Add support for --compat-auth-file in login/logout

This mostly just inherits the c/common/pkg/auth implementation, except that AuthFilePath and DockerCompatAuthFilePath can not be set simultaneously, so don't unnecessarily explicitly set AuthFilePath. c/common already handles that. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
mtrmac · Nov 17, 2023 · 07fe0ad · 07fe0ad
1 parent b090585
commit 07fe0ad
Show file tree

Hide file tree

Showing 6 changed files with 59 additions and 5 deletions.
diff --git a/cmd/podman/login.go b/cmd/podman/login.go
@@ -96,8 +96,6 @@ func login(cmd *cobra.Command, args []string) error {
 	}
 
 	sysCtx := &types.SystemContext{
-		AuthFilePath:                loginOptions.AuthFile,
-		DockerCertPath:              loginOptions.CertDir,
 		DockerInsecureSkipTLSVerify: skipTLS,
 	}
 	setRegistriesConfPath(sysCtx)

diff --git a/cmd/podman/logout.go b/cmd/podman/logout.go
@@ -48,9 +48,7 @@ func init() {
 
 // Implementation of podman-logout.
 func logout(cmd *cobra.Command, args []string) error {
-	sysCtx := &types.SystemContext{
-		AuthFilePath: logoutOptions.AuthFile,
-	}
+	sysCtx := &types.SystemContext{}
 	setRegistriesConfPath(sysCtx)
 	return auth.Logout(sysCtx, &logoutOptions, args)
 }
diff --git a/docs/source/markdown/podman-login.1.md.in b/docs/source/markdown/podman-login.1.md.in
@@ -32,6 +32,10 @@ For more details about format and configurations of the auth.json file, see cont
 
 @@option cert-dir
 
+#### **--compat-auth-file**=*path*
+
+Instead of updating the default credentials file, update the one at *path*, and use a Docker-compatible format.
+
 #### **--get-login**
 
 Return the logged-in user for the registry.  Return error if no login is found.

diff --git a/docs/source/markdown/podman-logout.1.md.in b/docs/source/markdown/podman-logout.1.md.in
@@ -27,6 +27,10 @@ Remove the cached credentials for all registries in the auth file
 
 @@option authfile
 
+#### **--compat-auth-file**=*path*
+
+Instead of updating the default credentials file, update the one at *path*, and use a Docker-compatible format.
+
 #### **--help**, **-h**
 
 Print usage statement

diff --git a/test/e2e/login_logout_test.go b/test/e2e/login_logout_test.go
@@ -189,6 +189,45 @@ var _ = Describe("Podman login and logout", func() {
 		Expect(session).Should(ExitCleanly())
 	})
 
+	It("podman login and logout --compat-auth-file flag handling", func() {
+		// A minimal smoke test
+		compatAuthFile := filepath.Join(podmanTest.TempDir, "config.json")
+		session := podmanTest.Podman([]string{"login", "--username", "podmantest", "--password", "test", "--compat-auth-file", compatAuthFile, server})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(ExitCleanly())
+
+		readAuthInfo(compatAuthFile)
+
+		session = podmanTest.Podman([]string{"logout", "--compat-auth-file", compatAuthFile, server})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(ExitCleanly())
+
+		// logout should fail with nonexistent authfile
+		session = podmanTest.Podman([]string{"logout", "--compat-auth-file", "/tmp/nonexistent", server})
+		session.WaitWithDefaultTimeout()
+		Expect(session).To(ExitWithError())
+		Expect(session.ErrorToString()).To(Equal("Error: credential file is not accessible: stat /tmp/nonexistent: no such file or directory"))
+
+		// inconsistent command line flags are rejected
+		// Pre-create the files to make sure we are not hitting the “file not found” path
+		authFile := filepath.Join(podmanTest.TempDir, "auth.json")
+		err := os.WriteFile(authFile, []byte("{}"), 0o700)
+		Expect(err).ToNot(HaveOccurred())
+		err = os.WriteFile(compatAuthFile, []byte("{}"), 0o700)
+		Expect(err).ToNot(HaveOccurred())
+
+		session = podmanTest.Podman([]string{"login", "--username", "podmantest", "--password", "test",
+			"--authfile", authFile, "--compat-auth-file", compatAuthFile, server})
+		session.WaitWithDefaultTimeout()
+		Expect(session).To(ExitWithError())
+		Expect(session.ErrorToString()).To(Equal("Error: options for paths to the credential file and to the Docker-compatible credential file can not be set simultaneously"))
+
+		session = podmanTest.Podman([]string{"logout", "--authfile", authFile, "--compat-auth-file", compatAuthFile, server})
+		session.WaitWithDefaultTimeout()
+		Expect(session).To(ExitWithError())
+		Expect(session.ErrorToString()).To(Equal("Error: options for paths to the credential file and to the Docker-compatible credential file can not be set simultaneously"))
+	})
+
 	It("podman manifest with --authfile", func() {
 		os.Unsetenv("REGISTRY_AUTH_FILE")
 

diff --git a/test/system/150-login.bats b/test/system/150-login.bats
@@ -80,6 +80,17 @@ function setup() {
     is "$output" "{}" "credentials removed from $authfile"
 }
 
+@test "podman login inconsistent authfiles" {
+    ambiguous_file=${PODMAN_LOGIN_WORKDIR}/ambiguous-auth.json
+    echo '{}' > $ambiguous_file # To make sure we are not hitting the “file not found” path
+
+    run_podman 125 login --authfile "$ambiguous_file" --compat-auth-file "$ambiguous_file" localhost:5000
+    assert "$output" =~ "Error: options for paths to the credential file and to the Docker-compatible credential file can not be set simultaneously"
+
+    run_podman 125 logout --authfile "$ambiguous_file" --compat-auth-file "$ambiguous_file" localhost:5000
+    assert "$output" =~ "Error: options for paths to the credential file and to the Docker-compatible credential file can not be set simultaneously"
+}
+
 # Some push tests
 @test "podman push fail" {