From 03ba63bec36e19f1159e25552f4ae6a8171620fd Mon Sep 17 00:00:00 2001 From: Adrien Fillon Date: Tue, 13 Sep 2022 19:53:41 +0200 Subject: [PATCH] Handle nil OCI authenticator with malformed registry Fixes #896 Signed-off-by: Adrien Fillon --- controllers/helmrepository_controller_oci.go | 4 ++++ controllers/helmrepository_controller_oci_test.go | 9 +++++++++ 2 files changed, 13 insertions(+) diff --git a/controllers/helmrepository_controller_oci.go b/controllers/helmrepository_controller_oci.go index 02ec39b49..5d60d2b1c 100644 --- a/controllers/helmrepository_controller_oci.go +++ b/controllers/helmrepository_controller_oci.go @@ -382,5 +382,9 @@ func oidcAuthFromAdapter(ctx context.Context, url, provider string) (helmreg.Log return nil, err } + if auth == nil { + return nil, fmt.Errorf("could not validate OCI provider %s with URL %s", provider, url) + } + return registry.OIDCAdaptHelper(auth) } diff --git a/controllers/helmrepository_controller_oci_test.go b/controllers/helmrepository_controller_oci_test.go index c5e36c297..f9c8356f3 100644 --- a/controllers/helmrepository_controller_oci_test.go +++ b/controllers/helmrepository_controller_oci_test.go @@ -229,6 +229,15 @@ func TestHelmRepositoryOCIReconciler_authStrategy(t *testing.T) { *conditions.FalseCondition(meta.ReadyCondition, sourcev1.AuthenticationFailedReason, "failed to get credential from"), }, }, + { + name: "with contextual login provider and invalid repository URL", + wantErr: true, + provider: "aws", + providerImg: "oci://123456789000.dkr.ecr.us-east-2.amazonaws.com", + assertConditions: []metav1.Condition{ + *conditions.FalseCondition(meta.ReadyCondition, sourcev1.AuthenticationFailedReason, "failed to get credential from"), + }, + }, { name: "with contextual login provider and secretRef", want: ctrl.Result{RequeueAfter: interval},