package credentialprovider

import "k8s.io/kubernetes/pkg/credentialprovider"

Package credentialprovider supplies interfaces and implementations for docker registry providers to expose their authentication scheme.

Index ¶

• func DefaultDockerConfigJSONPaths() []string
• func DefaultDockercfgPaths() []string
• func GetPreferredDockercfgPath() string
• func ReadURL(url string, client *http.Client, header *http.Header) (body []byte, err error)
• func RegisterCredentialProvider(name string, provider DockerConfigProvider)
• func SetPreferredDockercfgPath(path string)
• type AuthConfig
• type BasicDockerKeyring
• func (dk *BasicDockerKeyring) Add(cfg DockerConfig)
• func (dk *BasicDockerKeyring) Lookup(image string) ([]AuthConfig, bool)
• type CachingDockerConfigProvider
• func (d *CachingDockerConfigProvider) Enabled() bool
• func (d *CachingDockerConfigProvider) Provide(image string) DockerConfig
• type DockerConfig
• func ReadDockerConfigFile() (cfg DockerConfig, err error)
• func ReadDockerConfigFileFromURL(url string, client *http.Client, header *http.Header) (cfg DockerConfig, err error)
• func ReadDockerConfigJSONFile(searchPaths []string) (cfg DockerConfig, err error)
• func ReadDockercfgFile(searchPaths []string) (cfg DockerConfig, err error)
• func ReadSpecificDockerConfigJSONFile(filePath string) (cfg DockerConfig, err error)
• type DockerConfigEntry
• func (ident DockerConfigEntry) MarshalJSON() ([]byte, error)
• func (ident *DockerConfigEntry) UnmarshalJSON(data []byte) error
• type DockerConfigJSON
• type DockerConfigProvider
• type DockerKeyring
• func NewDockerKeyring() DockerKeyring
• type FakeKeyring
• func (f *FakeKeyring) Lookup(image string) ([]AuthConfig, bool)
• type HTTPError
• func (he *HTTPError) Error() string
• type UnionDockerKeyring
• func (k UnionDockerKeyring) Lookup(image string) ([]AuthConfig, bool)

Package Files ¶

config.go doc.go keyring.go plugins.go provider.go

func DefaultDockerConfigJSONPaths ¶ Uses

func DefaultDockerConfigJSONPaths() []string

DefaultDockerConfigJSONPaths returns default search paths of .docker/config.json

func DefaultDockercfgPaths ¶ Uses

func DefaultDockercfgPaths() []string

DefaultDockercfgPaths returns default search paths of .dockercfg

func GetPreferredDockercfgPath ¶ Uses

func GetPreferredDockercfgPath() string

GetPreferredDockercfgPath get preferred docker config path

func ReadURL ¶ Uses

func ReadURL(url string, client *http.Client, header *http.Header) (body []byte, err error)

ReadURL read contents from given url

func RegisterCredentialProvider ¶ Uses

func RegisterCredentialProvider(name string, provider DockerConfigProvider)

RegisterCredentialProvider is called by provider implementations on initialization to register themselves, like so:

func init() {
 	RegisterCredentialProvider("name", &myProvider{...})
}

func SetPreferredDockercfgPath ¶ Uses

func SetPreferredDockercfgPath(path string)

SetPreferredDockercfgPath set preferred docker config path

type AuthConfig ¶ Uses

type AuthConfig struct {
    Username string `json:"username,omitempty"`
    Password string `json:"password,omitempty"`
    Auth     string `json:"auth,omitempty"`

    // Email is an optional value associated with the username.
    // This field is deprecated and will be removed in a later
    // version of docker.
    Email string `json:"email,omitempty"`

    ServerAddress string `json:"serveraddress,omitempty"`

    // IdentityToken is used to authenticate the user and get
    // an access token for the registry.
    IdentityToken string `json:"identitytoken,omitempty"`

    // RegistryToken is a bearer token to be sent to a registry
    RegistryToken string `json:"registrytoken,omitempty"`
}

AuthConfig contains authorization information for connecting to a Registry This type mirrors "github.com/docker/docker/api/types.AuthConfig"

type BasicDockerKeyring ¶ Uses

type BasicDockerKeyring struct {
    // contains filtered or unexported fields
}

BasicDockerKeyring is a trivial map-backed implementation of DockerKeyring

func (*BasicDockerKeyring) Add ¶ Uses

func (dk *BasicDockerKeyring) Add(cfg DockerConfig)

Add add some docker config in basic docker keyring

func (*BasicDockerKeyring) Lookup ¶ Uses

func (dk *BasicDockerKeyring) Lookup(image string) ([]AuthConfig, bool)

Lookup implements the DockerKeyring method for fetching credentials based on image name. Multiple credentials may be returned if there are multiple potentially valid credentials available. This allows for rotation.

type CachingDockerConfigProvider ¶ Uses

type CachingDockerConfigProvider struct {
    Provider DockerConfigProvider
    Lifetime time.Duration

    // ShouldCache is an optional function that returns true if the specific config should be cached.
    // If nil, all configs are treated as cacheable.
    ShouldCache func(DockerConfig) bool
    // contains filtered or unexported fields
}

CachingDockerConfigProvider implements DockerConfigProvider by composing with another DockerConfigProvider and caching the DockerConfig it provides for a pre-specified lifetime.

func (*CachingDockerConfigProvider) Enabled ¶ Uses

func (d *CachingDockerConfigProvider) Enabled() bool

Enabled implements dockerConfigProvider

func (*CachingDockerConfigProvider) Provide ¶ Uses

func (d *CachingDockerConfigProvider) Provide(image string) DockerConfig

Provide implements dockerConfigProvider

type DockerConfig ¶ Uses

type DockerConfig map[string]DockerConfigEntry

DockerConfig represents the config file used by the docker CLI. This config that represents the credentials that should be used when pulling images from specific image repositories.

func ReadDockerConfigFile ¶ Uses

func ReadDockerConfigFile() (cfg DockerConfig, err error)

ReadDockerConfigFile read a docker config file from default path

func ReadDockerConfigFileFromURL ¶ Uses

func ReadDockerConfigFileFromURL(url string, client *http.Client, header *http.Header) (cfg DockerConfig, err error)

ReadDockerConfigFileFromURL read a docker config file from the given url

func ReadDockerConfigJSONFile ¶ Uses

func ReadDockerConfigJSONFile(searchPaths []string) (cfg DockerConfig, err error)

ReadDockerConfigJSONFile attempts to read a docker config.json file from the given paths. if searchPaths is empty, the default paths are used.

func ReadDockercfgFile ¶ Uses

func ReadDockercfgFile(searchPaths []string) (cfg DockerConfig, err error)

ReadDockercfgFile attempts to read a legacy dockercfg file from the given paths. if searchPaths is empty, the default paths are used.

func ReadSpecificDockerConfigJSONFile ¶ Uses

func ReadSpecificDockerConfigJSONFile(filePath string) (cfg DockerConfig, err error)

ReadSpecificDockerConfigJSONFile attempts to read docker configJSON from a given file path.

type DockerConfigEntry ¶ Uses

type DockerConfigEntry struct {
    Username string
    Password string
    Email    string
    Provider DockerConfigProvider
}

DockerConfigEntry wraps a docker config as a entry

func (DockerConfigEntry) MarshalJSON ¶ Uses

func (ident DockerConfigEntry) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface.

func (*DockerConfigEntry) UnmarshalJSON ¶ Uses

func (ident *DockerConfigEntry) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface.

type DockerConfigJSON ¶ Uses

type DockerConfigJSON struct {
    Auths DockerConfig `json:"auths"`
    // +optional
    HTTPHeaders map[string]string `json:"HttpHeaders,omitempty"`
}

DockerConfigJSON represents ~/.docker/config.json file info see https://github.com/docker/docker/pull/12009

type DockerConfigProvider ¶ Uses

type DockerConfigProvider interface {
    // Enabled returns true if the config provider is enabled.
    // Implementations can be blocking - e.g. metadata server unavailable.
    Enabled() bool
    // Provide returns docker configuration.
    // Implementations can be blocking - e.g. metadata server unavailable.
    // The image is passed in as context in the event that the
    // implementation depends on information in the image name to return
    // credentials; implementations are safe to ignore the image.
    Provide(image string) DockerConfig
}

DockerConfigProvider is the interface that registered extensions implement to materialize 'dockercfg' credentials.

type DockerKeyring ¶ Uses

type DockerKeyring interface {
    Lookup(image string) ([]AuthConfig, bool)
}

DockerKeyring tracks a set of docker registry credentials, maintaining a reverse index across the registry endpoints. A registry endpoint is made up of a host (e.g. registry.example.com), but it may also contain a path (e.g. registry.example.com/foo) This index is important for two reasons: - registry endpoints may overlap, and when this happens we must find the

most specific match for a given image

- iterating a map does not yield predictable results

func NewDockerKeyring ¶ Uses

func NewDockerKeyring() DockerKeyring

NewDockerKeyring creates a DockerKeyring to use for resolving credentials, which draws from the set of registered credential providers.

type FakeKeyring ¶ Uses

type FakeKeyring struct {
    // contains filtered or unexported fields
}

FakeKeyring a fake config credentials

func (*FakeKeyring) Lookup ¶ Uses

func (f *FakeKeyring) Lookup(image string) ([]AuthConfig, bool)

Lookup implements the DockerKeyring method for fetching credentials based on image name return fake auth and ok

type HTTPError ¶ Uses

type HTTPError struct {
    StatusCode int
    URL        string
}

HTTPError wraps a non-StatusOK error code as an error.

func (*HTTPError) Error ¶ Uses

func (he *HTTPError) Error() string

Error implements error

type UnionDockerKeyring ¶ Uses

type UnionDockerKeyring []DockerKeyring

UnionDockerKeyring delegates to a set of keyrings.

func (UnionDockerKeyring) Lookup ¶ Uses

func (k UnionDockerKeyring) Lookup(image string) ([]AuthConfig, bool)

Lookup implements the DockerKeyring method for fetching credentials based on image name. return each credentials

Directories ¶