mirror of
https://github.com/containrrr/watchtower.git
synced 2024-12-12 09:04:17 +02:00
Support loading authentication credentials from Docker config file
This commit is contained in:
parent
79320bb4b6
commit
dad5d58339
@ -39,12 +39,13 @@ docker run -d \
|
||||
centurylink/watchtower
|
||||
```
|
||||
|
||||
If pulling images from a private Docker registry, supply any authentication credentials with the environment variables `REPO_USER` and `REPO_PASS`.
|
||||
If pulling images from private Docker registries, supply registry authentication credentials with the environment variables `REPO_USER` and `REPO_PASS`
|
||||
or by mounting the host's docker config file into the container (at the root of the container filesystem `/`).
|
||||
|
||||
```
|
||||
docker run -d \
|
||||
--name watchtower \
|
||||
-e REPO_USER="<username>" -e REPO_PASS="<password>" \
|
||||
-v /home/<user>/.docker/config.json:/config.json \
|
||||
-v /var/run/docker.sock:/var/run/docker.sock \
|
||||
drud/watchtower container_to_watch --debug
|
||||
```
|
||||
|
@ -147,10 +147,13 @@ func (client dockerClient) IsContainerStale(c Container) (bool, error) {
|
||||
log.Debugf("Pulling %s for %s", imageName, c.Name())
|
||||
|
||||
var opts types.ImagePullOptions // ImagePullOptions can take a RegistryAuth arg to authenticate against a private registry
|
||||
auth, err := EncodedEnvAuth(imageName)
|
||||
auth, err := EncodedAuth(imageName)
|
||||
if err != nil {
|
||||
log.Debug("No authentication credentials found")
|
||||
opts = types.ImagePullOptions{}
|
||||
log.Debugf("Error loading authentication credentials %s", err)
|
||||
return false, err
|
||||
} else if auth == "" {
|
||||
log.Debugf("No authentication credentials found for %s", imageName)
|
||||
opts = types.ImagePullOptions{} // empty/no auth credentials
|
||||
} else {
|
||||
opts = types.ImagePullOptions{RegistryAuth: auth, PrivilegeFunc: DefaultAuthHandler}
|
||||
}
|
||||
|
@ -8,13 +8,28 @@ import (
|
||||
"github.com/docker/docker/api/types"
|
||||
"github.com/docker/docker/api/types/reference"
|
||||
"github.com/docker/docker/cli/command"
|
||||
"github.com/docker/docker/cliconfig"
|
||||
"github.com/docker/docker/cliconfig/configfile"
|
||||
"github.com/docker/docker/cliconfig/credentials"
|
||||
)
|
||||
|
||||
/**
|
||||
* Return an encoded auth config for the given registry
|
||||
* loaded from environment variables or docker config
|
||||
* as available in that order
|
||||
*/
|
||||
func EncodedAuth(ref string) (string, error) {
|
||||
auth, err := EncodedEnvAuth(ref)
|
||||
if err != nil {
|
||||
auth, err = EncodedConfigAuth(ref)
|
||||
}
|
||||
return auth, err
|
||||
}
|
||||
|
||||
/*
|
||||
* Return an encoded auth config for the given registry
|
||||
* loaded from environment variables
|
||||
* Returns an error if authentication environment variables have not been set
|
||||
*/
|
||||
func EncodedEnvAuth(ref string) (string, error) {
|
||||
username := os.Getenv("REPO_USER")
|
||||
@ -34,17 +49,27 @@ func EncodedEnvAuth(ref string) (string, error) {
|
||||
/*
|
||||
* Return an encoded auth config for the given registry
|
||||
* loaded from the docker config
|
||||
* Returns an empty string if credentials cannot be found for the referenced server
|
||||
* The docker config must be mounted on the container
|
||||
*/
|
||||
func EncodedConfigAuth(ref string) (string, error) {
|
||||
server, err := ParseServerAddress(ref)
|
||||
configFile := command.LoadDefaultConfigFile(log.StandardLogger().Out)
|
||||
credStore := CredentialsStore(*configFile)
|
||||
auth, err := credStore.Get(server)
|
||||
configDir := os.Getenv("DOCKER_CONFIG")
|
||||
if configDir == "" {
|
||||
configDir = "/"
|
||||
}
|
||||
configFile, err := cliconfig.Load(configDir)
|
||||
if err != nil {
|
||||
log.Errorf("Unable to find default config file %s", err)
|
||||
return "", err
|
||||
}
|
||||
log.Debugf("Loaded auth credentials %s from Docker config for reference %s", auth, ref)
|
||||
credStore := CredentialsStore(*configFile)
|
||||
auth, err := credStore.Get(server) // returns (types.AuthConfig{}) if server not in credStore
|
||||
if auth == (types.AuthConfig{}) {
|
||||
log.Debugf("No credentials for %s in %s", server, configFile.Filename)
|
||||
return "", nil
|
||||
}
|
||||
log.Debugf("Loaded auth credentials %s from %s", auth, configFile.Filename)
|
||||
return EncodeAuth(auth)
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user