feat(cli): add trivy auth (#7664)

Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
2025-12-12 15:50:15 -08:00 · 2024-10-09 14:31:15 +04:00
parent 1f2e91b02b
commit 27117f81d5
23 changed files with 512 additions and 23 deletions
--- a/integration/registry_test.go
+++ b/integration/registry_test.go
@@ -117,6 +117,7 @@ type registryOption struct {
 	Username      string
 	Password      string
 	RegistryToken bool
+	AuthLogin     bool
 }

 func TestRegistry(t *testing.T) {
@@ -164,7 +165,6 @@ func TestRegistry(t *testing.T) {
 			imageFile: "testdata/fixtures/images/alpine-310.tar.gz",
 			os:        "alpine 3.10.2",
 			option: registryOption{
-				AuthURL:  authURL,
 				Username: authUsername,
 				Password: authPassword,
 			},
@@ -183,13 +183,24 @@ func TestRegistry(t *testing.T) {
 			},
 			golden: "testdata/alpine-310.json.golden",
 		},
+		{
+			name:      "authenticate with 'trivy auth login'",
+			imageName: "alpine:3.10",
+			imageFile: "testdata/fixtures/images/alpine-310.tar.gz",
+			os:        "alpine 3.10.2",
+			option: registryOption{
+				Username:  authUsername,
+				Password:  authPassword,
+				AuthLogin: true,
+			},
+			golden: "testdata/alpine-310.json.golden",
+		},
 		{
 			name:      "amazonlinux 2",
 			imageName: "amazonlinux:2",
 			imageFile: "testdata/fixtures/images/amazon-2.tar.gz",
 			os:        "amazon 2 (Karoo)",
 			option: registryOption{
-				AuthURL:  authURL,
 				Username: authUsername,
 				Password: authPassword,
 			},
@@ -201,7 +212,6 @@ func TestRegistry(t *testing.T) {
 			imageFile: "testdata/fixtures/images/debian-buster.tar.gz",
 			os:        "debian 10.1",
 			option: registryOption{
-				AuthURL:  authURL,
 				Username: authUsername,
 				Password: authPassword,
 			},
@@ -226,6 +236,7 @@ func TestRegistry(t *testing.T) {
 			require.NoError(t, err)

 			osArgs, err := scan(t, imageRef, baseDir, tt.option)
+			require.NoError(t, err)

 			// Run Trivy
 			runTest(t, osArgs, tt.golden, "", types.FormatJSON, runOptions{
@@ -262,7 +273,7 @@ func scan(t *testing.T, imageRef name.Reference, baseDir string, opt registryOpt
 		"json",
 		"--image-src",
 		"remote",
-		"--skip-update",
+		"--skip-db-update",
 		imageRef.Name(),
 	}

@@ -273,14 +284,30 @@ func setupEnv(t *testing.T, imageRef name.Reference, baseDir string, opt registr
 	t.Setenv("TRIVY_INSECURE", "true")

 	if opt.Username != "" && opt.Password != "" {
-		if opt.RegistryToken {
+		switch {
+		case opt.RegistryToken:
 			// Get a registry token in advance
 			token, err := requestRegistryToken(imageRef, baseDir, opt)
 			if err != nil {
 				return err
 			}
 			t.Setenv("TRIVY_REGISTRY_TOKEN", token)
-		} else {
+		case opt.AuthLogin:
+			t.Setenv("DOCKER_CONFIG", t.TempDir())
+			err := execute([]string{
+				"auth",
+				"login",
+				"--username",
+				opt.Username,
+				"--password",
+				opt.Password,
+				"--insecure",
+				imageRef.Context().RegistryStr(),
+			})
+			if err != nil {
+				return err
+			}
+		default:
 			t.Setenv("TRIVY_USERNAME", opt.Username)
 			t.Setenv("TRIVY_PASSWORD", opt.Password)
 		}