From cb78087f2738ab214af739b915e7279b4fcf6aa1 Mon Sep 17 00:00:00 2001 From: Appu Date: Mon, 22 Jun 2020 14:52:45 -0400 Subject: [PATCH 1/4] Temporary fix for registry not having htpassword (#2538) --- .../java/com/google/cloud/tools/jib/registry/LocalRegistry.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jib-core/src/integration-test/java/com/google/cloud/tools/jib/registry/LocalRegistry.java b/jib-core/src/integration-test/java/com/google/cloud/tools/jib/registry/LocalRegistry.java index bb87ab2fc4..d84be897fb 100644 --- a/jib-core/src/integration-test/java/com/google/cloud/tools/jib/registry/LocalRegistry.java +++ b/jib-core/src/integration-test/java/com/google/cloud/tools/jib/registry/LocalRegistry.java @@ -76,7 +76,7 @@ public void start() throws IOException, InterruptedException { "--rm", "--entrypoint", "htpasswd", - "registry:2", + "registry:2.7.0", // TODO: correctly fix this when using latest "-Bbn", username, password) From 38ea51b521fad5ff69ff041fd46f5e0d9cf1a851 Mon Sep 17 00:00:00 2001 From: Chanseok Oh Date: Mon, 22 Jun 2020 15:50:23 -0400 Subject: [PATCH 2/4] Fix NPE when reading "auths" section in ~/.docker/config.json (#2536) --- jib-core/CHANGELOG.md | 2 ++ .../credentials/DockerConfigCredentialRetriever.java | 2 +- .../DockerConfigCredentialRetrieverTest.java | 11 +++++++++++ .../src/test/resources/core/json/dockerconfig.json | 3 ++- jib-gradle-plugin/CHANGELOG.md | 1 + jib-maven-plugin/CHANGELOG.md | 1 + 6 files changed, 18 insertions(+), 2 deletions(-) diff --git a/jib-core/CHANGELOG.md b/jib-core/CHANGELOG.md index 564d1a1aa6..3104ccc909 100644 --- a/jib-core/CHANGELOG.md +++ b/jib-core/CHANGELOG.md @@ -9,6 +9,8 @@ All notable changes to this project will be documented in this file. ### Fixed +- Fixed `NullPointerException` when the `"auths":` section in `~/.docker/config.json` has an entry with no `"auth":` field. ([#2535](https://github.com/GoogleContainerTools/jib/issues/2535)) + ## 0.15.0 ### Added diff --git a/jib-core/src/main/java/com/google/cloud/tools/jib/registry/credentials/DockerConfigCredentialRetriever.java b/jib-core/src/main/java/com/google/cloud/tools/jib/registry/credentials/DockerConfigCredentialRetriever.java index 89318bef0a..50c97929a0 100644 --- a/jib-core/src/main/java/com/google/cloud/tools/jib/registry/credentials/DockerConfigCredentialRetriever.java +++ b/jib-core/src/main/java/com/google/cloud/tools/jib/registry/credentials/DockerConfigCredentialRetriever.java @@ -140,7 +140,7 @@ Optional retrieve(DockerConfig dockerConfig, Consumer logg // Lastly, find defined auth. AuthTemplate auth = dockerConfig.getAuthFor(registryAlias); - if (auth != null) { + if (auth != null && auth.getAuth() != null) { // 'auth' is a basic authentication token that should be parsed back into credentials String usernameColonPassword = new String(Base64.decodeBase64(auth.getAuth()), StandardCharsets.UTF_8); diff --git a/jib-core/src/test/java/com/google/cloud/tools/jib/registry/credentials/DockerConfigCredentialRetrieverTest.java b/jib-core/src/test/java/com/google/cloud/tools/jib/registry/credentials/DockerConfigCredentialRetrieverTest.java index 6fe02af2b8..47803f2de5 100644 --- a/jib-core/src/test/java/com/google/cloud/tools/jib/registry/credentials/DockerConfigCredentialRetrieverTest.java +++ b/jib-core/src/test/java/com/google/cloud/tools/jib/registry/credentials/DockerConfigCredentialRetrieverTest.java @@ -194,4 +194,15 @@ public void testRetrieve_azureIdentityToken() throws IOException, URISyntaxExcep Assert.assertEquals("", credentials.get().getUsername()); Assert.assertEquals("cool identity token", credentials.get().getPassword()); } + + @Test + public void testRetrieve_noErrorWhenMissingAuthField() throws IOException, URISyntaxException { + Path dockerConfigFile = Paths.get(Resources.getResource("core/json/dockerconfig.json").toURI()); + + DockerConfigCredentialRetriever dockerConfigCredentialRetriever = + DockerConfigCredentialRetriever.create("no auth field", dockerConfigFile); + + Optional credentials = dockerConfigCredentialRetriever.retrieve(mockLogger); + Assert.assertFalse(credentials.isPresent()); + } } diff --git a/jib-core/src/test/resources/core/json/dockerconfig.json b/jib-core/src/test/resources/core/json/dockerconfig.json index 00d7673bd1..8df57f4153 100644 --- a/jib-core/src/test/resources/core/json/dockerconfig.json +++ b/jib-core/src/test/resources/core/json/dockerconfig.json @@ -4,7 +4,8 @@ "some registry":{"auth":"c29tZTphdXRo","password":"ignored"}, "https://registry":{"auth":"dG9rZW4="}, - "example.com":{"auth":"should not match example"} + "example.com":{"auth":"should not match example"}, + "no auth field":{} }, "credsStore":"some credential store", "credHelpers":{ diff --git a/jib-gradle-plugin/CHANGELOG.md b/jib-gradle-plugin/CHANGELOG.md index d38ea696b9..1e45ed28c7 100644 --- a/jib-gradle-plugin/CHANGELOG.md +++ b/jib-gradle-plugin/CHANGELOG.md @@ -12,6 +12,7 @@ All notable changes to this project will be documented in this file. ### Fixed - Fixed reporting a wrong credential helper name when the helper does not exist on Windows. ([#2527](https://github.com/GoogleContainerTools/jib/issues/2527)) +- Fixed `NullPointerException` when the `"auths":` section in `~/.docker/config.json` has an entry with no `"auth":` field. ([#2535](https://github.com/GoogleContainerTools/jib/issues/2535)) ## 2.4.0 diff --git a/jib-maven-plugin/CHANGELOG.md b/jib-maven-plugin/CHANGELOG.md index f112cb78a9..b9a9a690d2 100644 --- a/jib-maven-plugin/CHANGELOG.md +++ b/jib-maven-plugin/CHANGELOG.md @@ -12,6 +12,7 @@ All notable changes to this project will be documented in this file. ### Fixed - Fixed reporting a wrong credential helper name when the helper does not exist on Windows. ([#2527](https://github.com/GoogleContainerTools/jib/issues/2527)) +- Fixed `NullPointerException` when the `"auths":` section in `~/.docker/config.json` has an entry with no `"auth":` field. ([#2535](https://github.com/GoogleContainerTools/jib/issues/2535)) ## 2.4.0 From 826b5bbff1192ec3bf411bf4d8a14bf52ad157c4 Mon Sep 17 00:00:00 2001 From: Appu Date: Wed, 24 Jun 2020 14:12:57 -0400 Subject: [PATCH 3/4] Programmatically generate htpasswd file (#2539) * Programmatically generate htpasswd file --- build.gradle | 1 + jib-core/build.gradle | 1 + .../tools/jib/registry/LocalRegistry.java | 19 ++++++------------- 3 files changed, 8 insertions(+), 13 deletions(-) diff --git a/build.gradle b/build.gradle index 4ad75102db..a2908af8bc 100644 --- a/build.gradle +++ b/build.gradle @@ -76,6 +76,7 @@ subprojects { MOCKITO_CORE: '3.2.4', SLF4J_API: '1.7.25', SYSTEM_RULES: '1.19.0', + JBCRYPT: '0.4', ] // Use this to ensure we correctly override transitive dependencies diff --git a/jib-core/build.gradle b/jib-core/build.gradle index 261823e601..96259ee1e4 100644 --- a/jib-core/build.gradle +++ b/jib-core/build.gradle @@ -19,6 +19,7 @@ dependencies { testImplementation "org.mockito:mockito-core:${dependencyVersions.MOCKITO_CORE}" testImplementation "org.slf4j:slf4j-api:${dependencyVersions.SLF4J_API}" testImplementation "com.github.stefanbirkner:system-rules:${dependencyVersions.SYSTEM_RULES}" + testImplementation "org.mindrot:jbcrypt:${dependencyVersions.JBCRYPT}" } jar { diff --git a/jib-core/src/integration-test/java/com/google/cloud/tools/jib/registry/LocalRegistry.java b/jib-core/src/integration-test/java/com/google/cloud/tools/jib/registry/LocalRegistry.java index d84be897fb..14288b8c7b 100644 --- a/jib-core/src/integration-test/java/com/google/cloud/tools/jib/registry/LocalRegistry.java +++ b/jib-core/src/integration-test/java/com/google/cloud/tools/jib/registry/LocalRegistry.java @@ -30,6 +30,7 @@ import java.util.UUID; import javax.annotation.Nullable; import org.junit.rules.ExternalResource; +import org.mindrot.jbcrypt.BCrypt; /** Runs a local registry. */ public class LocalRegistry extends ExternalResource { @@ -68,19 +69,11 @@ public void start() throws IOException, InterruptedException { Arrays.asList( "docker", "run", "--rm", "-d", "-p", port + ":5000", "--name", containerName)); if (username != null && password != null) { - // Generate the htpasswd file to store credentials - String credentialString = - new Command( - "docker", - "run", - "--rm", - "--entrypoint", - "htpasswd", - "registry:2.7.0", // TODO: correctly fix this when using latest - "-Bbn", - username, - password) - .run(); + // Equivalent of "$ htpasswd -nbB username password". + // https://httpd.apache.org/docs/2.4/misc/password_encryptions.html + // BCrypt generates hashes using $2a$ algorithm (instead of $2y$ from docs), but this seems + // to work okay + String credentialString = username + ":" + BCrypt.hashpw(password, BCrypt.gensalt()); // Creates the temporary directory in /tmp since that is one of the default directories // mounted into Docker. // See: https://docs.docker.com/docker-for-mac/osxfs From 34a757b0d64f19c47c60fcb56e705e14c2a4e0c8 Mon Sep 17 00:00:00 2001 From: Appu Date: Wed, 24 Jun 2020 20:10:40 -0400 Subject: [PATCH 4/4] Add jbcrypt dependency where required (#2540) --- jib-core/build.gradle | 3 ++- jib-gradle-plugin/build.gradle | 3 +++ jib-maven-plugin/build.gradle | 2 ++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/jib-core/build.gradle b/jib-core/build.gradle index 96259ee1e4..aa9f01c88a 100644 --- a/jib-core/build.gradle +++ b/jib-core/build.gradle @@ -19,7 +19,8 @@ dependencies { testImplementation "org.mockito:mockito-core:${dependencyVersions.MOCKITO_CORE}" testImplementation "org.slf4j:slf4j-api:${dependencyVersions.SLF4J_API}" testImplementation "com.github.stefanbirkner:system-rules:${dependencyVersions.SYSTEM_RULES}" - testImplementation "org.mindrot:jbcrypt:${dependencyVersions.JBCRYPT}" + + integrationTestImplementation "org.mindrot:jbcrypt:${dependencyVersions.JBCRYPT}" } jar { diff --git a/jib-gradle-plugin/build.gradle b/jib-gradle-plugin/build.gradle index 5387da028f..6d9a218362 100644 --- a/jib-gradle-plugin/build.gradle +++ b/jib-gradle-plugin/build.gradle @@ -42,9 +42,12 @@ dependencies { testImplementation "org.slf4j:slf4j-api:${dependencyVersions.SLF4J_API}" testImplementation "com.github.stefanbirkner:system-rules:${dependencyVersions.SYSTEM_RULES}" + testImplementation project(path:':jib-plugins-common', configuration:'tests') integrationTestImplementation project(path:':jib-core', configuration:'integrationTests') + integrationTestImplementation "org.mindrot:jbcrypt:${dependencyVersions.JBCRYPT}" + // only for testing a concrete Spring Boot example in a test (not for test infrastructure) testImplementation 'org.springframework.boot:spring-boot-gradle-plugin:2.1.6.RELEASE' } diff --git a/jib-maven-plugin/build.gradle b/jib-maven-plugin/build.gradle index d89fe9445c..7b9c3f3693 100644 --- a/jib-maven-plugin/build.gradle +++ b/jib-maven-plugin/build.gradle @@ -37,6 +37,8 @@ dependencies { testImplementation 'org.slf4j:slf4j-api:1.7.30' testImplementation 'org.slf4j:slf4j-simple:1.7.30' + integrationTestImplementation "org.mindrot:jbcrypt:${dependencyVersions.JBCRYPT}" + testImplementation project(path:':jib-plugins-common', configuration:'tests') integrationTestImplementation project(path:':jib-core', configuration:'integrationTests') }