Skip to content

additional authentication files #595

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
vrothberg wants to merge 1 commit into from
Closed

additional authentication files #595

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 19 additions & 3 deletions pkg/docker/config/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,14 @@ func SetAuthentication(sys *types.SystemContext, registry, username, password st
})
}

func additionalAuthFiles(sys *types.SystemContext) []string {
Copy link
Collaborator

@mtrmac mtrmac Mar 8, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don’t quite think there four lines are with a function… it’s three lines in the caller, which already has a paths variable, and we have ~5 lines of overhead with defining the function.

Rather, the full computation of all candidate paths should probably be unified between GetAuthentication and GetUserLoggedIn; it seems a bit unlikely that the existing divergence was intentional (OTOH I haven’t checked the past discussions.)

Copy link
Collaborator

@mtrmac mtrmac Mar 8, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don’t quite think there four lines are with a function

“are worth a function”… macOS autocorrection is infuriating sometimes.

paths := []string{}
if sys != nil && sys.AdditionalAuthFiles != nil && len(sys.AdditionalAuthFiles) > 0 {
paths = append(paths, sys.AdditionalAuthFiles...)
}
return paths
}

// GetAuthentication returns the registry credentials stored in
// either auth.json file or .docker/config.json
// If an entry is not found empty strings are returned for the username and password
Expand All @@ -70,6 +78,8 @@ func GetAuthentication(sys *types.SystemContext, registry string) (string, strin
// Logging the error as a warning instead and moving on to pulling the image
logrus.Warnf("%v: Trying to pull image in the event that it is a public image.", err)
}

paths = append(paths, additionalAuthFiles(sys)...)
paths = append(paths, filepath.Join(homedir.Get(), dockerHomePath), dockerLegacyPath)

for _, path := range paths {
Expand All @@ -93,9 +103,14 @@ func GetUserLoggedIn(sys *types.SystemContext, registry string) (string, error)
if err != nil {
return "", err
}
username, _, _ := findAuthentication(registry, path, false)
if username != "" {
return username, nil
paths := []string{path}
paths = append(paths, additionalAuthFiles(sys)...)

for _, path := range paths {
username, _, _ := findAuthentication(registry, path, false)
if username != "" {
return username, nil
}
}
return "", nil
}
Expand Down Expand Up @@ -253,6 +268,7 @@ func deleteAuthFromCredHelper(credHelper, registry string) error {

// findAuthentication looks for auth of registry in path
func findAuthentication(registry, path string, legacyFormat bool) (string, string, error) {
logrus.Debugf("authentication: trying authfile %q", path)
auths, err := readJSONFile(path, legacyFormat)
if err != nil {
return "", "", errors.Wrapf(err, "error reading JSON file %q", path)
Expand Down
5 changes: 5 additions & 0 deletions types/types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -453,6 +453,11 @@ type SystemContext struct {
SystemRegistriesConfPath string
// If not "", overrides the default path for the authentication file
AuthFilePath string
// Allows to specify additional authentication files that can be used
// during credential lookup. Note that the additional authentication
// files are only used for reading. Only the AuthFilePath can be used
// for storing and removing credentials.
AdditionalAuthFiles []string
// If not "", overrides the use of platform.GOARCH when choosing an image or verifying architecture match.
ArchitectureChoice string
// If not "", overrides the use of platform.GOOS when choosing an image or verifying OS match.
Expand Down