@ -3,8 +3,6 @@ package command
import (
import (
"bufio"
"bufio"
"context"
"context"
"encoding/base64"
"encoding/json"
"fmt"
"fmt"
"io"
"io"
"os"
"os"
@ -21,20 +19,11 @@ import (
"github.com/pkg/errors"
"github.com/pkg/errors"
)
)
// E lectAuthServer returns the default registry to use .
// E ncodeAuthToBase64 serializes the auth configuration as JSON base64 payload .
//
//
// Deprecated: use [registry.IndexServer] instead.
// Deprecated: use [registrytypes.EncodeAuthConfig] instead.
func ElectAuthServer ( _ context . Context , _ Cli ) string {
func EncodeAuthToBase64 ( authConfig registrytypes . AuthConfig ) ( string , error ) {
return registry . IndexServer
return registrytypes . EncodeAuthConfig ( authConfig )
}
// EncodeAuthToBase64 serializes the auth configuration as JSON base64 payload
func EncodeAuthToBase64 ( authConfig types . AuthConfig ) ( string , error ) {
buf , err := json . Marshal ( authConfig )
if err != nil {
return "" , err
}
return base64 . URLEncoding . EncodeToString ( buf ) , nil
}
}
// RegistryAuthenticationPrivilegedFunc returns a RequestPrivilegeFunc from the specified registry index info
// RegistryAuthenticationPrivilegedFunc returns a RequestPrivilegeFunc from the specified registry index info
@ -52,7 +41,7 @@ func RegistryAuthenticationPrivilegedFunc(cli Cli, index *registrytypes.IndexInf
if err != nil {
if err != nil {
return "" , err
return "" , err
}
}
return EncodeAuthToBase64 ( authConfig )
return registrytypes . EncodeAuthConfig ( authConfig )
}
}
}
}
@ -62,19 +51,19 @@ func RegistryAuthenticationPrivilegedFunc(cli Cli, index *registrytypes.IndexInf
//
//
// It is similar to [registry.ResolveAuthConfig], but uses the credentials-
// It is similar to [registry.ResolveAuthConfig], but uses the credentials-
// store, instead of looking up credentials from a map.
// store, instead of looking up credentials from a map.
func ResolveAuthConfig ( _ context . Context , cli Cli , index * registrytypes . IndexInfo ) types. AuthConfig {
func ResolveAuthConfig ( _ context . Context , cli Cli , index * registrytypes . IndexInfo ) registry types. AuthConfig {
configKey := index . Name
configKey := index . Name
if index . Official {
if index . Official {
configKey = registry . IndexServer
configKey = registry . IndexServer
}
}
a , _ := cli . ConfigFile ( ) . GetAuthConfig ( configKey )
a , _ := cli . ConfigFile ( ) . GetAuthConfig ( configKey )
return types. AuthConfig ( a )
return registry types. AuthConfig ( a )
}
}
// GetDefaultAuthConfig gets the default auth config given a serverAddress
// GetDefaultAuthConfig gets the default auth config given a serverAddress
// If credentials for given serverAddress exists in the credential store, the configuration will be populated with values in it
// If credentials for given serverAddress exists in the credential store, the configuration will be populated with values in it
func GetDefaultAuthConfig ( cli Cli , checkCredStore bool , serverAddress string , isDefaultRegistry bool ) ( types. AuthConfig , error ) {
func GetDefaultAuthConfig ( cli Cli , checkCredStore bool , serverAddress string , isDefaultRegistry bool ) ( registry types. AuthConfig , error ) {
if ! isDefaultRegistry {
if ! isDefaultRegistry {
serverAddress = registry . ConvertToHostname ( serverAddress )
serverAddress = registry . ConvertToHostname ( serverAddress )
}
}
@ -83,20 +72,27 @@ func GetDefaultAuthConfig(cli Cli, checkCredStore bool, serverAddress string, is
if checkCredStore {
if checkCredStore {
authconfig , err = cli . ConfigFile ( ) . GetAuthConfig ( serverAddress )
authconfig , err = cli . ConfigFile ( ) . GetAuthConfig ( serverAddress )
if err != nil {
if err != nil {
return types. AuthConfig {
return registry types. AuthConfig {
ServerAddress : serverAddress ,
ServerAddress : serverAddress ,
} , err
} , err
}
}
}
}
authconfig . ServerAddress = serverAddress
authconfig . ServerAddress = serverAddress
authconfig . IdentityToken = ""
authconfig . IdentityToken = ""
res := types. AuthConfig ( authconfig )
res := registry types. AuthConfig ( authconfig )
return res , nil
return res , nil
}
}
// ConfigureAuth handles prompting of user's username and password if needed
// ConfigureAuth handles prompting of user's username and password if needed
func ConfigureAuth ( cli Cli , flUser , flPassword string , authconfig * types . AuthConfig , isDefaultRegistry bool ) error {
func ConfigureAuth ( cli Cli , flUser , flPassword string , authconfig * registrytypes . AuthConfig , isDefaultRegistry bool ) error {
// On Windows, force the use of the regular OS stdin stream. Fixes #14336/#14210
// On Windows, force the use of the regular OS stdin stream.
//
// See:
// - https://github.com/moby/moby/issues/14336
// - https://github.com/moby/moby/issues/14210
// - https://github.com/moby/moby/pull/17738
//
// TODO(thaJeztah): we need to confirm if this special handling is still needed, as we may not be doing this in other places.
if runtime . GOOS == "windows" {
if runtime . GOOS == "windows" {
cli . SetIn ( streams . NewIn ( os . Stdin ) )
cli . SetIn ( streams . NewIn ( os . Stdin ) )
}
}
@ -120,8 +116,11 @@ func ConfigureAuth(cli Cli, flUser, flPassword string, authconfig *types.AuthCon
fmt . Fprintln ( cli . Out ( ) , "Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one." )
fmt . Fprintln ( cli . Out ( ) , "Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one." )
}
}
promptWithDefault ( cli . Out ( ) , "Username" , authconfig . Username )
promptWithDefault ( cli . Out ( ) , "Username" , authconfig . Username )
flUser = readInput ( cli . In ( ) , cli . Out ( ) )
var err error
flUser = strings . TrimSpace ( flUser )
flUser , err = readInput ( cli . In ( ) )
if err != nil {
return err
}
if flUser == "" {
if flUser == "" {
flUser = authconfig . Username
flUser = authconfig . Username
}
}
@ -135,12 +134,15 @@ func ConfigureAuth(cli Cli, flUser, flPassword string, authconfig *types.AuthCon
return err
return err
}
}
fmt . Fprintf ( cli . Out ( ) , "Password: " )
fmt . Fprintf ( cli . Out ( ) , "Password: " )
term . DisableEcho ( cli . In ( ) . FD ( ) , oldState )
_ = term . DisableEcho ( cli . In ( ) . FD ( ) , oldState )
defer func ( ) {
flPassword = readInput ( cli . In ( ) , cli . Out ( ) )
_ = term . RestoreTerminal ( cli . In ( ) . FD ( ) , oldState )
} ( )
flPassword , err = readInput ( cli . In ( ) )
if err != nil {
return err
}
fmt . Fprint ( cli . Out ( ) , "\n" )
fmt . Fprint ( cli . Out ( ) , "\n" )
term . RestoreTerminal ( cli . In ( ) . FD ( ) , oldState )
if flPassword == "" {
if flPassword == "" {
return errors . Errorf ( "Error: Password Required" )
return errors . Errorf ( "Error: Password Required" )
}
}
@ -152,14 +154,15 @@ func ConfigureAuth(cli Cli, flUser, flPassword string, authconfig *types.AuthCon
return nil
return nil
}
}
func readInput ( in io . Reader , out io . Writer ) string {
// readInput reads, and returns user input from in. It tries to return a
reader := bufio . NewReader ( in )
// single line, not including the end-of-line bytes, and trims leading
line , _ , err := reader . ReadLine ( )
// and trailing whitespace.
func readInput ( in io . Reader ) ( string , error ) {
line , _ , err := bufio . NewReader ( in ) . ReadLine ( )
if err != nil {
if err != nil {
fmt . Fprintln ( out , err . Error ( ) )
return "" , errors . Wrap ( err , "error while reading input" )
os . Exit ( 1 )
}
}
return string ( line )
return strings . TrimSpace ( string ( line ) ) , nil
}
}
func promptWithDefault ( out io . Writer , prompt string , configDefault string ) {
func promptWithDefault ( out io . Writer , prompt string , configDefault string ) {
@ -170,14 +173,19 @@ func promptWithDefault(out io.Writer, prompt string, configDefault string) {
}
}
}
}
// RetrieveAuthTokenFromImage retrieves an encoded auth token given a complete image
// RetrieveAuthTokenFromImage retrieves an encoded auth token given a complete
// image. The auth configuration is serialized as a base64url encoded RFC4648,
// section 5) JSON string for sending through the X-Registry-Auth header.
//
// For details on base64url encoding, see:
// - RFC4648, section 5: https://tools.ietf.org/html/rfc4648#section-5
func RetrieveAuthTokenFromImage ( ctx context . Context , cli Cli , image string ) ( string , error ) {
func RetrieveAuthTokenFromImage ( ctx context . Context , cli Cli , image string ) ( string , error ) {
// Retrieve encoded auth token from the image reference
// Retrieve encoded auth token from the image reference
authConfig , err := resolveAuthConfigFromImage ( ctx , cli , image )
authConfig , err := resolveAuthConfigFromImage ( ctx , cli , image )
if err != nil {
if err != nil {
return "" , err
return "" , err
}
}
encodedAuth , err := EncodeAuthToBase64 ( authConfig )
encodedAuth , err := registrytypes . EncodeAuthConfig ( authConfig )
if err != nil {
if err != nil {
return "" , err
return "" , err
}
}
@ -185,14 +193,14 @@ func RetrieveAuthTokenFromImage(ctx context.Context, cli Cli, image string) (str
}
}
// resolveAuthConfigFromImage retrieves that AuthConfig using the image string
// resolveAuthConfigFromImage retrieves that AuthConfig using the image string
func resolveAuthConfigFromImage ( ctx context . Context , cli Cli , image string ) ( types. AuthConfig , error ) {
func resolveAuthConfigFromImage ( ctx context . Context , cli Cli , image string ) ( registry types. AuthConfig , error ) {
registryRef , err := reference . ParseNormalizedNamed ( image )
registryRef , err := reference . ParseNormalizedNamed ( image )
if err != nil {
if err != nil {
return types. AuthConfig { } , err
return registry types. AuthConfig { } , err
}
}
repoInfo , err := registry . ParseRepositoryInfo ( registryRef )
repoInfo , err := registry . ParseRepositoryInfo ( registryRef )
if err != nil {
if err != nil {
return types. AuthConfig { } , err
return registry types. AuthConfig { } , err
}
}
return ResolveAuthConfig ( ctx , cli , repoInfo . Index ) , nil
return ResolveAuthConfig ( ctx , cli , repoInfo . Index ) , nil
}
}