Skip to content

Commit

Permalink
fix: panic when image pull secret cannot be parsed (aquasecurity#764)
Browse files Browse the repository at this point in the history
Indicate which secret cannot be parsed and why:

    error: reading .dockerconfigjson field of "default/regcred" secret:
    expected username and password concatenated with a colon (:)

Resolves: aquasecurity#751

Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
  • Loading branch information
danielpacak authored Oct 22, 2021
1 parent 9c25045 commit 8944e54
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 1 deletion.
3 changes: 3 additions & 0 deletions pkg/docker/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,9 @@ func (v *BasicAuth) Decode() (string, string, error) {
return "", "", err
}
split := strings.Split(string(bytes), ":")
if len(split) != 2 {
return "", "", fmt.Errorf("expected username and password concatenated with a colon (:)")
}
return split[0], split[1], nil
}

Expand Down
11 changes: 11 additions & 0 deletions pkg/docker/config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,17 @@ func TestConfig_Read(t *testing.T) {
},
},
},
{
name: "Should return error when auth is not username and password concatenated with a colon",
givenJSON: `{
"auths": {
"my-registry.domain.io": {
"auth": "b25seXVzZXJuYW1l"
}
}
}`,
expectedError: errors.New("expected username and password concatenated with a colon (:)"),
},
}

for _, tc := range testCases {
Expand Down
2 changes: 1 addition & 1 deletion pkg/kube/secrets.go
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ func MapDockerRegistryServersToAuths(imagePullSecrets []corev1.Secret) (map[stri
dockerConfig := &docker.Config{}
err := dockerConfig.Read(data)
if err != nil {
return nil, fmt.Errorf("reading content of %s: %w", corev1.DockerConfigJsonKey, err)
return nil, fmt.Errorf("reading %s field of %q secret: %w", corev1.DockerConfigJsonKey, secret.Namespace+"/"+secret.Name, err)
}
for authKey, auth := range dockerConfig.Auths {
server, err := docker.GetServerFromDockerAuthKey(authKey)
Expand Down

0 comments on commit 8944e54

Please sign in to comment.