From 6a383873d10b942576f37441302651a3a12d68e6 Mon Sep 17 00:00:00 2001 From: Josh De Winne Date: Tue, 18 Apr 2023 19:39:02 -0700 Subject: [PATCH] Fix for service account token to read from file --- cli/cmd/registry_add_gcr.go | 24 ++++-- cli/cmd/registry_add_gcr_test.go | 73 +++++++++++++++++++ .../invalid-gcr-service-account-key.json | 1 + 3 files changed, 93 insertions(+), 5 deletions(-) create mode 100644 cli/cmd/registry_add_gcr_test.go create mode 100644 cli/cmd/testdata/invalid-gcr-service-account-key.json diff --git a/cli/cmd/registry_add_gcr.go b/cli/cmd/registry_add_gcr.go index 6ab63f7c..853426de 100644 --- a/cli/cmd/registry_add_gcr.go +++ b/cli/cmd/registry_add_gcr.go @@ -1,6 +1,8 @@ package cmd import ( + "encoding/json" + "io/ioutil" "strings" "github.com/pkg/errors" @@ -20,8 +22,8 @@ func (r *runners) InitRegistryAddGCR(parent *cobra.Command) { parent.AddCommand(cmd) cmd.Flags().StringVar(&r.args.addRegistryEndpoint, "endpoint", "", "The GCR endpoint") - cmd.Flags().StringVar(&r.args.addRegistryServiceAccountKey, "serviceaccountkey", "", "The service account key to authenticate to the registry with") - cmd.Flags().BoolVar(&r.args.addRegistryServiceAccountKeyFromStdIn, "serviceaccountkey-stdin", false, "Take the service account key from stdin") + cmd.Flags().StringVar(&r.args.addRegistryServiceAccountKey, "serviceaccountkey", "", "The service account key to authenticate to the registry with. This is the path to the JSON file.") + cmd.Flags().BoolVar(&r.args.addRegistryServiceAccountKeyFromStdIn, "serviceaccountkey-stdin", false, "Take the service account key content from stdin") cmd.RunE = r.registryAddGCR } @@ -33,7 +35,7 @@ func (r *runners) registryAddGCR(cmd *cobra.Command, args []string) error { if err != nil { return errors.Wrap(err, "read secret service account key from stdin") } - r.args.addRegistryServiceAccountKey = serviceAccountKey + r.args.addRegistryPassword = serviceAccountKey } addRegistryRequest, errs := r.validateRegistryAddGCR() @@ -77,10 +79,22 @@ func (r *runners) validateRegistryAddGCR() (kotsclient.AddKOTSRegistryRequest, [ req.Endpoint = r.args.addRegistryEndpoint } - if r.args.addRegistryServiceAccountKey == "" { + if r.args.addRegistryServiceAccountKey == "" && r.args.addRegistryPassword == "" { errs = append(errs, errors.New("serviceaccountkey or serviceaccountkey-stdin must be specified")) } else { - req.Password = r.args.addRegistryServiceAccountKey + if r.args.addRegistryServiceAccountKey != "" { + bytes, err := ioutil.ReadFile(r.args.addRegistryServiceAccountKey) + if err != nil { + errs = append(errs, errors.Wrap(err, "read service account key")) + return req, errs + } + if !json.Valid(bytes) { + errs = append(errs, errors.New("Not valid json key file")) + return req, errs + } + r.args.addRegistryPassword = string(bytes) + } + req.Password = r.args.addRegistryPassword } return req, errs diff --git a/cli/cmd/registry_add_gcr_test.go b/cli/cmd/registry_add_gcr_test.go new file mode 100644 index 00000000..8c114942 --- /dev/null +++ b/cli/cmd/registry_add_gcr_test.go @@ -0,0 +1,73 @@ +package cmd + +import ( + "os" + "testing" + "text/tabwriter" +) + +func TestRegistryAddGCR(t *testing.T) { + tests := []struct { + name string + args []string + wantErr bool + wantErrString string + }{ + { + name: "endpoint required", + args: []string{"registry", "add", "gcr"}, + wantErr: true, + wantErrString: "endpoint must be specified, serviceaccountkey or serviceaccountkey-stdin must be specified", + }, + { + name: "service account key required", + args: []string{"registry", "add", "gcr", "--endpoint", "gcr.io"}, + wantErr: true, + wantErrString: "serviceaccountkey or serviceaccountkey-stdin must be specified", + }, + { + name: "invalid service account key", + args: []string{"registry", "add", "gcr", "--endpoint", "gcr.io", "--serviceaccountkey", "./testdata/invalid-gcr-service-account-key.json"}, + wantErr: true, + wantErrString: "Not valid json key file", + }, + { + name: "service account key file not found", + args: []string{"registry", "add", "gcr", "--endpoint", "gcr.io", "--serviceaccountkey", "./testdata/does-not-exist.json"}, + wantErr: true, + wantErrString: "read service account key: open ./testdata/does-not-exist.json: no such file or directory", + }, + } + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + cmd := GetRootCmd() + w := tabwriter.NewWriter(os.Stdout, minWidth, tabWidth, padding, padChar, tabwriter.TabIndent) + runCmds := &runners{ + rootCmd: cmd, + stdin: os.Stdin, + w: w, + } + + registryCmd := runCmds.InitRegistryCommand(runCmds.rootCmd) + runCmds.InitRegistryCommand(registryCmd) + registryAddCmd := runCmds.InitRegistryAdd(registryCmd) + runCmds.InitRegistryAddGCR(registryAddCmd) + runCmds.rootCmd.SetArgs(test.args) + err := runCmds.rootCmd.Execute() + if test.wantErr { + if err == nil { + t.Errorf("expected error, got nil") + } + if err.Error() != test.wantErrString { + t.Errorf("expected error string %q, got %q", test.wantErrString, err.Error()) + } + } else { + if err != nil { + t.Errorf("expected no error, got %v", err) + } + } + + }) + } +} diff --git a/cli/cmd/testdata/invalid-gcr-service-account-key.json b/cli/cmd/testdata/invalid-gcr-service-account-key.json new file mode 100644 index 00000000..4558c55c --- /dev/null +++ b/cli/cmd/testdata/invalid-gcr-service-account-key.json @@ -0,0 +1 @@ +This is not valid json \ No newline at end of file