fix: padded base64 encoded docker auth field

base64 allows usage of new line characters and some tools use them.
As a result, the length of the encoded string cannot be used to
determine whether it's padded or not.

This patch fixes the regression after kubernetes#82148.

Author: Oleg Bulatov

pkg/credentialprovider/config.go

@@ -287,8 +287,7 @@ func decodeDockerConfigFieldAuth(field string) (username, password string, err e
 
 	// StdEncoding can only decode padded string
 	// RawStdEncoding can only decode unpadded string
-	// a string is correctly padded if and only if its length is a multiple of 4
-	if (len(field) % 4) == 0 {
+	if strings.HasSuffix(strings.TrimSpace(field), "=") {
 		// decode padded data
 		decoded, err = base64.StdEncoding.DecodeString(field)
 	} else {

pkg/credentialprovider/config_test.go

@@ -214,6 +214,13 @@ func TestDecodeDockerConfigFieldAuth(t *testing.T) {
 			password: "bar",
 		},
 
+		// some test as before but with new line characters
+		{
+			input:    "Zm9vOm\nJhcg==\n",
+			username: "foo",
+			password: "bar",
+		},
+
 		// standard encoding (with padding)
 		{
 			input:    base64.StdEncoding.EncodeToString([]byte("foo:bar")),
@@ -241,6 +248,12 @@ func TestDecodeDockerConfigFieldAuth(t *testing.T) {
 			fail:  true,
 		},
 
+		// only new line characters are ignored
+		{
+			input: "Zm9vOmJhcg== ",
+			fail:  true,
+		},
+
 		// bad base64 data
 		{
 			input: "pants",