// GetAuthForRegistry extracts desired docker.AuthConfiguration object from the // list of docker.AuthConfigurations by registry hostname func GetAuthForRegistry(auth *docker.AuthConfigurations, image *imagename.ImageName) (result docker.AuthConfiguration, err error) { registry := image.Registry // The default registry is "index.docker.io" if registry == "" || registry == "registry-1.docker.io" { registry = "index.docker.io" } // Optionally override auth took via aws-sdk (through ENV vars) if image.IsECR() { if awsRegAuth, err := GetECRAuth(registry, image.GetECRRegion()); err != nil && err != credentials.ErrNoValidProvidersFoundInChain { return result, err } else if awsRegAuth.Username != "" { return awsRegAuth, nil } } if auth == nil { return } if result, ok := auth.Configs[registry]; ok { return result, nil } if result, ok := auth.Configs["https://"+registry]; ok { return result, nil } if result, ok := auth.Configs["https://"+registry+"/v1/"]; ok { return result, nil } // not sure /v2/ is needed, but just in case if result, ok := auth.Configs["https://"+registry+"/v2/"]; ok { return result, nil } if result, ok := auth.Configs["*"]; ok { return result, nil } return }