From f1d94587d849b485799b6d9be92714ed8b964346 Mon Sep 17 00:00:00 2001
From: Natalie Arellano <narellano@vmware.com>
Date: Fri, 27 May 2022 13:33:10 -0400
Subject: [PATCH] Apply the fix from
 https://github.com/buildpacks/lifecycle/pull/853 to ResolvedKeychain (#862)

Signed-off-by: Natalie Arellano <narellano@vmware.com>
---
 auth/keychain.go      |  3 +++
 auth/keychain_test.go | 18 ++++++++++--------
 2 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/auth/keychain.go b/auth/keychain.go
index 55890f16f..952b02f75 100644
--- a/auth/keychain.go
+++ b/auth/keychain.go
@@ -127,6 +127,9 @@ func buildAuthConfigs(keychain authn.Keychain, images ...string) map[string]*aut
 		if err != nil {
 			continue
 		}
+		if *authConfig == (authn.AuthConfig{}) {
+			continue
+		}
 		registryAuths[reference.Context().Registry.Name()] = authConfig
 	}
 	return registryAuths
diff --git a/auth/keychain_test.go b/auth/keychain_test.go
index 9d17fb67d..b592bea46 100644
--- a/auth/keychain_test.go
+++ b/auth/keychain_test.go
@@ -21,7 +21,7 @@ func TestEnvKeychain(t *testing.T) {
 }
 
 func testEnvKeychain(t *testing.T, when spec.G, it spec.S) {
-	when("NewEnvKeychain", func() {
+	when("#NewEnvKeychain", func() {
 		when("environment variable is set", func() {
 			when("valid", func() {
 				it.Before(func() {
@@ -164,7 +164,7 @@ func testEnvKeychain(t *testing.T, when spec.G, it spec.S) {
 				})
 			})
 
-			when("empty", func() {
+			when("auth header is empty", func() {
 				it.Before(func() {
 					envKeychain = auth.EnvKeychain{AuthHeaders: map[string]string{}}
 				})
@@ -185,7 +185,7 @@ func testEnvKeychain(t *testing.T, when spec.G, it spec.S) {
 		})
 	})
 
-	when("NewResolvedKeychain", func() {
+	when("#NewResolvedKeychain", func() {
 		it("returns a resolved keychain from the provided keychain", func() {
 			keychain := &FakeKeychain{
 				authMap: map[string]*authn.AuthConfig{
@@ -202,6 +202,7 @@ func testEnvKeychain(t *testing.T, when spec.G, it spec.S) {
 					"oauth.registry.io": {
 						IdentityToken: "hjkl=",
 					},
+					"empty-auth.registry.io": {},
 				},
 			}
 
@@ -213,6 +214,7 @@ func testEnvKeychain(t *testing.T, when spec.G, it spec.S) {
 				"other-registry.com/image",
 				"my/image", // index.docker.io
 				"oauth.registry.io/image",
+				"empty-auth.registry.io/image",
 			)
 
 			h.AssertEq(t, resolvedKeychain, &auth.ResolvedKeychain{
@@ -292,7 +294,7 @@ func testEnvKeychain(t *testing.T, when spec.G, it spec.S) {
 				}
 			})
 
-			when("auth header is found", func() {
+			when("auth config is found", func() {
 				it("loads the basic auth from memory", func() {
 					registry, err := name.NewRegistry("basic-registry.com", name.WeakValidation)
 					h.AssertNil(t, err)
@@ -348,7 +350,7 @@ func testEnvKeychain(t *testing.T, when spec.G, it spec.S) {
 				})
 			})
 
-			when("empty", func() {
+			when("keychain is empty", func() {
 				it.Before(func() {
 					resolvedKeychain = auth.ResolvedKeychain{AuthConfigs: map[string]*authn.AuthConfig{}}
 				})
@@ -385,7 +387,7 @@ func testEnvKeychain(t *testing.T, when spec.G, it spec.S) {
 					"index.docker.io": {
 						RegistryToken: "qwerty=",
 					},
-					"missing.auth.config": {},
+					"empty-auth.registry.io": {},
 					"oauth.registry.io": {
 						IdentityToken: "hjkl=",
 					},
@@ -422,9 +424,9 @@ func testEnvKeychain(t *testing.T, when spec.G, it spec.S) {
 			})
 		})
 
-		when("registry is missing auth config", func() {
+		when("auth config is empty", func() {
 			it("returns an empty result", func() {
-				envVar, err := auth.BuildEnvVar(keychain, "missing.auth.config/some/image")
+				envVar, err := auth.BuildEnvVar(keychain, "empty-auth.registry.io/some/image")
 				h.AssertNil(t, err)
 
 				h.AssertEq(t, envVar, "{}")