Skip to content

feat: use creds from auth.json for imports #712

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 12, 2025
Merged

feat: use creds from auth.json for imports #712

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 30 additions & 8 deletions pkg/stacker/network.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,27 +10,30 @@ import (
"strconv"
"strings"

"github.com/containers/image/v5/pkg/docker/config"
"github.com/containers/image/v5/types"

"github.com/cheggaaa/pb/v3"
"github.com/pkg/errors"
"stackerbuild.io/stacker/pkg/lib"
"stackerbuild.io/stacker/pkg/log"
)

// download with caching support in the specified cache dir.
func Download(cacheDir string, url string, progress bool, expectedHash, remoteHash, remoteSize string,
func Download(cacheDir string, remoteUrl string, progress bool, expectedHash, remoteHash, remoteSize string,
idest string, mode *fs.FileMode, uid, gid int,
) (string, error) {
var name string
if idest != "" && idest[len(idest)-1:] != "/" {
name = path.Join(cacheDir, path.Base(idest))
} else {
name = path.Join(cacheDir, path.Base(url))
name = path.Join(cacheDir, path.Base(remoteUrl))
}

if fi, err := os.Stat(name); err == nil {
// Couldn't get remoteHash then use cached copy of import
if remoteHash == "" {
log.Infof("Couldn't obtain file info of %s, using cached copy", url)
log.Infof("Couldn't obtain file info of %s, using cached copy", remoteUrl)
return name, nil
}
// File is found in cache
Expand All @@ -45,11 +48,11 @@ func Download(cacheDir string, url string, progress bool, expectedHash, remoteHa

if localHash == remoteHash {
// Cached file has same hash as the remote file
log.Infof("matched hash of %s, using cached copy", url)
log.Infof("matched hash of %s, using cached copy", remoteUrl)
return name, nil
} else if localSize == remoteSize {
// Cached file has same content length as the remote file
log.Infof("matched content length of %s, taking a leap of faith and using cached copy", url)
log.Infof("matched content length of %s, taking a leap of faith and using cached copy", remoteUrl)
return name, nil
}
// Cached file has a different hash from the remote one
Expand All @@ -71,9 +74,28 @@ func Download(cacheDir string, url string, progress bool, expectedHash, remoteHa
}
defer out.Close()

log.Infof("downloading %v", url)
log.Infof("downloading %v", remoteUrl)

request, err := http.NewRequest(http.MethodGet, remoteUrl, nil)
if err != nil {
return "", err
}

u, err := url.Parse(remoteUrl)
if err != nil {
return "", err
}

creds, err := config.GetCredentials(&types.SystemContext{}, u.Hostname())
if err != nil {
log.Infof("credentials not found for host %s - reason:%s continuing without creds", u.Host, err)
}

request.SetBasicAuth(creds.Username, creds.Password)

client := &http.Client{}

resp, err := http.Get(url)
resp, err := client.Do(request)
if err != nil {
os.RemoveAll(name)
return "", err
Expand All @@ -82,7 +104,7 @@ func Download(cacheDir string, url string, progress bool, expectedHash, remoteHa

if resp.StatusCode != 200 {
os.RemoveAll(name)
return "", errors.Errorf("couldn't download %s: %s", url, resp.Status)
return "", errors.Errorf("couldn't download %s: %s", remoteUrl, resp.Status)
}

source := resp.Body
Expand Down
52 changes: 52 additions & 0 deletions test/import-http-auth.bats
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
load helpers

function setup() {
stacker_setup
cat > stacker.yaml <<"EOF"
img:
from:
type: oci
url: ${{BUSYBOX_OCI}}
imports:
- path: http://localhost:9999/importme
run: |
cp /stacker/imports/importme /importme
EOF

mkdir -p http_root
echo "please" > http_root/importme

wget --quiet https://github.com/m3ng9i/ran/releases/download/v0.1.6/ran_linux_amd64.zip
unzip ran_linux_amd64.zip
mv ran_linux_amd64 ran_for_stackertest
chmod +x ran_for_stackertest


}

function teardown() {
cleanup
rm -rf http_root || true
killall ran_for_stackertest || true
}

@test "importing from http server with auth works" {
require_privilege priv

export XDG_RUNTIME_DIR=$TEST_TMPDIR
mkdir -p $TEST_TMPDIR/containers/
cat > $TEST_TMPDIR/containers/auth.json <<EOF
{
"auths": {
"localhost": {"auth": "aWFtOmNhcmVmdWw="}
}
}
EOF
./ran_for_stackertest -p 9999 -r http_root -a "iam:careful" &
ls -l $XDG_RUNTIME_DIR/containers/
stacker --debug build -f stacker.yaml --substitute BUSYBOX_OCI=${BUSYBOX_OCI}
umoci ls --layout oci

umoci unpack --image oci:img img
[ "$(sha http_root/importme)" == "$(sha img/rootfs/importme)" ]
}
Loading