[deckhouse-controller] Fix auth data handling in change-registry help…

…er (#7095)

Signed-off-by: Maxim Vasilenko <maksim.vasilenko@flant.com>
Co-authored-by: Maxim Vasilenko <maksim.vasilenko@flant.com>
Signed-off-by: Timur Kamaev <timur.kamaev@flant.com>

.github/ci_templates/tests.yml

@@ -1,6 +1,6 @@
 {!{ define "unit_run_args" }!}
 # <template: unit_run_args>
-args: 'make tests-modules'
+args: 'make tests-controller tests-modules'
 docker_options: '-w /deckhouse -v ${{github.workspace}}:/deckhouse -e "TERM=xterm-256color" -v ~/go-pkg-cache:/go/pkg'
 # <template: unit_run_args>
 {!{- end -}!}

.github/workflows/build-and-test_dev.yml

@@ -929,7 +929,7 @@ jobs:
           echo "⚓️ 📥 [$(date -u)] Pull 'tests' image..."
           docker pull ${TESTS_IMAGE_NAME}
           echo "⚓️ 🏎 [$(date -u)] Run tests..."
-          docker run -w /deckhouse -v ${{github.workspace}}:/deckhouse -e "TERM=xterm-256color" -v ~/go-pkg-cache:/go/pkg ${TESTS_IMAGE_NAME} make tests-modules
+          docker run -w /deckhouse -v ${{github.workspace}}:/deckhouse -e "TERM=xterm-256color" -v ~/go-pkg-cache:/go/pkg ${TESTS_IMAGE_NAME} make tests-controller tests-modules
     # </template: tests_before_build_template>
 
   matrix_tests:

.github/workflows/build-and-test_pre-release.yml

@@ -696,7 +696,7 @@ jobs:
           echo "⚓️ 📥 [$(date -u)] Pull 'tests' image..."
           docker pull ${TESTS_IMAGE_NAME}
           echo "⚓️ 🏎 [$(date -u)] Run tests..."
-          docker run -w /deckhouse -v ${{github.workspace}}:/deckhouse -e "TERM=xterm-256color" -v ~/go-pkg-cache:/go/pkg ${TESTS_IMAGE_NAME} make tests-modules
+          docker run -w /deckhouse -v ${{github.workspace}}:/deckhouse -e "TERM=xterm-256color" -v ~/go-pkg-cache:/go/pkg ${TESTS_IMAGE_NAME} make tests-controller tests-modules
     # </template: tests_before_build_template>
 
   matrix_tests:

.github/workflows/build-and-test_release.yml

@@ -1568,7 +1568,7 @@ jobs:
           echo "⚓️ 📥 [$(date -u)] Pull 'tests' image..."
           docker pull ${TESTS_IMAGE_NAME}
           echo "⚓️ 🏎 [$(date -u)] Run tests..."
-          docker run -w /deckhouse -v ${{github.workspace}}:/deckhouse -e "TERM=xterm-256color" -v ~/go-pkg-cache:/go/pkg ${TESTS_IMAGE_NAME} make tests-modules
+          docker run -w /deckhouse -v ${{github.workspace}}:/deckhouse -e "TERM=xterm-256color" -v ~/go-pkg-cache:/go/pkg ${TESTS_IMAGE_NAME} make tests-controller tests-modules
     # </template: tests_before_build_template>
       # <template: update_comment_on_finish>
       - name: Update comment on finish

Makefile

@@ -124,7 +124,7 @@ bin/gator: bin/gator-${GATOR_VERSION}/gator
 	rm -f bin/gator
 	ln -s /deckhouse/bin/gator-${GATOR_VERSION}/gator bin/gator
 
-.PHONY: tests-modules tests-matrix tests-openapi tests-prometheus
+.PHONY: tests-modules tests-matrix tests-openapi tests-prometheus tests-controller
 tests-modules: ## Run unit tests for modules hooks and templates.
   ##~ Options: FOCUS=module-name
 	go test -timeout=${TESTS_TIMEOUT} -vet=off ${TESTS_PATH}
@@ -136,6 +136,9 @@ tests-matrix: bin/promtool bin/gator ## Test how helm templates are rendered wit
 tests-openapi: ## Run tests against modules openapi values schemas.
 	go test -vet=off ./testing/openapi_cases/
 
+tests-controller: ## Run deckhouse-controller unit tests.
+	go test ./deckhouse-controller/... -v
+
 .PHONY: tests-doc-links
 tests-doc-links: ## Build documentation and run checker of html links.
 	bash tools/doc_check_links.sh

deckhouse-controller/pkg/helpers/change_registry/change_registry.go

@@ -197,14 +197,10 @@ func updateImagePullSecret(ctx context.Context, kubeCl *kclient.KubernetesClient
 }
 
 func newImagePullSecretData(newRepo name.Repository, authConfig authn.AuthConfig, caContent string) (map[string]string, error) {
-	var authCfg authn.AuthConfig
-	if authConfig.Username != "" && authConfig.Password != "" {
-		authCfg.Auth = base64.StdEncoding.EncodeToString([]byte(authConfig.Username + ":" + authConfig.Password))
-	}
 	authConfBytes, err := json.Marshal(
-		map[string]map[string]authn.AuthConfig{
+		map[string]map[string]*dockerCfgAuthEntry{
 			"auths": {
-				newRepo.RegistryStr(): authCfg,
+				newRepo.RegistryStr(): encodeDockerCfgAuthEntryFromAuthConfig(authConfig),
 			},
 		},
 	)
@@ -412,3 +408,21 @@ func authHeaderWithBearer(header http.Header) bool {
 
 	return strings.ToLower(header.Get(wwwAuthHeader)) == bearer
 }
+
+type dockerCfgAuthEntry struct {
+	Username string `json:"username,omitempty"`
+	Password string `json:"password,omitempty"`
+	Auth     string `json:"auth,omitempty"`
+}
+
+func encodeDockerCfgAuthEntryFromAuthConfig(authConfig authn.AuthConfig) *dockerCfgAuthEntry {
+	if authConfig.Username == "" && authConfig.Password == "" && authConfig.Auth == "" {
+		return &dockerCfgAuthEntry{}
+	}
+
+	return &dockerCfgAuthEntry{
+		Username: authConfig.Username,
+		Password: authConfig.Password,
+		Auth:     base64.StdEncoding.EncodeToString([]byte(authConfig.Username + ":" + authConfig.Password)),
+	}
+}

deckhouse-controller/pkg/helpers/change_registry/change_registry_test.go

@@ -143,7 +143,7 @@ func TestNewImagePullSecretData(t *testing.T) {
 			newRepo:   "registry.example.com/deckhouse",
 			caContent: testCaContent,
 			want: map[string]string{
-				".dockerconfigjson": `{"auths":{"registry.example.com":{"auth":"dGVzdDp0ZXN0"}}}`,
+				".dockerconfigjson": `{"auths":{"registry.example.com":{"username":"test","password":"test","auth":"dGVzdDp0ZXN0"}}}`,
 				"address":           "registry.example.com",
 				"path":              "/deckhouse",
 				"scheme":            "https",