Documentation ¶
Overview ¶
Package credentialprovider supplies interfaces and implementations for docker registry providers to expose their authentication scheme.
Index ¶
- func DefaultDockerConfigJSONPaths() []string
- func DefaultDockercfgPaths() []string
- func GetPreferredDockercfgPath() string
- func LazyProvide(creds LazyAuthConfiguration) dockertypes.AuthConfig
- func ReadUrl(url string, client *http.Client, header *http.Header) (body []byte, err error)
- func RegisterCredentialProvider(name string, provider DockerConfigProvider)
- func SetPreferredDockercfgPath(path string)
- type BasicDockerKeyring
- type CachingDockerConfigProvider
- type DockerConfig
- func ReadDockerConfigFile() (cfg DockerConfig, err error)
- func ReadDockerConfigFileFromUrl(url string, client *http.Client, header *http.Header) (cfg DockerConfig, err error)
- func ReadDockerConfigJSONFile(searchPaths []string) (cfg DockerConfig, err error)
- func ReadDockercfgFile(searchPaths []string) (cfg DockerConfig, err error)
- func ReadSpecificDockerConfigJsonFile(filePath string) (cfg DockerConfig, err error)
- type DockerConfigEntry
- type DockerConfigJson
- type DockerConfigProvider
- type DockerKeyring
- type FakeKeyring
- type HttpError
- type LazyAuthConfiguration
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DefaultDockerConfigJSONPaths ¶
func DefaultDockerConfigJSONPaths() []string
DefaultDockerConfigJSONPaths returns default search paths of .docker/config.json
func DefaultDockercfgPaths ¶
func DefaultDockercfgPaths() []string
DefaultDockercfgPaths returns default search paths of .dockercfg
func GetPreferredDockercfgPath ¶
func GetPreferredDockercfgPath() string
func LazyProvide ¶
func LazyProvide(creds LazyAuthConfiguration) dockertypes.AuthConfig
func RegisterCredentialProvider ¶
func RegisterCredentialProvider(name string, provider DockerConfigProvider)
RegisterCredentialProvider is called by provider implementations on initialization to register themselves, like so:
func init() { RegisterCredentialProvider("name", &myProvider{...}) }
func SetPreferredDockercfgPath ¶
func SetPreferredDockercfgPath(path string)
Types ¶
type BasicDockerKeyring ¶
type BasicDockerKeyring struct {
// contains filtered or unexported fields
}
BasicDockerKeyring is a trivial map-backed implementation of DockerKeyring
func (*BasicDockerKeyring) Add ¶
func (dk *BasicDockerKeyring) Add(cfg DockerConfig)
func (*BasicDockerKeyring) Lookup ¶
func (dk *BasicDockerKeyring) Lookup(image string) ([]LazyAuthConfiguration, bool)
Lookup implements the DockerKeyring method for fetching credentials based on image name. Multiple credentials may be returned if there are multiple potentially valid credentials available. This allows for rotation.
type CachingDockerConfigProvider ¶
type CachingDockerConfigProvider struct { Provider DockerConfigProvider Lifetime time.Duration // contains filtered or unexported fields }
CachingDockerConfigProvider implements DockerConfigProvider by composing with another DockerConfigProvider and caching the DockerConfig it provides for a pre-specified lifetime.
func (*CachingDockerConfigProvider) Enabled ¶
func (d *CachingDockerConfigProvider) Enabled() bool
Enabled implements dockerConfigProvider
func (*CachingDockerConfigProvider) LazyProvide ¶
func (d *CachingDockerConfigProvider) LazyProvide() *DockerConfigEntry
LazyProvide implements dockerConfigProvider. Should never be called.
func (*CachingDockerConfigProvider) Provide ¶
func (d *CachingDockerConfigProvider) Provide() DockerConfig
Provide implements dockerConfigProvider
type DockerConfig ¶
type DockerConfig map[string]DockerConfigEntry
DockerConfig represents the config file used by the docker CLI. This config that represents the credentials that should be used when pulling images from specific image repositories.
func ReadDockerConfigFile ¶
func ReadDockerConfigFile() (cfg DockerConfig, err error)
func ReadDockerConfigJSONFile ¶
func ReadDockerConfigJSONFile(searchPaths []string) (cfg DockerConfig, err error)
ReadDockerConfigJSONFile attempts to read a docker config.json file from the given paths. if searchPaths is empty, the default paths are used.
func ReadDockercfgFile ¶
func ReadDockercfgFile(searchPaths []string) (cfg DockerConfig, err error)
ReadDockercfgFile attempts to read a legacy dockercfg file from the given paths. if searchPaths is empty, the default paths are used.
func ReadSpecificDockerConfigJsonFile ¶
func ReadSpecificDockerConfigJsonFile(filePath string) (cfg DockerConfig, err error)
ReadSpecificDockerConfigJsonFile attempts to read docker configJSON from a given file path.
type DockerConfigEntry ¶
type DockerConfigEntry struct { Username string Password string Email string Provider DockerConfigProvider }
func (DockerConfigEntry) MarshalJSON ¶
func (ident DockerConfigEntry) MarshalJSON() ([]byte, error)
func (*DockerConfigEntry) UnmarshalJSON ¶
func (ident *DockerConfigEntry) UnmarshalJSON(data []byte) error
type DockerConfigJson ¶
type DockerConfigJson struct { Auths DockerConfig `json:"auths"` // +optional HttpHeaders map[string]string `json:"HttpHeaders,omitempty"` }
DockerConfigJson represents ~/.docker/config.json file info see https://github.com/docker/docker/pull/12009
type DockerConfigProvider ¶
type DockerConfigProvider interface { // Enabled returns true if the config provider is enabled. // Implementations can be blocking - e.g. metadata server unavailable. Enabled() bool // Provide returns docker configuration. // Implementations can be blocking - e.g. metadata server unavailable. Provide() DockerConfig // LazyProvide() gets called after URL matches have been performed, so the // location used as the key in DockerConfig would be redundant. LazyProvide() *DockerConfigEntry }
DockerConfigProvider is the interface that registered extensions implement to materialize 'dockercfg' credentials.
type DockerKeyring ¶
type DockerKeyring interface {
Lookup(image string) ([]LazyAuthConfiguration, bool)
}
DockerKeyring tracks a set of docker registry credentials, maintaining a reverse index across the registry endpoints. A registry endpoint is made up of a host (e.g. registry.example.com), but it may also contain a path (e.g. registry.example.com/foo) This index is important for two reasons:
- registry endpoints may overlap, and when this happens we must find the most specific match for a given image
- iterating a map does not yield predictable results
func MakeDockerKeyring ¶
func MakeDockerKeyring(passedSecrets []v1.Secret, defaultKeyring DockerKeyring) (DockerKeyring, error)
MakeDockerKeyring inspects the passedSecrets to see if they contain any DockerConfig secrets. If they do, then a DockerKeyring is built based on every hit and unioned with the defaultKeyring. If they do not, then the default keyring is returned
func NewDockerKeyring ¶
func NewDockerKeyring() DockerKeyring
NewDockerKeyring creates a DockerKeyring to use for resolving credentials, which lazily draws from the set of registered credential providers.
type FakeKeyring ¶
type FakeKeyring struct {
// contains filtered or unexported fields
}
func (*FakeKeyring) Lookup ¶
func (f *FakeKeyring) Lookup(image string) ([]LazyAuthConfiguration, bool)
type LazyAuthConfiguration ¶
type LazyAuthConfiguration struct { dockertypes.AuthConfig Provider DockerConfigProvider }
LazyAuthConfiguration wraps dockertypes.AuthConfig, potentially deferring its binding. If Provider is non-nil, it will be used to obtain new credentials by calling LazyProvide() on it.
func DockerConfigEntryToLazyAuthConfiguration ¶
func DockerConfigEntryToLazyAuthConfiguration(ident DockerConfigEntry) LazyAuthConfiguration