Documentation

Overview

    Package credentialprovider supplies interfaces and implementations for docker registry providers to expose their authentication scheme.

    Index

    Constants

    This section is empty.

    Variables

    This section is empty.

    Functions

    func DefaultDockerConfigJSONPaths

    func DefaultDockerConfigJSONPaths() []string

      DefaultDockerConfigJSONPaths returns default search paths of .docker/config.json

      func DefaultDockercfgPaths

      func DefaultDockercfgPaths() []string

        DefaultDockercfgPaths returns default search paths of .dockercfg

        func GetPreferredDockercfgPath

        func GetPreferredDockercfgPath() string

          GetPreferredDockercfgPath get preferred docker config path

          func ParseSchemelessURL

          func ParseSchemelessURL(schemelessURL string) (*url.URL, error)

            ParseSchemelessURL parses a schemeless url and returns a url.URL url.Parse require a scheme, but ours don't have schemes. Adding a scheme to make url.Parse happy, then clear out the resulting scheme.

            func ReadURL

            func ReadURL(url string, client *http.Client, header *http.Header) (body []byte, err error)

              ReadURL read contents from given url

              func RegisterCredentialProvider

              func RegisterCredentialProvider(name string, provider DockerConfigProvider)

                RegisterCredentialProvider is called by provider implementations on initialization to register themselves, like so:

                func init() {
                 	RegisterCredentialProvider("name", &myProvider{...})
                }
                

                func SetPreferredDockercfgPath

                func SetPreferredDockercfgPath(path string)

                  SetPreferredDockercfgPath set preferred docker config path

                  func SplitURL

                  func SplitURL(url *url.URL) (parts []string, port string)

                    SplitURL splits the host name into parts, as well as the port

                    func URLsMatch

                    func URLsMatch(globURL *url.URL, targetURL *url.URL) (bool, error)

                      URLsMatch checks whether the given target url matches the glob url, which may have glob wild cards in the host name.

                      Examples:

                      globURL=*.docker.io, targetURL=blah.docker.io => match
                      globURL=*.docker.io, targetURL=not.right.io   => no match
                      

                      Note that we don't support wildcards in ports and paths yet.

                      func URLsMatchStr

                      func URLsMatchStr(glob string, target string) (bool, error)

                        URLsMatchStr is wrapper for URLsMatch, operating on strings instead of URLs.

                        Types

                        type AuthConfig

                        type AuthConfig struct {
                        	Username string `json:"username,omitempty"`
                        	Password string `json:"password,omitempty"`
                        	Auth     string `json:"auth,omitempty"`
                        
                        	// Email is an optional value associated with the username.
                        	// This field is deprecated and will be removed in a later
                        	// version of docker.
                        	Email string `json:"email,omitempty"`
                        
                        	ServerAddress string `json:"serveraddress,omitempty"`
                        
                        	// IdentityToken is used to authenticate the user and get
                        	// an access token for the registry.
                        	IdentityToken string `json:"identitytoken,omitempty"`
                        
                        	// RegistryToken is a bearer token to be sent to a registry
                        	RegistryToken string `json:"registrytoken,omitempty"`
                        }

                          AuthConfig contains authorization information for connecting to a Registry This type mirrors "github.com/docker/docker/api/types.AuthConfig"

                          type BasicDockerKeyring

                          type BasicDockerKeyring struct {
                          	// contains filtered or unexported fields
                          }

                            BasicDockerKeyring is a trivial map-backed implementation of DockerKeyring

                            func (*BasicDockerKeyring) Add

                            func (dk *BasicDockerKeyring) Add(cfg DockerConfig)

                              Add add some docker config in basic docker keyring

                              func (*BasicDockerKeyring) Lookup

                              func (dk *BasicDockerKeyring) Lookup(image string) ([]AuthConfig, bool)

                                Lookup implements the DockerKeyring method for fetching credentials based on image name. Multiple credentials may be returned if there are multiple potentially valid credentials available. This allows for rotation.

                                type CachingDockerConfigProvider

                                type CachingDockerConfigProvider struct {
                                	Provider DockerConfigProvider
                                	Lifetime time.Duration
                                
                                	// ShouldCache is an optional function that returns true if the specific config should be cached.
                                	// If nil, all configs are treated as cacheable.
                                	ShouldCache func(DockerConfig) bool
                                	// contains filtered or unexported fields
                                }

                                  CachingDockerConfigProvider implements DockerConfigProvider by composing with another DockerConfigProvider and caching the DockerConfig it provides for a pre-specified lifetime.

                                  func (*CachingDockerConfigProvider) Enabled

                                  func (d *CachingDockerConfigProvider) Enabled() bool

                                    Enabled implements dockerConfigProvider

                                    func (*CachingDockerConfigProvider) Provide

                                      Provide implements dockerConfigProvider

                                      type DockerConfig

                                      type DockerConfig map[string]DockerConfigEntry

                                        DockerConfig represents the config file used by the docker CLI. This config that represents the credentials that should be used when pulling images from specific image repositories.

                                        func ReadDockerConfigFile

                                        func ReadDockerConfigFile() (cfg DockerConfig, err error)

                                          ReadDockerConfigFile read a docker config file from default path

                                          func ReadDockerConfigFileFromURL

                                          func ReadDockerConfigFileFromURL(url string, client *http.Client, header *http.Header) (cfg DockerConfig, err error)

                                            ReadDockerConfigFileFromURL read a docker config file from the given url

                                            func ReadDockerConfigJSONFile

                                            func ReadDockerConfigJSONFile(searchPaths []string) (cfg DockerConfig, err error)

                                              ReadDockerConfigJSONFile attempts to read a docker config.json file from the given paths. if searchPaths is empty, the default paths are used.

                                              func ReadDockercfgFile

                                              func ReadDockercfgFile(searchPaths []string) (cfg DockerConfig, err error)

                                                ReadDockercfgFile attempts to read a legacy dockercfg file from the given paths. if searchPaths is empty, the default paths are used.

                                                func ReadSpecificDockerConfigJSONFile

                                                func ReadSpecificDockerConfigJSONFile(filePath string) (cfg DockerConfig, err error)

                                                  ReadSpecificDockerConfigJSONFile attempts to read docker configJSON from a given file path.

                                                  type DockerConfigEntry

                                                  type DockerConfigEntry struct {
                                                  	Username string
                                                  	Password string
                                                  	Email    string
                                                  	Provider DockerConfigProvider
                                                  }

                                                    DockerConfigEntry wraps a docker config as a entry

                                                    func (DockerConfigEntry) MarshalJSON

                                                    func (ident DockerConfigEntry) MarshalJSON() ([]byte, error)

                                                      MarshalJSON implements the json.Marshaler interface.

                                                      func (*DockerConfigEntry) UnmarshalJSON

                                                      func (ident *DockerConfigEntry) UnmarshalJSON(data []byte) error

                                                        UnmarshalJSON implements the json.Unmarshaler interface.

                                                        type DockerConfigJSON

                                                        type DockerConfigJSON struct {
                                                        	Auths DockerConfig `json:"auths"`
                                                        	// +optional
                                                        	HTTPHeaders map[string]string `json:"HttpHeaders,omitempty"`
                                                        }

                                                          DockerConfigJSON represents ~/.docker/config.json file info see https://github.com/docker/docker/pull/12009

                                                          type DockerConfigProvider

                                                          type DockerConfigProvider interface {
                                                          	// Enabled returns true if the config provider is enabled.
                                                          	// Implementations can be blocking - e.g. metadata server unavailable.
                                                          	Enabled() bool
                                                          	// Provide returns docker configuration.
                                                          	// Implementations can be blocking - e.g. metadata server unavailable.
                                                          	// The image is passed in as context in the event that the
                                                          	// implementation depends on information in the image name to return
                                                          	// credentials; implementations are safe to ignore the image.
                                                          	Provide(image string) DockerConfig
                                                          }

                                                            DockerConfigProvider is the interface that registered extensions implement to materialize 'dockercfg' credentials.

                                                            type DockerKeyring

                                                            type DockerKeyring interface {
                                                            	Lookup(image string) ([]AuthConfig, bool)
                                                            }

                                                              DockerKeyring tracks a set of docker registry credentials, maintaining a reverse index across the registry endpoints. A registry endpoint is made up of a host (e.g. registry.example.com), but it may also contain a path (e.g. registry.example.com/foo) This index is important for two reasons: - registry endpoints may overlap, and when this happens we must find the

                                                              most specific match for a given image
                                                              

                                                              - iterating a map does not yield predictable results

                                                              func NewDockerKeyring

                                                              func NewDockerKeyring() DockerKeyring

                                                                NewDockerKeyring creates a DockerKeyring to use for resolving credentials, which draws from the set of registered credential providers.

                                                                type FakeKeyring

                                                                type FakeKeyring struct {
                                                                	// contains filtered or unexported fields
                                                                }

                                                                  FakeKeyring a fake config credentials

                                                                  func (*FakeKeyring) Lookup

                                                                  func (f *FakeKeyring) Lookup(image string) ([]AuthConfig, bool)

                                                                    Lookup implements the DockerKeyring method for fetching credentials based on image name return fake auth and ok

                                                                    type HTTPError

                                                                    type HTTPError struct {
                                                                    	StatusCode int
                                                                    	URL        string
                                                                    }

                                                                      HTTPError wraps a non-StatusOK error code as an error.

                                                                      func (*HTTPError) Error

                                                                      func (he *HTTPError) Error() string

                                                                        Error implements error

                                                                        type UnionDockerKeyring

                                                                        type UnionDockerKeyring []DockerKeyring

                                                                          UnionDockerKeyring delegates to a set of keyrings.

                                                                          func (UnionDockerKeyring) Lookup

                                                                          func (k UnionDockerKeyring) Lookup(image string) ([]AuthConfig, bool)

                                                                            Lookup implements the DockerKeyring method for fetching credentials based on image name. return each credentials

                                                                            Directories

                                                                            Path Synopsis
                                                                            Package gcp contains implementations of DockerConfigProvider for Google Cloud Platform.
                                                                            Package gcp contains implementations of DockerConfigProvider for Google Cloud Platform.