docker-credential-gcr

command module

v1.4.0 Latest Latest Go to latest Published: May 5, 2017 License: Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/googlecloudplatform/docker-credential-gcr

Links

Open Source Insights

README ¶

docker-credential-gcr

Introduction

docker-credential-gcr is Google Container Registry's Docker credential helper. It allows for Docker clients v1.11+ to easily make authenticated requests to GCR's repositories (gcr.io, eu.gcr.io, etc.).

The helper implements the Docker Credential Store API, but enables more advanced authentication schemes for GCR's users. In particular, it respects Application Default Credentials and is capable of generating credentials automatically (without an explicit login operation) when running in App Engine or Compute Engine.

GCR Credentials

By default, the helper searches for GCR credentials in the following order:

In a JSON file whose path is specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable.
In a JSON file in a location known to the helper. On Windows, this is %APPDATA%/gcloud/application_default_credentials.json. On other systems, $HOME/.config/gcloud/application_default_credentials.json.
On Google App Engine it uses the appengine.AccessToken function.
On Google Compute Engine and Google App Engine Managed VMs, it fetches credentials from the metadata server.
From the gcloud SDK (i.e. the one printed via gcloud config config-helper --format='value(credential.access_token)').
In the helper's private credential store (i.e. those stored via docker-credential-gcr gcr-login)

However, the user may limit or re-order how the helper searches for GCR credentials using docker-credential-gcr config --token-source. Numbers 1-4 above are designated by the "env" source, 5 by "gcloud" and 6 by "store". Multiple sources are separated by commas, and the default is "env, gcloud, store".

Examples:

To configure the credential helper to use only the gcloud SDK's access token:

docker-credential-gcr config --token-source="gcloud"

To try the private store, followed by the environment:

docker-credential-gcr config --token-source="store, env"

Other Credentials

The helper implements the Docker Credential Store API and can be used to store credentials for other repositories. WARNING: Credentials are stored in plain text in a file under the user's home directory (e.g. $HOME/.config/gcloud/docker_credentials.json on non-windows systems).

Building from Source

The program in this repository is written with the Go programming language and built with make. These instructions assume that Go 1.7+ and make are installed on a *nix system.

Download the source and put it in your $GOPATH with go get.

go get github.com/GoogleCloudPlatform/docker-credential-gcr

Use make to build the program. The executable will be output to the bin directory inside the repository.
```
cd $GOPATH/src/github.com/GoogleCloudPlatform/docker-credential-gcr
make
```
Put that binary in your $PATH. e.g. if /usr/bin is present on your path:
```
sudo mv ./bin/docker-credential-gcr /usr/bin/docker-credential-gcr
```

Installation and Usage

Configure the Docker CLI to use docker-credential-gcr as its credential store
```
docker-credential-gcr configure-docker
```
- Alternatively, use the instructions below to configure your version of the Docker client.
Log in to GCR (or don't! gcloud auth login is sufficient, too)
```
docker-credential-gcr gcr-login
```

Use Docker!

docker pull gcr.io/project-id/neato-container

Log out from GCR
```
docker-credential-gcr gcr-logout
```

Docker Clients v1.13(.0-rc4)+ Manual Installation

Add a credHelpers entry in the Docker config file (usually ~/.docker/config.json) for each GCR registry that you care about. The key should be the domain of the registry (without the "https://") and the key chould be the suffix of the credential helper binary (everything after "docker-credential-").

e.g. for `docker-credential-gcr`:

    {
      "auths" : {
            ...
      }
      "credHelpers": {
            "coolregistry.com": ... ,
            "gcr.io": "gcr",
            "asia.gcr.io": "gcr",
            ...
      },
      "HttpHeaders": ...
      "psFormat": ...
      "imagesFormat": ...
      "detachKeys": ...
    }

Docker Clients v1.11 - v1.12 Manual Installation

Set the credsStore and auths fields in your Docker config file (usually ~/.docker/config.json). credsStore should be the suffix of the compiled binary (everything after "docker-credential-") and auths should have an empty entry for each GCR endpoint that you care about (with the "https://").

e.g. for `docker-credential-gcr`:

    {
      "auths": {
            "https://coolregistry.com": { ... },
            "https://gcr.io": {},
            "https://asia.gcr.io": {},
            ...
      },
      "credsStore": "gcr",
      "HttpHeaders": ...
      "psFormat": ...
      "imagesFormat": ...
      "detachKeys": ...
    }

License

Apache 2.0. See LICENSE for more information.

Documentation ¶

Overview ¶

Program docker-credential-gcr implements the Docker credential helper API and allows for more advanced login/authentication schemes for GCR customers.

See README.md

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
auth Package auth implements the logic required to authenticate the user and generate access tokens for use with GCR.	Package auth implements the logic required to authenticate the user and generate access tokens for use with GCR.
cli Package cli contains the implementations of all of the subcommands that are exposed via the command line.	Package cli contains the implementations of all of the subcommands that are exposed via the command line.
config Package config provides variables used in configuring the behavior of the app.	Package config provides variables used in configuring the behavior of the app.
credhelper Package credhelper implements a Docker credential helper with special facilities for GCR authentication.	Package credhelper implements a Docker credential helper with special facilities for GCR authentication.
store Package store implements a credential store that is capable of storing both plain Docker credentials as well as GCR access and refresh tokens.	Package store implements a credential store that is capable of storing both plain Docker credentials as well as GCR access and refresh tokens.
test Package test contains tests for the credential helper which don't require package-private member visibility.	Package test contains tests for the credential helper which don't require package-private member visibility.
util Package util contains utilities which are shared between packages.	Package util contains utilities which are shared between packages.
cmd Package cmd contains utilities to execute commands using a test-friendly interface.	Package cmd contains utilities to execute commands using a test-friendly interface.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL