Documentation ¶
Overview ¶
Package credentialprovider supplies interfaces and implementations for docker registry providers to expose their authentication scheme.
Index ¶
- func GetPreferredDockercfgPath() string
- func ReadUrl(url string, client *http.Client, header *http.Header) (body []byte, err error)
- func RegisterCredentialProvider(name string, provider DockerConfigProvider)
- func SetPreferredDockercfgPath(path string)
- type BasicDockerKeyring
- type CachingDockerConfigProvider
- type DockerConfig
- type DockerConfigEntry
- type DockerConfigProvider
- type DockerKeyring
- type FakeKeyring
- type HttpError
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetPreferredDockercfgPath ¶ added in v0.10.0
func GetPreferredDockercfgPath() string
func RegisterCredentialProvider ¶
func RegisterCredentialProvider(name string, provider DockerConfigProvider)
RegisterCredentialProvider is called by provider implementations on initialization to register themselves, like so:
func init() { RegisterCredentialProvider("name", &myProvider{...}) }
func SetPreferredDockercfgPath ¶ added in v0.10.0
func SetPreferredDockercfgPath(path string)
Types ¶
type BasicDockerKeyring ¶
type BasicDockerKeyring struct {
// contains filtered or unexported fields
}
BasicDockerKeyring is a trivial map-backed implementation of DockerKeyring
func (*BasicDockerKeyring) Add ¶
func (dk *BasicDockerKeyring) Add(cfg DockerConfig)
func (*BasicDockerKeyring) Lookup ¶
func (dk *BasicDockerKeyring) Lookup(image string) ([]docker.AuthConfiguration, bool)
Lookup implements the DockerKeyring method for fetching credentials based on image name. Multiple credentials may be returned if there are multiple potentially valid credentials available. This allows for rotation.
type CachingDockerConfigProvider ¶
type CachingDockerConfigProvider struct { Provider DockerConfigProvider Lifetime time.Duration // contains filtered or unexported fields }
CachingDockerConfigProvider implements DockerConfigProvider by composing with another DockerConfigProvider and caching the DockerConfig it provides for a pre-specified lifetime.
func (*CachingDockerConfigProvider) Enabled ¶
func (d *CachingDockerConfigProvider) Enabled() bool
Enabled implements dockerConfigProvider
func (*CachingDockerConfigProvider) Provide ¶
func (d *CachingDockerConfigProvider) Provide() DockerConfig
Provide implements dockerConfigProvider
type DockerConfig ¶
type DockerConfig map[string]DockerConfigEntry
DockerConfig represents the config file used by the docker CLI. This config that represents the credentials that should be used when pulling images from specific image repositories.
func ReadDockerConfigFile ¶
func ReadDockerConfigFile() (cfg DockerConfig, err error)
type DockerConfigEntry ¶
func (DockerConfigEntry) MarshalJSON ¶ added in v0.19.0
func (ident DockerConfigEntry) MarshalJSON() ([]byte, error)
func (*DockerConfigEntry) UnmarshalJSON ¶
func (ident *DockerConfigEntry) UnmarshalJSON(data []byte) error
type DockerConfigProvider ¶
type DockerConfigProvider interface { Enabled() bool Provide() DockerConfig }
DockerConfigProvider is the interface that registered extensions implement to materialize 'dockercfg' credentials.
type DockerKeyring ¶
type DockerKeyring interface {
Lookup(image string) ([]docker.AuthConfiguration, bool)
}
DockerKeyring tracks a set of docker registry credentials, maintaining a reverse index across the registry endpoints. A registry endpoint is made up of a host (e.g. registry.example.com), but it may also contain a path (e.g. registry.example.com/foo) This index is important for two reasons:
- registry endpoints may overlap, and when this happens we must find the most specific match for a given image
- iterating a map does not yield predictable results
func MakeDockerKeyring ¶ added in v0.18.0
func MakeDockerKeyring(passedSecrets []api.Secret, defaultKeyring DockerKeyring) (DockerKeyring, error)
MakeDockerKeyring inspects the passedSecrets to see if they contain any DockerConfig secrets. If they do, then a DockerKeyring is built based on every hit and unioned with the defaultKeyring. If they do not, then the default keyring is returned
func NewDockerKeyring ¶
func NewDockerKeyring() DockerKeyring
NewDockerKeyring creates a DockerKeyring to use for resolving credentials, which lazily draws from the set of registered credential providers.
type FakeKeyring ¶ added in v0.12.0
type FakeKeyring struct {
// contains filtered or unexported fields
}
func (*FakeKeyring) Lookup ¶ added in v0.12.0
func (f *FakeKeyring) Lookup(image string) ([]docker.AuthConfiguration, bool)