Always obey --with-registry-auth, not claim.Parameters

Using `claim.Parameters` means that if the `install` was run using
`--with-registry-auth` then all subsequent commands (`status`, `uninstall`,
etc) would silently pass on the user's credentials (and it may not be the same
user)

Signed-off-by: Ian Campbell <[email protected]>

Author: Ian Campbell

internal/commands/cnab.go

@@ -81,26 +81,14 @@ func addDockerCredentials(contextName string, contextStore store.Store) credenti
 	}
 }
 
-func shouldPopulateRegistryCreds(parameterValues map[string]interface{}) bool {
-	v, ok := parameterValues[internal.ParameterShareRegistryCredsName]
-	if !ok {
-		return false
-	}
-	result, ok := v.(bool)
-	if !ok {
-		return false
-	}
-	return result
-}
-
-func addRegistryCredentials(parameterValues map[string]interface{}, dockerCli command.Cli) credentialSetOpt {
+func addRegistryCredentials(shouldPopulate bool, dockerCli command.Cli) credentialSetOpt {
 	return func(b *bundle.Bundle, creds map[string]string) error {
 		if _, ok := b.Credentials[internal.CredentialRegistryName]; !ok {
 			return nil
 		}
 
 		registryCreds := map[string]types.AuthConfig{}
-		if shouldPopulateRegistryCreds(parameterValues) {
+		if shouldPopulate {
 			for _, img := range b.Images {
 				named, err := reference.ParseNormalizedNamed(img.Image)
 				if err != nil {

internal/commands/cnab_test.go

@@ -212,17 +212,14 @@ func TestShareRegistryCreds(t *testing.T) {
 
 	for _, c := range cases {
 		t.Run(c.name, func(t *testing.T) {
-			params := map[string]interface{}{
-				internal.ParameterShareRegistryCredsName: c.shareCreds,
-			}
 			creds, err := prepareCredentialSet(
 				&bundle.Bundle{
 					Credentials: map[string]bundle.Location{internal.CredentialRegistryName: {}},
 					Images:      c.images,
 				},
 				addNamedCredentialSets(nil),
 				addDockerCredentials("", nil),
-				addRegistryCredentials(params, &registryConfigMock{configFile: &configfile.ConfigFile{
+				addRegistryCredentials(c.shareCreds, &registryConfigMock{configFile: &configfile.ConfigFile{
 					AuthConfigs: c.stored,
 				}}))
 			assert.NilError(t, err)

internal/commands/install.go

@@ -17,10 +17,9 @@ type installOptions struct {
 	credentialOptions
 	registryOptions
 	pullOptions
-	orchestrator     string
-	kubeNamespace    string
-	stackName        string
-	sendRegistryAuth bool
+	orchestrator  string
+	kubeNamespace string
+	stackName     string
 }
 
 type nameKind uint
@@ -61,7 +60,6 @@ func installCmd(dockerCli command.Cli) *cobra.Command {
 	cmd.Flags().StringVarP(&opts.orchestrator, "orchestrator", "o", "", "Orchestrator to install on (swarm, kubernetes)")
 	cmd.Flags().StringVar(&opts.kubeNamespace, "kubernetes-namespace", "default", "Kubernetes namespace to install into")
 	cmd.Flags().StringVar(&opts.stackName, "name", "", "Installation name (defaults to application name)")
-	cmd.Flags().BoolVar(&opts.sendRegistryAuth, "with-registry-auth", false, "Sends registry auth")
 
 	return cmd
 }
@@ -112,7 +110,7 @@ func runInstall(dockerCli command.Cli, appname string, opts installOptions) erro
 	creds, err := prepareCredentialSet(bndl,
 		addNamedCredentialSets(opts.credentialsets),
 		addDockerCredentials(targetContext, dockerCli.ContextStore()),
-		addRegistryCredentials(c.Parameters, dockerCli))
+		addRegistryCredentials(opts.sendRegistryAuth, dockerCli))
 	if err != nil {
 		return err
 	}

internal/commands/root.go

@@ -66,13 +66,15 @@ func (o *parametersOptions) addFlags(flags *pflag.FlagSet) {
 }
 
 type credentialOptions struct {
-	targetContext  string
-	credentialsets []string
+	targetContext    string
+	credentialsets   []string
+	sendRegistryAuth bool
 }
 
 func (o *credentialOptions) addFlags(flags *pflag.FlagSet) {
 	flags.StringVar(&o.targetContext, "target-context", "", "Context on which the application is executed")
 	flags.StringArrayVarP(&o.credentialsets, "credential-set", "c", []string{}, "Use a duffle credentialset (either a YAML file, or a credential set present in the duffle credential store)")
+	flags.BoolVar(&o.sendRegistryAuth, "with-registry-auth", false, "Sends registry auth")
 }
 
 type registryOptions struct {

internal/commands/status.go

@@ -50,7 +50,7 @@ func runStatus(dockerCli command.Cli, claimName string, opts credentialOptions)
 	creds, err := prepareCredentialSet(c.Bundle,
 		addNamedCredentialSets(opts.credentialsets),
 		addDockerCredentials(targetContext, dockerCli.ContextStore()),
-		addRegistryCredentials(c.Parameters, dockerCli))
+		addRegistryCredentials(opts.sendRegistryAuth, dockerCli))
 	if err != nil {
 		return err
 	}

internal/commands/uninstall.go

@@ -49,7 +49,7 @@ func runUninstall(dockerCli command.Cli, claimName string, opts credentialOption
 	creds, err := prepareCredentialSet(c.Bundle,
 		addNamedCredentialSets(opts.credentialsets),
 		addDockerCredentials(targetContext, dockerCli.ContextStore()),
-		addRegistryCredentials(c.Parameters, dockerCli))
+		addRegistryCredentials(opts.sendRegistryAuth, dockerCli))
 	if err != nil {
 		return err
 	}

internal/commands/upgrade.go

@@ -17,7 +17,6 @@ type upgradeOptions struct {
 	registryOptions
 	pullOptions
 	bundleOrDockerApp string
-	sendRegistryAuth  bool
 }
 
 func upgradeCmd(dockerCli command.Cli) *cobra.Command {
@@ -35,7 +34,6 @@ func upgradeCmd(dockerCli command.Cli) *cobra.Command {
 	opts.registryOptions.addFlags(cmd.Flags())
 	opts.pullOptions.addFlags(cmd.Flags())
 	cmd.Flags().StringVar(&opts.bundleOrDockerApp, "bundle", "", "Override with new bundle or Docker App")
-	cmd.Flags().BoolVar(&opts.sendRegistryAuth, "with-registry-auth", false, "Sends registry auth")
 
 	return cmd
 }
@@ -77,7 +75,7 @@ func runUpgrade(dockerCli command.Cli, installationName string, opts upgradeOpti
 	creds, err := prepareCredentialSet(c.Bundle,
 		addNamedCredentialSets(opts.credentialsets),
 		addDockerCredentials(targetContext, dockerCli.ContextStore()),
-		addRegistryCredentials(c.Parameters, dockerCli))
+		addRegistryCredentials(opts.sendRegistryAuth, dockerCli))
 	if err != nil {
 		return err
 	}