// Provide implements DockerConfigProvider func (g *containerRegistryProvider) Provide() credentialprovider.DockerConfig { cfg := credentialprovider.DockerConfig{} tokenJsonBlob, err := credentialprovider.ReadUrl(metadataToken, g.Client, metadataHeader) if err != nil { glog.Errorf("while reading access token endpoint: %v", err) return cfg } email, err := credentialprovider.ReadUrl(metadataEmail, g.Client, metadataHeader) if err != nil { glog.Errorf("while reading email endpoint: %v", err) return cfg } var parsedBlob tokenBlob if err := json.Unmarshal([]byte(tokenJsonBlob), &parsedBlob); err != nil { glog.Errorf("while parsing json blob %s: %v", tokenJsonBlob, err) return cfg } entry := credentialprovider.DockerConfigEntry{ Username: "******", Password: parsedBlob.AccessToken, Email: string(email), } // Add our entry for each of the supported container registry URLs for _, k := range containerRegistryUrls { cfg[k] = entry } return cfg }
// Provide implements DockerConfigProvider func (g *dockerConfigUrlKeyProvider) Provide() credentialprovider.DockerConfig { // Read the contents of the google-dockercfg-url key and load a .dockercfg from there if url, err := credentialprovider.ReadUrl(dockerConfigUrlKey, g.Client, metadataHeader); err != nil { glog.Errorf("while reading 'google-dockercfg-url' metadata: %v", err) } else { if strings.HasPrefix(string(url), "http") { if cfg, err := credentialprovider.ReadDockerConfigFileFromUrl(string(url), g.Client, nil); err != nil { glog.Errorf("while reading 'google-dockercfg-url'-specified url: %s, %v", string(url), err) } else { return cfg } } else { // TODO(mattmoor): support reading alternate scheme URLs (e.g. gs:// or s3://) glog.Errorf("Unsupported URL scheme: %s", string(url)) } } return credentialprovider.DockerConfig{} }
// Enabled implements a special metadata-based check, which verifies the // storage scope is available on the GCE VM. func (g *containerRegistryProvider) Enabled() bool { value, err := credentialprovider.ReadUrl(metadataScopes+"?alt=json", g.Client, metadataHeader) if err != nil { return false } var scopes []string if err := json.Unmarshal([]byte(value), &scopes); err != nil { return false } for _, v := range scopes { // cloudPlatformScope implies storage scope. if strings.HasPrefix(v, storageScopePrefix) || strings.HasPrefix(v, cloudPlatformScopePrefix) { return true } } glog.Warningf("Google container registry is disabled, no storage scope is available: %s", value) return false }
// Enabled implements DockerConfigProvider for all of the Google implementations. func (g *metadataProvider) Enabled() bool { _, err := credentialprovider.ReadUrl(metadataUrl, g.Client, metadataHeader) return err == nil }