README
¶
auth
Skipping Vendor Specific Keychains
The auth package has configuration available to skip vendor specific keychain implementations. If you are a platform handling credentials yourself, you may want to skip loading these keychains. This can improve performance as the helpers automatically get invoked based on the hosting environment and the registries being interacted with.
Set any of the following to true to skip loading the vendor keychain.
CNB_REGISTRY_AUTH_KEYCHAIN_SKIP_AMAZON - set to skip Amazon/AWS's ECR credhelper.
CNB_REGISTRY_AUTH_KEYCHAIN_SKIP_AZURE - set to skip Microsoft/Azure's ACR credhelper
Documentation
¶
Index ¶
- Constants
- func BuildEnvVar(keychain authn.Keychain, images ...string) (string, error)
- func DefaultKeychain(images ...string) (authn.Keychain, error)
- func NewEnvKeychain(envVar string) (authn.Keychain, error)
- func NewResolvedKeychain(keychain authn.Keychain, images ...string) authn.Keychain
- func ReadEnvVar(envVar string) (map[string]string, error)
- func ReferenceForRepoName(keychain authn.Keychain, ref string) (name.Reference, authn.Authenticator, error)
- type EnvKeychain
- type ResolvedKeychain
Constants ¶
const EnvRegistryAuth = "CNB_REGISTRY_AUTH"
const EnvRegistryAuthKeychainSkipFormat = "CNB_REGISTRY_AUTH_KEYCHAIN_SKIP_%s"
EnvRegistryAuthKeychainSkipFormat is the format string for the environment variable that can be used to skip the keychain for a specific vendor.
Variables ¶
This section is empty.
Functions ¶
func BuildEnvVar ¶
BuildEnvVar creates the contents to use for authentication environment variable.
Complementary to `ReadEnvVar`.
func DefaultKeychain ¶ added in v0.10.0
DefaultKeychain returns a keychain containing authentication configuration for the given images from the following sources, if they exist, in order of precedence: the provided environment variable the docker config.json file credential helpers for Amazon and Azure
func NewEnvKeychain ¶ added in v0.14.1
NewEnvKeychain returns an authn.Keychain that uses the provided environment variable as a source of credentials. The value of the environment variable should be a JSON object that maps OCI registry hostnames to Authorization headers.
func NewResolvedKeychain ¶ added in v0.14.1
NewResolvedKeychain resolves credentials for the given images from the given keychain and returns a new keychain that stores the pre-resolved credentials in memory and returns them on demand. This is useful in cases where the backing credential store may become inaccessible in the future.
func ReadEnvVar ¶
ReadEnvVar parses an environment variable to produce a map of 'registry url' to 'authorization header'.
Complementary to `BuildEnvVar`.
Example Input:
{"gcr.io": "Bearer asdf=", "docker.io": "Basic qwerty="}
Example Output:
gcr.io -> Bearer asdf= docker.io -> Basic qwerty=
func ReferenceForRepoName ¶
func ReferenceForRepoName(keychain authn.Keychain, ref string) (name.Reference, authn.Authenticator, error)
ReferenceForRepoName returns a reference and an authenticator for a given image name and keychain.
Types ¶
type EnvKeychain ¶
EnvKeychain is an implementation of authn.Keychain that stores credentials as auth headers.
func (*EnvKeychain) Resolve ¶ added in v0.7.5
func (k *EnvKeychain) Resolve(resource authn.Resource) (authn.Authenticator, error)
type ResolvedKeychain ¶ added in v0.10.0
type ResolvedKeychain struct {
AuthConfigs map[string]*authn.AuthConfig
}
ResolvedKeychain is an implementation of authn.Keychain that stores credentials in memory.
func (*ResolvedKeychain) Resolve ¶ added in v0.10.0
func (k *ResolvedKeychain) Resolve(resource authn.Resource) (authn.Authenticator, error)
Source Files