fix(provider/docker): Support multiple challenges from WWW-Authenticate header
#6139
Conversation
|
Can you look into the failures please? |
Based on this line, it looks like a transient issue while initializing (a) Testcontainer(s). Locally the tests pass for me, and debugging them shows that they do not execute any code path in the changed classes. Could you please retrigger the build? If it still fails, I'd be happy to take a further look. It would be nice to have some more logs of the failing tests, if you have a way of retrieving those. |
|
Thanks much @Badbond |
|
@Badbond @dbyron-sf can we get this back-ported to v1.33 release branch please? |
|
@Mergifyio backport release-1.33.x |
✅ Backports have been created
|
…ate` header (#6139) (#6175) * test(provider/docker): Add test for `WWW-Authenticate` header parsing * fix(provider/docker): Support multiple challenges from `WWW-Authenticate` header (cherry picked from commit 2aeea5a) Co-authored-by: Pieter Dirk Soels <[email protected]>
|
thank you @dbyron-sf |
|
also @dbyron-sf - will this end up in the next Halyard release? Error is also occurring when editing existing dockerHub accounts added |
|
Do you mean the next version of spinnaker? Yes, it'll end up in 1.34. Not sure anyone has released a 1.33.x since we backported it. |
|
@dbyron-sf I meant specifically that the logic from this is imported into Halyard (Afaik from reading other issues) |
|
Halyard has its own release cycle that's separate from the rest of spinnaker. As far as I know this logic isn't relevant to halyard. Please correct me if that's not true. |
|
As mentioned in the ticket, it also affects Halyard. This is because it uses Clouddriver's Docker client here for performing validations. IIUC this requires Halyard to use the new Clouddriver release and issue a release as well. However, it may be that older versions of Halyard (< 1.63.0) are not affected as they rely on an older version of Clouddriver predating this bug. I did not backtrack this all the way (yet). |
|
OK, so as a start, let me publish new clouddriver jars (5.84.0) from the HEAD of master that include this fix. Then the next step will be to release a new version of halyard. |
|
OK, I've published those clouddriver jars and released version 1.64 of halyard. Can you try it out please? |
|
Starting with upgrading Halyard (1.62.0 -> 1.64.0), it seems it can not start the application due to a cyclic dependency: |
|
As for this particular fix in Clouddriver, I was able to upgrade Spinnaker 1.31 -> 1.33 using Halyard 1.62.0 while specifying the |
|
@Badbond I have a feeling spinnaker/halyard#2144 fixes the halyard startup issues. |
|
@Badbond I've released version 1.65.0 of halyard. Can you try it out? |
|
Thank you @dbyron-sf, it is working! 👍 We were able to upgrade to Spinnaker 1.33.0 and Halyard 1.65.0 now. Unfortunately we did stumble upon some new unrelated issues while testing and upgrading, which I have filed for completion here: |
|
Thanks @dbyron-sf ! (Unfortunately I cannot test as our fix was just to remove the ability to access Dockerhub at all 😂) |
Fixes spinnaker/spinnaker#6922.
Ultimately, considers the
WWW-Authenticateheader value as aList<String>as opposed to casting it directly to aString.According to Mozilla's
WWW-Authenticateheader documentation, it is possible for the server to respond with multiple challenges through multiple header values. As such, I decided not to simply fetch the first header value, but now loop over the values and handle the first to match thebearerorbasicprefix. It might be time to extract this to a separate method, but I kept the diff as small as possible.I am not too familiar with Groovy nor Spock, so feel free to apply improvements where you deem fit.
The first commit serves as a regression test that the second commit fixes.