func TestReadDockerConfigJson(t *testing.T) {
content := "{ \"auths\": { \"test-server-1.tld\":{\"auth\":\"Zm9vOmJhcgo=\",\"email\":\"[email protected]\"}}}"
tempfile, err := ioutil.TempFile("", "cfgtest")
if err != nil {
t.Fatalf("Unable to create temp file: %v", err)
}
defer os.Remove(tempfile.Name())
tempfile.WriteString(content)
tempfile.Close()
dockercfg, err := readDockerConfigJson(tempfile.Name())
if err != nil {
t.Errorf("Received unexpected error reading dockercfg: %v", err)
return
}
keyring := credentialprovider.BasicDockerKeyring{}
keyring.Add(dockercfg)
authConfs, found := keyring.Lookup("test-server-1.tld/foo/bar")
if !found || len(authConfs) == 0 {
t.Errorf("Expected lookup success, got not found")
}
if authConfs[0].Email != "*****@*****.**" {
t.Errorf("Unexpected Email value: %s", authConfs[0].Email)
}
}
// GetDockerAuth returns a valid Docker AuthConfiguration entry, and whether it was read
// from the local dockercfg file
func (h *Helper) GetDockerAuth(imageName, authType string) (docker.AuthConfiguration, bool) {
glog.V(3).Infof("Locating docker auth for image %s and type %s", imageName, authType)
var dockercfgPath string
if pathForAuthType := os.Getenv(authType); len(pathForAuthType) > 0 {
dockercfgPath = getDockercfgFile(pathForAuthType)
} else {
dockercfgPath = getDockercfgFile("")
}
if _, err := os.Stat(dockercfgPath); err != nil {
glog.V(3).Infof("Problem accessing %s: %v", dockercfgPath, err)
return docker.AuthConfiguration{}, false
}
cfg, err := readDockercfg(dockercfgPath)
if err != nil {
glog.Errorf("Reading %s failed: %v", dockercfgPath, err)
return docker.AuthConfiguration{}, false
}
keyring := credentialprovider.BasicDockerKeyring{}
keyring.Add(cfg)
authConfs, found := keyring.Lookup(imageName)
if !found || len(authConfs) == 0 {
return docker.AuthConfiguration{}, false
}
glog.V(3).Infof("Using %s user for Docker authentication for image %s", authConfs[0].Username, imageName)
return authConfs[0], true
}
// GetDockerAuth returns a valid Docker AuthConfiguration entry, and whether it was read
// from the local dockercfg file
func (h *Helper) GetDockerAuth(imageName, authType string) (docker.AuthConfiguration, bool) {
glog.V(3).Infof("Locating docker auth for image %s and type %s", imageName, authType)
var dockercfgPath string
if pathForAuthType := os.Getenv(authType); len(pathForAuthType) > 0 {
dockercfgPath = GetDockercfgFile(pathForAuthType)
} else {
dockercfgPath = GetDockercfgFile("")
}
if len(dockercfgPath) == 0 {
glog.V(3).Infof("Could not locate a docker config file")
return docker.AuthConfiguration{}, false
}
if _, err := os.Stat(dockercfgPath); err != nil {
glog.V(3).Infof("Problem accessing %s: %v", dockercfgPath, err)
return docker.AuthConfiguration{}, false
}
var cfg credentialprovider.DockerConfig
var err error
if strings.HasSuffix(dockercfgPath, kapi.DockerConfigJsonKey) || strings.HasSuffix(dockercfgPath, "config.json") {
cfg, err = readDockerConfigJson(dockercfgPath)
if err != nil {
glog.Errorf("Reading %s failed: %v", dockercfgPath, err)
return docker.AuthConfiguration{}, false
}
} else if strings.HasSuffix(dockercfgPath, kapi.DockerConfigKey) {
cfg, err = readDockercfg(dockercfgPath)
if err != nil {
glog.Errorf("Reading %s failed: %v", dockercfgPath, err)
return docker.AuthConfiguration{}, false
}
}
keyring := credentialprovider.BasicDockerKeyring{}
keyring.Add(cfg)
authConfs, found := keyring.Lookup(imageName)
if !found || len(authConfs) == 0 {
return docker.AuthConfiguration{}, false
}
glog.V(3).Infof("Using %s user for Docker authentication for image %s", authConfs[0].Username, imageName)
return docker.AuthConfiguration{
Username: authConfs[0].Username,
Password: authConfs[0].Password,
Email: authConfs[0].Email,
ServerAddress: authConfs[0].ServerAddress,
}, true
}
//BuildAuthConfiguration constructs a non-standard dockerClient.AuthConfiguration that can be used to communicate with the openshift internal docker registry
func BuildAuthConfiguration(credKey string, oc *CLI) (*dockerClient.AuthConfiguration, error) {
authCfg := &dockerClient.AuthConfiguration{}
secretList, err := oc.AdminKubeREST().Secrets(oc.Namespace()).List(kapi.ListOptions{})
g.By(fmt.Sprintf("get secret list err %v ", err))
if err == nil {
for _, secret := range secretList.Items {
g.By(fmt.Sprintf("secret name %s ", secret.ObjectMeta.Name))
if strings.Contains(secret.ObjectMeta.Name, "builder-dockercfg") {
dockercfgToken := secret.Data[".dockercfg"]
dockercfgTokenJson := string(dockercfgToken)
g.By(fmt.Sprintf("docker cfg token json %s ", dockercfgTokenJson))
creds := credentialprovider.DockerConfig{}
err = gson.Unmarshal(dockercfgToken, &creds)
g.By(fmt.Sprintf("json unmarshal err %v ", err))
if err == nil {
// borrowed from openshift/origin/pkg/build/builder/cmd/dockercfg/cfg.go, but we get the
// secrets and dockercfg data via `oc` vs. internal use of env vars and local file reading,
// so we don't use the public methods present there
keyring := credentialprovider.BasicDockerKeyring{}
keyring.Add(creds)
authConfs, found := keyring.Lookup(credKey)
g.By(fmt.Sprintf("found auth %v with auth cfg len %d ", found, len(authConfs)))
if !found || len(authConfs) == 0 {
return authCfg, err
}
// have seen this does not get set
if len(authConfs[0].ServerAddress) == 0 {
authConfs[0].ServerAddress = credKey
}
g.By(fmt.Sprintf("dockercfg with svrAddr %s user %s pass %s email %s ", authConfs[0].ServerAddress, authConfs[0].Username, authConfs[0].Password, authConfs[0].Email))
c := dockerClient.AuthConfiguration{Username: authConfs[0].Username, ServerAddress: authConfs[0].ServerAddress, Password: authConfs[0].Password}
return &c, err
}
}
}
}
return authCfg, err
}