmQ=",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := basicAuth(tt.args.username, tt.args.password); got != tt.want {
t.Errorf("basicAuth() = %v, want %v", got, tt.want)
}
})
}
}

Loading…
Cancel
Save