Revert "fix(main): fix basic auth for helm pull or push"

This reverts commit 4a27baa. Note, PR #11129 was layered in along with this change so the revert preserves this API addition. Signed-off-by: Matt Farina <matt.farina@suse.com> (cherry picked from commit 24e2864)
helm · Nov 8, 2023 · e785e6c · e785e6c
1 parent 268dced
commit e785e6c
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 54 deletions.
diff --git a/pkg/registry/client.go b/pkg/registry/client.go
@@ -96,23 +96,8 @@ func NewClient(options ...ClientOption) (*Client, error) {
 				return resolver, nil
 			}
 		}
-
 		headers := http.Header{}
 		headers.Set("User-Agent", version.GetUserAgent())
-		dockerClient, ok := client.authorizer.(*dockerauth.Client)
-		if ok {
-			username, password, err := dockerClient.Credential(ref.Registry)
-			if err != nil {
-				return nil, fmt.Errorf("unable to retrieve credentials: %w", err)
-			}
-			// A blank returned username and password value is a bearer token
-			if username == "" && password != "" {
-				headers.Set("Authorization", fmt.Sprintf("Bearer %s", password))
-			} else {
-				headers.Set("Authorization", fmt.Sprintf("Basic %s", basicAuth(username, password)))
-			}
-		}
-
 		opts := []auth.ResolverOption{auth.WithResolverHeaders(headers)}
 		if client.httpClient != nil {
 			opts = append(opts, auth.WithResolverClient(client.httpClient))
@@ -144,6 +129,7 @@ func NewClient(options ...ClientOption) (*Client, error) {
 				if !ok {
 					return registryauth.EmptyCredential, errors.New("unable to obtain docker client")
 				}
+
 				username, password, err := dockerClient.Credential(reg)
 				if err != nil {
 					return registryauth.EmptyCredential, errors.New("unable to retrieve credentials")
@@ -607,6 +593,7 @@ func (c *Client) Push(data []byte, ref string, options ...PushOption) (*PushResu
 	if err := memoryStore.StoreManifest(parsedRef.String(), manifest, manifestData); err != nil {
 		return nil, err
 	}
+
 	remotesResolver, err := c.resolver(parsedRef)
 	if err != nil {
 		return nil, err

diff --git a/pkg/registry/util.go b/pkg/registry/util.go
@@ -19,7 +19,6 @@ package registry // import "helm.sh/helm/v3/pkg/registry"
 import (
 	"bytes"
 	"context"
-	"encoding/base64"
 	"fmt"
 	"io"
 	"net/http"
@@ -246,13 +245,3 @@ func addToMap(inputMap map[string]string, newKey string, newValue string) map[st
 	return inputMap
 
 }
-
-// See 2 (end of page 4) https://www.ietf.org/rfc/rfc2617.txt
-// "To receive authorization, the client sends the userid and password,
-// separated by a single colon (":") character, within a base64
-// encoded string in the credentials."
-// It is not meant to be urlencoded.
-func basicAuth(username, password string) string {
-	auth := username + ":" + password
-	return base64.StdEncoding.EncodeToString([]byte(auth))
-}
diff --git a/pkg/registry/util_test.go b/pkg/registry/util_test.go
@@ -238,31 +238,3 @@ func TestGenerateOCICreatedAnnotations(t *testing.T) {
 	}
 
 }
-
-func Test_basicAuth(t *testing.T) {
-	type args struct {
-		username string
-		password string
-	}
-	tests := []struct {
-		name string
-		args args
-		want string
-	}{
-		{
-			name: "Basic Auth",
-			args: args{
-				username: "admin",
-				password: "passw0rd",
-			},
-			want: "YWRtaW46cGFzc3cwcmQ=",
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if got := basicAuth(tt.args.username, tt.args.password); got != tt.want {
-				t.Errorf("basicAuth() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}