Пример #1
0
func TestReadDockerConfigJson(t *testing.T) {
	content := "{ \"auths\": { \"test-server-1.tld\":{\"auth\":\"Zm9vOmJhcgo=\",\"email\":\"[email protected]\"}}}"
	tempfile, err := ioutil.TempFile("", "cfgtest")
	if err != nil {
		t.Fatalf("Unable to create temp file: %v", err)
	}
	defer os.Remove(tempfile.Name())
	tempfile.WriteString(content)
	tempfile.Close()

	dockercfg, err := readDockerConfigJson(tempfile.Name())
	if err != nil {
		t.Errorf("Received unexpected error reading dockercfg: %v", err)
		return
	}

	keyring := credentialprovider.BasicDockerKeyring{}
	keyring.Add(dockercfg)
	authConfs, found := keyring.Lookup("test-server-1.tld/foo/bar")
	if !found || len(authConfs) == 0 {
		t.Errorf("Expected lookup success, got not found")
	}
	if authConfs[0].Email != "*****@*****.**" {
		t.Errorf("Unexpected Email value: %s", authConfs[0].Email)
	}
}
Пример #2
0
// GetDockerAuth returns a valid Docker AuthConfiguration entry, and whether it was read
// from the local dockercfg file
func (h *Helper) GetDockerAuth(imageName, authType string) (docker.AuthConfiguration, bool) {
	glog.V(3).Infof("Locating docker auth for image %s and type %s", imageName, authType)
	var dockercfgPath string
	if pathForAuthType := os.Getenv(authType); len(pathForAuthType) > 0 {
		dockercfgPath = getDockercfgFile(pathForAuthType)
	} else {
		dockercfgPath = getDockercfgFile("")
	}
	if _, err := os.Stat(dockercfgPath); err != nil {
		glog.V(3).Infof("Problem accessing %s: %v", dockercfgPath, err)
		return docker.AuthConfiguration{}, false
	}
	cfg, err := readDockercfg(dockercfgPath)
	if err != nil {
		glog.Errorf("Reading %s failed: %v", dockercfgPath, err)
		return docker.AuthConfiguration{}, false
	}
	keyring := credentialprovider.BasicDockerKeyring{}
	keyring.Add(cfg)
	authConfs, found := keyring.Lookup(imageName)
	if !found || len(authConfs) == 0 {
		return docker.AuthConfiguration{}, false
	}
	glog.V(3).Infof("Using %s user for Docker authentication for image %s", authConfs[0].Username, imageName)
	return authConfs[0], true
}
Пример #3
0
// GetDockerAuth returns a valid Docker AuthConfiguration entry, and whether it was read
// from the local dockercfg file
func (h *Helper) GetDockerAuth(imageName, authType string) (docker.AuthConfiguration, bool) {
	glog.V(3).Infof("Locating docker auth for image %s and type %s", imageName, authType)
	var dockercfgPath string
	if pathForAuthType := os.Getenv(authType); len(pathForAuthType) > 0 {
		dockercfgPath = GetDockercfgFile(pathForAuthType)
	} else {
		dockercfgPath = GetDockercfgFile("")
	}
	if len(dockercfgPath) == 0 {
		glog.V(3).Infof("Could not locate a docker config file")
		return docker.AuthConfiguration{}, false
	}
	if _, err := os.Stat(dockercfgPath); err != nil {
		glog.V(3).Infof("Problem accessing %s: %v", dockercfgPath, err)
		return docker.AuthConfiguration{}, false
	}

	var cfg credentialprovider.DockerConfig
	var err error
	if strings.HasSuffix(dockercfgPath, kapi.DockerConfigJsonKey) || strings.HasSuffix(dockercfgPath, "config.json") {
		cfg, err = readDockerConfigJson(dockercfgPath)
		if err != nil {
			glog.Errorf("Reading %s failed: %v", dockercfgPath, err)
			return docker.AuthConfiguration{}, false
		}
	} else if strings.HasSuffix(dockercfgPath, kapi.DockerConfigKey) {
		cfg, err = readDockercfg(dockercfgPath)
		if err != nil {
			glog.Errorf("Reading %s failed: %v", dockercfgPath, err)
			return docker.AuthConfiguration{}, false
		}
	}

	keyring := credentialprovider.BasicDockerKeyring{}
	keyring.Add(cfg)
	authConfs, found := keyring.Lookup(imageName)
	if !found || len(authConfs) == 0 {
		return docker.AuthConfiguration{}, false
	}
	glog.V(3).Infof("Using %s user for Docker authentication for image %s", authConfs[0].Username, imageName)
	return docker.AuthConfiguration{
		Username:      authConfs[0].Username,
		Password:      authConfs[0].Password,
		Email:         authConfs[0].Email,
		ServerAddress: authConfs[0].ServerAddress,
	}, true
}
Пример #4
0
//BuildAuthConfiguration constructs a non-standard dockerClient.AuthConfiguration that can be used to communicate with the openshift internal docker registry
func BuildAuthConfiguration(credKey string, oc *CLI) (*dockerClient.AuthConfiguration, error) {
	authCfg := &dockerClient.AuthConfiguration{}
	secretList, err := oc.AdminKubeREST().Secrets(oc.Namespace()).List(kapi.ListOptions{})

	g.By(fmt.Sprintf("get secret list err %v ", err))
	if err == nil {
		for _, secret := range secretList.Items {
			g.By(fmt.Sprintf("secret name %s ", secret.ObjectMeta.Name))
			if strings.Contains(secret.ObjectMeta.Name, "builder-dockercfg") {
				dockercfgToken := secret.Data[".dockercfg"]
				dockercfgTokenJson := string(dockercfgToken)
				g.By(fmt.Sprintf("docker cfg token json %s ", dockercfgTokenJson))

				creds := credentialprovider.DockerConfig{}
				err = gson.Unmarshal(dockercfgToken, &creds)
				g.By(fmt.Sprintf("json unmarshal err %v ", err))
				if err == nil {

					// borrowed from openshift/origin/pkg/build/builder/cmd/dockercfg/cfg.go, but we get the
					// secrets and dockercfg data via `oc` vs. internal use of env vars and local file reading,
					// so we don't use the public methods present there
					keyring := credentialprovider.BasicDockerKeyring{}
					keyring.Add(creds)
					authConfs, found := keyring.Lookup(credKey)
					g.By(fmt.Sprintf("found auth %v with auth cfg len %d ", found, len(authConfs)))
					if !found || len(authConfs) == 0 {
						return authCfg, err
					}
					// have seen this does not get set
					if len(authConfs[0].ServerAddress) == 0 {
						authConfs[0].ServerAddress = credKey
					}
					g.By(fmt.Sprintf("dockercfg with svrAddr %s user %s pass %s email %s ", authConfs[0].ServerAddress, authConfs[0].Username, authConfs[0].Password, authConfs[0].Email))
					c := dockerClient.AuthConfiguration{Username: authConfs[0].Username, ServerAddress: authConfs[0].ServerAddress, Password: authConfs[0].Password}
					return &c, err
				}
			}
		}
	}
	return authCfg, err
}