Merge remote-tracking branch 'upstream/master'

Author: g-linville

.github/workflows/build.yml

@@ -15,7 +15,7 @@ on:
 
 env:
   DESTDIR: ./bin
-  GO_VERSION: 1.21.6
+  GO_VERSION: 1.21.10
 
 jobs:
   validate:
@@ -77,7 +77,7 @@ jobs:
       -
         name: GitHub Release
         if: startsWith(github.ref, 'refs/tags/v')
-        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844  # v0.1.15
+        uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87  # v2.0.5
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:

Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-ARG GO_VERSION=1.21.6
+ARG GO_VERSION=1.21.10
 ARG XX_VERSION=1.4.0
 ARG OSXCROSS_VERSION=11.3-r7-debian
 ARG GOLANGCI_LINT_VERSION=v1.55.2

docker-bake.hcl

@@ -1,5 +1,5 @@
 variable "GO_VERSION" {
-  default = "1.21.6"
+  default = "1.21.10"
 }
 
 # Defines the output folder

pass/pass.go

@@ -87,8 +87,7 @@ func (p Pass) Add(creds *credentials.Credentials) error {
 		return errors.New("missing credentials")
 	}
 
-	encoded := base64.URLEncoding.EncodeToString([]byte(creds.ServerURL))
-
+	encoded := encodeServerURL(creds.ServerURL)
 	_, err := p.runPass(creds.Secret, "insert", "-f", "-m", path.Join(PASS_FOLDER, encoded, creds.Username))
 	return err
 }
@@ -99,7 +98,7 @@ func (p Pass) Delete(serverURL string) error {
 		return errors.New("missing server url")
 	}
 
-	encoded := base64.URLEncoding.EncodeToString([]byte(serverURL))
+	encoded := encodeServerURL(serverURL)
 	_, err := p.runPass("", "rm", "-rf", path.Join(PASS_FOLDER, encoded))
 	return err
 }
@@ -142,23 +141,14 @@ func (p Pass) Get(serverURL string) (string, string, error) {
 		return "", "", errors.New("missing server url")
 	}
 
-	encoded := base64.URLEncoding.EncodeToString([]byte(serverURL))
-
-	if _, err := os.Stat(path.Join(getPassDir(), PASS_FOLDER, encoded)); err != nil {
-		if os.IsNotExist(err) {
-			return "", "", credentials.NewErrCredentialsNotFound()
-		}
-
-		return "", "", err
-	}
-
+	encoded := encodeServerURL(serverURL)
 	usernames, err := listPassDir(encoded)
 	if err != nil {
 		return "", "", err
 	}
 
 	if len(usernames) < 1 {
-		return "", "", fmt.Errorf("no usernames for %s", serverURL)
+		return "", "", credentials.NewErrCredentialsNotFound()
 	}
 
 	actual := strings.TrimSuffix(usernames[0].Name(), ".gpg")
@@ -180,7 +170,7 @@ func (p Pass) List() (map[string]string, error) {
 			continue
 		}
 
-		serverURL, err := base64.URLEncoding.DecodeString(server.Name())
+		serverURL, err := decodeServerURL(server.Name())
 		if err != nil {
 			return nil, err
 		}
@@ -191,11 +181,27 @@ func (p Pass) List() (map[string]string, error) {
 		}
 
 		if len(usernames) < 1 {
-			return nil, fmt.Errorf("no usernames for %s", serverURL)
+			continue
 		}
 
-		resp[string(serverURL)] = strings.TrimSuffix(usernames[0].Name(), ".gpg")
+		resp[serverURL] = strings.TrimSuffix(usernames[0].Name(), ".gpg")
 	}
 
 	return resp, nil
 }
+
+// encodeServerURL returns the serverURL in base64-URL encoding to use
+// as directory-name in pass storage.
+func encodeServerURL(serverURL string) string {
+	return base64.URLEncoding.EncodeToString([]byte(serverURL))
+}
+
+// decodeServerURL decodes base64-URL encoded serverURL. ServerURLs are
+// used in encoded format for directory-names in pass storage.
+func decodeServerURL(encodedServerURL string) (string, error) {
+	serverURL, err := base64.URLEncoding.DecodeString(encodedServerURL)
+	if err != nil {
+		return "", err
+	}
+	return string(serverURL), nil
+}

pass/pass_test.go

@@ -3,6 +3,8 @@
 package pass
 
 import (
+	"os"
+	"path"
 	"strings"
 	"testing"
 
@@ -116,6 +118,75 @@ func TestPassHelperList(t *testing.T) {
 	}
 }
 
+// TestPassHelperWithEmptyServer verifies that empty directories (servers
+// without credentials) are ignored, but still returns credentials for other
+// servers.
+func TestPassHelperWithEmptyServer(t *testing.T) {
+	helper := Pass{}
+	if err := helper.checkInitialized(); err != nil {
+		t.Error(err)
+	}
+
+	creds := []*credentials.Credentials{
+		{
+			ServerURL: "https://myreqistry.example.com:2375/v1",
+			Username:  "foo",
+			Secret:    "isthebestmeshuggahalbum",
+		},
+		{
+			ServerURL: "https://index.example.com/v1//access-token",
+		},
+	}
+
+	t.Cleanup(func() {
+		for _, cred := range creds {
+			_ = helper.Delete(cred.ServerURL)
+		}
+	})
+
+	for _, cred := range creds {
+		if cred.Username != "" {
+			if err := helper.Add(cred); err != nil {
+				t.Error(err)
+			}
+		} else {
+			// No credentials; create an empty directory for this server.
+			serverURL := encodeServerURL(cred.ServerURL)
+			p := path.Join(getPassDir(), PASS_FOLDER, serverURL)
+			if err := os.Mkdir(p, 0o755); err != nil {
+				t.Error(err)
+			}
+		}
+	}
+
+	credsList, err := helper.List()
+	if err != nil {
+		t.Error(err)
+	}
+	if len(credsList) == 0 {
+		t.Error("expected credentials to be returned, but got none")
+	}
+	for _, cred := range creds {
+		if cred.Username != "" {
+			userName, secret, err := helper.Get(cred.ServerURL)
+			if err != nil {
+				t.Error(err)
+			}
+			if userName != cred.Username {
+				t.Errorf("expected username %q, actual: %q", cred.Username, userName)
+			}
+			if secret != cred.Secret {
+				t.Errorf("expected secret %q, actual: %q", cred.Secret, secret)
+			}
+		} else {
+			_, _, err := helper.Get(cred.ServerURL)
+			if !credentials.IsErrCredentialsNotFound(err) {
+				t.Errorf("expected credentials not found, actual: %v", err)
+			}
+		}
+	}
+}
+
 func TestMissingCred(t *testing.T) {
 	helper := Pass{}
 	if _, _, err := helper.Get("garbage"); !credentials.IsErrCredentialsNotFound(err) {