Skip to content

X-Registry-Auth header sent to Docker Engine API contains field "authHeader" #42905

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
mhalbritter opened this issue Oct 28, 2024 · 7 comments
Closed

X-Registry-Auth header sent to Docker Engine API contains field "authHeader" #42905

mhalbritter opened this issue Oct 28, 2024 · 7 comments
Assignees
@wickdynex
Labels
status: first-timers-only An issue that can only be worked on by brand new contributors status: superseded An issue that has been superseded by another type: bug A general bug

Comments

@mhalbritter
Copy link
Contributor

mhalbritter commented Oct 28, 2024
edited
Loading

When constructing the header value for X-Registry-Auth when talking to the Docker Engine API, org.springframework.boot.buildpack.platform.docker.configuration.JsonEncodedDockerRegistryAuthentication#getAuthHeader is called. This getter is backed by the field authHeader, which is filled from org.springframework.boot.buildpack.platform.docker.configuration.JsonEncodedDockerRegistryAuthentication#createAuthHeader.

This uses SharedObjectMapper.get().writeValueAsBytes(this). However, the JSON from that serialization not only includes the necessary fields like username and password, but also the field authHeader, which is only used for caching the constructed header.

We should annotate the authHeader field with @JsonIgnore and verify in the tests (DockerRegistryUserAuthenticationTests and DockerRegistryTokenAuthenticationTests) that the header doesn't contain the authHeader field in the JSON.

What it looks like:

{
  "authHeader" : null,
  "username" : "user",
  "password" : "secret",
  "email" : "[email protected]",
  "serveraddress" : "https://docker.example.com"
}

What it should look like (note the removed authHeader field):

{
  "username" : "user",
  "password" : "secret",
  "email" : "[email protected]",
  "serveraddress" : "https://docker.example.com"
}
@mhalbritter mhalbritter added type: bug A general bug status: first-timers-only An issue that can only be worked on by brand new contributors labels Oct 28, 2024
@mhalbritter mhalbritter added this to the 3.2.x milestone Oct 28, 2024
This was referenced Oct 28, 2024
Closed
Closed
@wickdynex
Copy link
Contributor

🥺I'm new in this project, I don't know which branch I need to merge, so I choose main branch on my own. If I misunderstand, plz explain it to me🥰.

@philwebb
Copy link
Member

Thanks @1328032567. Applying the changes to main is fine, we'll take care of applying the PR to the correct branch when we merge it.

@wickdynex
Copy link
Contributor

wickdynex commented Oct 29, 2024
edited
Loading

Thanks @1328032567. Applying the changes to main is fine, we'll take care of applying the PR to the correct branch when we merge it.

Or you can tell my which branch would to be applied #42910 PR, I can create a new branch🥺, and also fix the same bug🥰. But, if this operate would to use this repository as a GitHub playground, sorry, I wouldn't do that😩. If there's anything I could do, plz tell me. Thanks for your replying😃.

@snicoll
Copy link
Member

snicoll commented Oct 29, 2024
edited
Loading

Closing in favor of PR #42910 - Thanks @1328032567

@snicoll snicoll closed this as not planned Won't fix, can't repro, duplicate, stale Oct 29, 2024
@snicoll snicoll removed this from the 3.2.x milestone Oct 29, 2024
@snicoll snicoll added the status: superseded An issue that has been superseded by another label Oct 29, 2024
@wickdynex
Copy link
Contributor

wickdynex commented Oct 29, 2024
edited by snicoll
Loading

Closing in favor of PR #42910 - Thanks @1328032567

One day I'll try to fix another issue again and try my best to be merged! 🥺Thank you team.

@mhalbritter
Copy link
Contributor Author

Hey @1328032567, we merged your PR, thanks a lot for your contribution ❤️

What you see above your comment is just our usual workflow: we create an issue, and when a PR is created which would solve the issue, we close the issue with "status: superseded" and merge the PR.

@wickdynex
Copy link
Contributor

Hey @1328032567, we merged your PR, thanks a lot for your contribution ❤️

What you see above your comment is just our usual workflow: we create an issue, and when a PR is created which would solve the issue, we close the issue with "status: superseded" and merge the PR.

TAT😭, thank u for your reply also merging my PR🥺. Im so appreciated for the whole spring-boot dev team that give a simple issue with tag first-timer-only to help a new-hand developer to join in this project🥳. Finally, thank you again❤️.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wickdynex wickdynex

Labels
status: first-timers-only An issue that can only be worked on by brand new contributors status: superseded An issue that has been superseded by another type: bug A general bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

X-Registry-Auth header sent to Docker Engine API contains field "authHeader" wickdynex/spring-boot
4 participants
@snicoll @philwebb @mhalbritter @wickdynex