simplify unmarshaling, and other nits

thaJeztah · thaJeztah · commit e7107116c1df · 2025-06-06T15:18:32.000+02:00
Signed-off-by: Sebastiaan van Stijn &lt;github@gone.nl&gt;
diff --git a/cli/config/configfile/file.go b/cli/config/configfile/file.go
@@ -49,34 +49,28 @@ type ConfigFile struct {
 }
 
 type configEnvAuth struct {
-	Auth string `json:"auth"`
+	Auth string `json:"auth,omitempty"`
 }
 
 type configEnv struct {
 	AuthConfigs map[string]configEnvAuth `json:"auths"`
 }
 
-var errDockerAuthConfigNotSet = errors.New("DOCKER_AUTH_CONFIG environment variable is not set")
-
-func (c *configEnv) LoadFromEnv() error {
-	v := os.Getenv("DOCKER_AUTH_CONFIG")
+func unmarshalJSONAuth(v string) (map[string]types.AuthConfig, error) {
 	if v == "" {
-		return errDockerAuthConfigNotSet
-	}
-	if c.AuthConfigs == nil {
-		c.AuthConfigs = make(map[string]configEnvAuth)
-	}
-	if err := json.NewDecoder(strings.NewReader(v)).Decode(c); err != nil && !errors.Is(err, io.EOF) {
-		return err
+		return nil, errors.New("value is empty")
 	}
-	return nil
-}
 
-func (c *configEnv) GetAuthConfigs() (map[string]types.AuthConfig, error) {
+	var c configEnv
+	if err := json.Unmarshal([]byte(v), &c); err != nil {
+		return nil, err
+	}
 	authConfigs := make(map[string]types.AuthConfig)
 	for addr, envAuth := range c.AuthConfigs {
 		if envAuth.Auth == "" {
-			return authConfigs, fmt.Errorf("DOCKER_AUTH_CONFIG environment variable is missing auth for %s", addr)
+			// auths may contain empty configs, which could be present
+			// if a credentials-helper is/was used for storing.
+			continue
 		}
 		username, password, err := decodeAuth(envAuth.Auth)
 		if err != nil {
@@ -314,37 +308,34 @@ func (configFile *ConfigFile) GetCredentialsStore(registryHostname string) crede
 		store = newNativeStore(configFile, helper)
 	}
 
-	// use DOCKER_AUTH_CONFIG if set
-	// if a parse error occurs it falls back to the native or file store
+	// use DOCKER_AUTH_CONFIG if set.
+	v := os.Getenv("DOCKER_AUTH_CONFIG")
+	if v == "" {
+		return store
+	}
 	envStore, err := memorystore.New(
-		withEnvConfig(),
+		withEnvConfig(v),
 		memorystore.WithFallbackStore(store),
 	)
 	if err != nil {
 		_, _ = fmt.Fprintln(os.Stderr, "Failed to create credential store from DOCKER_AUTH_CONFIG: ", err)
+
+		// fall back to the native or file store.
 		return store
 	}
 
 	return envStore
 }
 
-func withEnvConfig() memorystore.Options {
+// withEnvConfig configures the memory store with a static auth-config
+// from a JSON-encoded auth-config, usually taken from a "DOCKER_AUTH_CONFIG"
+// environment variable.
+func withEnvConfig(v string) memorystore.Options {
 	return func(c *memorystore.Config) error {
-		envConfig := &configEnv{}
-		err := envConfig.LoadFromEnv()
+		authConfigs, err := unmarshalJSONAuth(v)
 		if err != nil {
-			// ignore if DOCKER_AUTH_CONFIG is not set
-			if errors.Is(err, errDockerAuthConfigNotSet) {
-				return nil
-			}
-			return err
+			return fmt.Errorf("unmarshaling auth-config: %w", err)
 		}
-
-		authConfigs, err := envConfig.GetAuthConfigs()
-		if err != nil {
-			return err
-		}
-
 		return memorystore.WithAuthConfig(authConfigs)(c)
 	}
 }
diff --git a/cli/config/configfile/file_test.go b/cli/config/configfile/file_test.go
@@ -495,7 +495,10 @@ const envTestAuthConfig = `{
 	"auths": {
 		"env.example.test": {
 			"auth": "ZW52X3VzZXI6ZW52X3Bhc3M="
-		}
+		},
+		"https://index.docker.io/v1/": {},
+		"https://index.docker.io/v1/access-token": {},
+		"https://index.docker.io/v1/refresh-token": {}
 	}
 }`
 
