-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathauth.go
129 lines (111 loc) · 5.15 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
package meli
import (
"encoding/base64"
"encoding/json"
"io/ioutil"
"os/user"
"runtime"
"strings"
"sync"
"github.com/docker/docker-credential-helpers/client"
)
// AuthInfo stores a users' docker registry/hub info
var AuthInfo sync.Map
func useCredStore(server string) (string, string) {
// this program is usually installed by docker(i think)
prog := "docker-credential-secretservice"
goos := runtime.GOOS
// TODO: handle other Oses or just fail with an error if we encounter an OS that we do not know.
if goos == "windows" {
prog = "docker-credential-wincred"
} else if goos == "darwin" {
prog = "docker-credential-osxkeychain"
}
programfunc := client.NewShellProgramFunc(prog)
cred, err := client.Get(programfunc, server)
if err != nil {
return "", ""
}
return cred.Username, cred.Secret
}
// LoadAuth loads a users' docker registry/hub info into AuthInfo
func LoadAuth() {
usr, err := user.Current()
if err != nil {
AuthInfo.Store("quay", map[string]string{"registryURL": "", "username": "", "password": ""})
AuthInfo.Store("dockerhub", map[string]string{"registryURL": "", "username": "", "password": ""})
return
}
// TODO: the config can be in many places
// try to find them and use them; https://github.com/docker/docker-py/blob/e9fab1432b974ceaa888b371e382dfcf2f6556e4/docker/auth.py#L269
dockerAuth, err := ioutil.ReadFile(usr.HomeDir + "/.docker/config.json")
if err != nil {
// we'll just try accessing the public access docker hubs/quay
AuthInfo.Store("quay", map[string]string{"registryURL": "", "username": "", "password": ""})
AuthInfo.Store("dockerhub", map[string]string{"registryURL": "", "username": "", "password": ""})
return
}
type AuthData struct {
Auths map[string]map[string]string `json:"auths,omitempty"`
CredsStore string `json:"credsStore,omitempty"`
}
data := &AuthData{}
err = json.Unmarshal([]byte(dockerAuth), data)
if err != nil {
AuthInfo.Store("quay", map[string]string{"registryURL": "", "username": "", "password": ""})
AuthInfo.Store("dockerhub", map[string]string{"registryURL": "", "username": "", "password": ""})
return
}
// TODO: we are only checking for dockerHub and quay.io
// registries, we should probably be exhaustive in future.
dockerEncodedAuth := data.Auths["https://index.docker.io/v1/"]["auth"]
dockerRegistryURL := "https://index.docker.io/v1/"
quayEncodedAuth := data.Auths["quay.io"]["auth"]
quayRegistryURL := "quay.io"
if dockerEncodedAuth == "" {
AuthInfo.Store("dockerhub", map[string]string{"registryURL": "", "username": "", "password": ""})
}
if quayEncodedAuth == "" {
AuthInfo.Store("quay", map[string]string{"registryURL": "", "username": "", "password": ""})
}
dockerAuth, err = base64.StdEncoding.DecodeString(dockerEncodedAuth)
if err != nil {
AuthInfo.Store("dockerhub", map[string]string{"registryURL": "", "username": "", "password": ""})
}
quayAuth, err := base64.StdEncoding.DecodeString(quayEncodedAuth)
if err != nil {
AuthInfo.Store("quay", map[string]string{"registryURL": "", "username": "", "password": ""})
}
dockerUsername, dockerPassword, quayUsername, quayPassword := "PLACEHOLDER", "PLACEHOLDER", "PLACEHOLDER", "PLACEHOLDER"
if data.CredsStore != "" {
dockerUsername, dockerPassword = useCredStore(dockerRegistryURL)
quayUsername, quayPassword = useCredStore(quayRegistryURL)
} else {
dockerUserPass := formatRegistryAuth(string(dockerAuth))
quayUserPass := formatRegistryAuth(string(quayAuth))
if len(dockerUserPass) < 2 {
dockerUsername, dockerPassword = "", ""
} else {
dockerUsername = dockerUserPass[0]
dockerPassword = dockerUserPass[1]
}
if len(quayUserPass) < 2 {
quayUsername, quayPassword = "", ""
} else {
quayUsername = quayUserPass[0]
quayPassword = quayUserPass[1]
}
}
dockerStringRegistryAuth := `{"username": "DOCKERUSERNAME", "password": "DOCKERPASSWORD", "email": null, "serveraddress": "DOCKERREGISTRYURL"}`
dockerStringRegistryAuth = strings.Replace(dockerStringRegistryAuth, "DOCKERUSERNAME", dockerUsername, 1)
dockerStringRegistryAuth = strings.Replace(dockerStringRegistryAuth, "DOCKERPASSWORD", dockerPassword, 1)
dockerStringRegistryAuth = strings.Replace(dockerStringRegistryAuth, "DOCKERREGISTRYURL", dockerRegistryURL, 1)
dockerRegistryAuth := base64.URLEncoding.EncodeToString([]byte(dockerStringRegistryAuth))
quayStringRegistryAuth := `{"username": "quayUSERNAME", "password": "quayPASSWORD", "email": null, "serveraddress": "quayREGISTRYURL"}`
quayStringRegistryAuth = strings.Replace(quayStringRegistryAuth, "quayUSERNAME", quayUsername, 1)
quayStringRegistryAuth = strings.Replace(quayStringRegistryAuth, "quayPASSWORD", quayPassword, 1)
quayStringRegistryAuth = strings.Replace(quayStringRegistryAuth, "quayREGISTRYURL", quayRegistryURL, 1)
quayRegistryAuth := base64.URLEncoding.EncodeToString([]byte(quayStringRegistryAuth))
AuthInfo.Store("dockerhub", map[string]string{"registryURL": dockerRegistryURL, "username": dockerUsername, "password": dockerPassword, "RegistryAuth": dockerRegistryAuth})
AuthInfo.Store("quay", map[string]string{"registryURL": quayRegistryURL, "username": quayUsername, "password": quayPassword, "RegistryAuth": quayRegistryAuth})
}