fix: base64 encoded json service accounts

When encoding json service accounts, the base64 encoded json may contain newlines. These resulted in > 2 elements in the strings.Split. This modification makes the function resilient to differences whitespace within the embedded service account.json. --- drive-by fix to error string generation We're using a formatting string, but not the `f` variant of `Sprint`. --- address linter complaint -> use fmt.Errorf
ivanilves · May 29, 2020 · a10732b · a10732b
1 parent b44e208
commit a10732b
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 10 deletions.
diff --git a/docker/config/config.go b/docker/config/config.go
@@ -3,7 +3,6 @@ package config
 import (
 	"encoding/base64"
 	"encoding/json"
-	"errors"
 	"fmt"
 	"os"
 	"strings"
@@ -103,7 +102,7 @@ func Load(fileName string) (*Config, error) {
 		}
 
 		authenticationToken := string(b)
-		usernameAndPassword := strings.Split(authenticationToken, ":")
+		usernameAndPassword := strings.SplitN(authenticationToken, ":", 2)
 
 		if len(usernameAndPassword) == 2 {
 			c.usernames[registry] = usernameAndPassword[0]
@@ -118,13 +117,11 @@ func Load(fileName string) (*Config, error) {
 
 		if fileName != DefaultDockerJSON {
 			errStr := "Invalid auth for Docker registry: %s\nBase64-encoded string is wrong: %s (%s)\n"
-			return nil, errors.New(
-				fmt.Sprint(
-					errStr,
-					registry,
-					a.B64Auth,
-					authenticationToken,
-				),
+			return nil, fmt.Errorf(
+				errStr,
+				registry,
+				a.B64Auth,
+				authenticationToken,
 			)
 		}
 	}

diff --git a/docker/config/config_test.go b/docker/config/config_test.go
@@ -1,6 +1,8 @@
 package config
 
 import (
+	"fmt"
+	"io/ioutil"
 	"testing"
 )
 
@@ -34,9 +36,13 @@ func TestGetRegistryAuth(t *testing.T) {
 }
 
 func TestLoad(t *testing.T) {
+
+	gcrJSONKey, _ := ioutil.ReadFile("../../fixtures/docker/gcr-serviceaccount.json")
+
 	examples := map[string]string{
 		"registry.company.io":     "user1:pass1",
 		"registry.hub.docker.com": "user2:pass2",
+		"us.gcr.io":               fmt.Sprintf("%s:%s", "_json_key", string(gcrJSONKey)),
 	}
 
 	c, err := Load(configFile)

diff --git a/fixtures/docker/config.json b/fixtures/docker/config.json
@@ -6,7 +6,9 @@
 		"registry.hub.docker.com": {
 			"auth": "dXNlcjI6cGFzczI="
 		},
-		"registry.credhelper.com": {
+		"registry.credhelper.com": {},
+		"us.gcr.io": {
+      "auth": "X2pzb25fa2V5OnsKICAidHlwZSI6ICJzZXJ2aWNlX2FjY291bnQiLAogICJwcm9qZWN0X2lkIjogImxzdGFncy1leGFtcGxlIiwKICAicHJpdmF0ZV9rZXlfaWQiOiAibHN0YWdzLWV4YW1wbGUta2V5IiwKICAicHJpdmF0ZV9rZXkiOiAiLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tXG5cbi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS1cbiIsCiAgImNsaWVudF9lbWFpbCI6ICJleGFtcGxlQGV4YW1wbGUuaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20iLAogICJjbGllbnRfeDUwOV9jZXJ0X3VybCI6ICJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9yb2JvdC92MS9tZXRhZGF0YS94NTA5L3Rlc3QlNDBleGFtcGxlLmlhbS5nc2VydmljZWFjY291bnQuY29tIgp9Cg=="
 		}
 	}
 }
diff --git a/fixtures/docker/gcr-serviceaccount.json b/fixtures/docker/gcr-serviceaccount.json
@@ -0,0 +1,8 @@
+{
+  "type": "service_account",
+  "project_id": "lstags-example",
+  "private_key_id": "lstags-example-key",
+  "private_key": "-----BEGIN PRIVATE KEY-----\n\n-----END PRIVATE KEY-----\n",
+  "client_email": "[email protected]",
+  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/test%40example.iam.gserviceaccount.com"
+}