import "k8s.io/kubernetes/pkg/credentialprovider"
Package credentialprovider supplies interfaces and implementations for docker registry providers to expose their authentication scheme.
config.go doc.go keyring.go plugins.go provider.go
DefaultDockerConfigJSONPaths returns default search paths of .docker/config.json
DefaultDockercfgPaths returns default search paths of .dockercfg
func RegisterCredentialProvider(name string, provider DockerConfigProvider)
RegisterCredentialProvider is called by provider implementations on initialization to register themselves, like so:
func init() {
RegisterCredentialProvider("name", &myProvider{...})
}
type AuthConfig struct {
Username string `json:"username,omitempty"`
Password string `json:"password,omitempty"`
Auth string `json:"auth,omitempty"`
// Email is an optional value associated with the username.
// This field is deprecated and will be removed in a later
// version of docker.
Email string `json:"email,omitempty"`
ServerAddress string `json:"serveraddress,omitempty"`
// IdentityToken is used to authenticate the user and get
// an access token for the registry.
IdentityToken string `json:"identitytoken,omitempty"`
// RegistryToken is a bearer token to be sent to a registry
RegistryToken string `json:"registrytoken,omitempty"`
}AuthConfig contains authorization information for connecting to a Registry This type mirrors "github.com/docker/docker/api/types.AuthConfig"
type BasicDockerKeyring struct {
// contains filtered or unexported fields
}BasicDockerKeyring is a trivial map-backed implementation of DockerKeyring
func (dk *BasicDockerKeyring) Add(cfg DockerConfig)
func (dk *BasicDockerKeyring) Lookup(image string) ([]AuthConfig, bool)
Lookup implements the DockerKeyring method for fetching credentials based on image name. Multiple credentials may be returned if there are multiple potentially valid credentials available. This allows for rotation.
type CachingDockerConfigProvider struct {
Provider DockerConfigProvider
Lifetime time.Duration
// contains filtered or unexported fields
}CachingDockerConfigProvider implements DockerConfigProvider by composing with another DockerConfigProvider and caching the DockerConfig it provides for a pre-specified lifetime.
func (d *CachingDockerConfigProvider) Enabled() bool
Enabled implements dockerConfigProvider
func (d *CachingDockerConfigProvider) Provide(image string) DockerConfig
Provide implements dockerConfigProvider
type DockerConfig map[string]DockerConfigEntry
DockerConfig represents the config file used by the docker CLI. This config that represents the credentials that should be used when pulling images from specific image repositories.
func ReadDockerConfigFile() (cfg DockerConfig, err error)
func ReadDockerConfigFileFromUrl(url string, client *http.Client, header *http.Header) (cfg DockerConfig, err error)
func ReadDockerConfigJSONFile(searchPaths []string) (cfg DockerConfig, err error)
ReadDockerConfigJSONFile attempts to read a docker config.json file from the given paths. if searchPaths is empty, the default paths are used.
func ReadDockercfgFile(searchPaths []string) (cfg DockerConfig, err error)
ReadDockercfgFile attempts to read a legacy dockercfg file from the given paths. if searchPaths is empty, the default paths are used.
func ReadSpecificDockerConfigJsonFile(filePath string) (cfg DockerConfig, err error)
ReadSpecificDockerConfigJsonFile attempts to read docker configJSON from a given file path.
type DockerConfigEntry struct {
Username string
Password string
Email string
Provider DockerConfigProvider
}func (ident DockerConfigEntry) MarshalJSON() ([]byte, error)
func (ident *DockerConfigEntry) UnmarshalJSON(data []byte) error
type DockerConfigJson struct {
Auths DockerConfig `json:"auths"`
// +optional
HttpHeaders map[string]string `json:"HttpHeaders,omitempty"`
}DockerConfigJson represents ~/.docker/config.json file info see https://github.com/docker/docker/pull/12009
type DockerConfigProvider interface {
// Enabled returns true if the config provider is enabled.
// Implementations can be blocking - e.g. metadata server unavailable.
Enabled() bool
// Provide returns docker configuration.
// Implementations can be blocking - e.g. metadata server unavailable.
// The image is passed in as context in the event that the
// implementation depends on information in the image name to return
// credentials; implementations are safe to ignore the image.
Provide(image string) DockerConfig
}DockerConfigProvider is the interface that registered extensions implement to materialize 'dockercfg' credentials.
type DockerKeyring interface {
Lookup(image string) ([]AuthConfig, bool)
}DockerKeyring tracks a set of docker registry credentials, maintaining a reverse index across the registry endpoints. A registry endpoint is made up of a host (e.g. registry.example.com), but it may also contain a path (e.g. registry.example.com/foo) This index is important for two reasons: - registry endpoints may overlap, and when this happens we must find the
most specific match for a given image
- iterating a map does not yield predictable results
func NewDockerKeyring() DockerKeyring
NewDockerKeyring creates a DockerKeyring to use for resolving credentials, which draws from the set of registered credential providers.
type FakeKeyring struct {
// contains filtered or unexported fields
}func (f *FakeKeyring) Lookup(image string) ([]AuthConfig, bool)
HttpError wraps a non-StatusOK error code as an error.
Error implements error
type UnionDockerKeyring []DockerKeyring
UnionDockerKeyring delegates to a set of keyrings.
func (k UnionDockerKeyring) Lookup(image string) ([]AuthConfig, bool)
| Path | Synopsis |
|---|---|
| aws | |
| azure | |
| gcp | Package gcp_credentials contains implementations of DockerConfigProvider for Google Cloud Platform. |
| secrets |
Package credentialprovider imports 18 packages (graph) and is imported by 707 packages. Updated 2019-10-15. Refresh now. Tools for package owners.