From 9fb79bfa2e803b43a5d7d048192c523f1e38462c Mon Sep 17 00:00:00 2001
From: Alex Goodman <alex.goodman@anchore.com>
Date: Wed, 14 Apr 2021 10:28:21 -0400
Subject: [PATCH] dont append registry auth if potentially empty

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
---
 internal/config/registry.go      |  6 ++--
 internal/config/registry_test.go | 59 ++++++++++++++++++++++++++++++++
 2 files changed, 62 insertions(+), 3 deletions(-)
 create mode 100644 internal/config/registry_test.go

diff --git a/internal/config/registry.go b/internal/config/registry.go
index 221bb5f2b..97086e74c 100644
--- a/internal/config/registry.go
+++ b/internal/config/registry.go
@@ -37,7 +37,7 @@ func (cfg *registry) parseConfigValues() error {
 		os.Getenv("SYFT_REGISTRY_AUTH_PASSWORD"),
 		os.Getenv("SYFT_REGISTRY_AUTH_TOKEN")
 
-	if hasNonEmptyCredentials(authority, password, token) {
+	if hasNonEmptyCredentials(authority, username, password, token) {
 		// note: we prepend the credentials such that the environment variables take precedence over on-disk configuration.
 		cfg.Auth = append([]RegistryCredentials{
 			{
@@ -51,8 +51,8 @@ func (cfg *registry) parseConfigValues() error {
 	return nil
 }
 
-func hasNonEmptyCredentials(authority, password, token string) bool {
-	return authority != "" && password != "" || authority != "" && token != ""
+func hasNonEmptyCredentials(authority, username, password, token string) bool {
+	return authority != "" && password != "" && username != "" || authority != "" && token != ""
 }
 
 func (cfg *registry) ToOptions() *image.RegistryOptions {
diff --git a/internal/config/registry_test.go b/internal/config/registry_test.go
new file mode 100644
index 000000000..1597198e1
--- /dev/null
+++ b/internal/config/registry_test.go
@@ -0,0 +1,59 @@
+package config
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestHasNonEmptyCredentials(t *testing.T) {
+	tests := []struct {
+		auth, username, password, token string
+		expected                        bool
+	}{
+		{
+			"", "", "", "",
+			false,
+		},
+		{
+			"auth", "", "", "",
+			false,
+		},
+		{
+			"auth", "user", "", "",
+			false,
+		},
+		{
+			"auth", "", "pass", "",
+			false,
+		},
+		{
+			"auth", "", "pass", "tok",
+			true,
+		},
+		{
+			"auth", "user", "", "tok",
+			true,
+		},
+		{
+			"auth", "", "", "tok",
+			true,
+		},
+		{
+			"auth", "user", "pass", "tok",
+			true,
+		},
+
+		{
+			"auth", "user", "pass", "",
+			true,
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(fmt.Sprintf("%+v", test), func(t *testing.T) {
+			assert.Equal(t, test.expected, hasNonEmptyCredentials(test.auth, test.username, test.password, test.token))
+		})
+	}
+}