mirror of
https://github.com/containrrr/watchtower.git
synced 2024-12-15 09:14:13 +02:00
e75236414e
This causes authentication failures on registries that don't match, including public registries. Fallback to no-authentication to handle the case of public registries.
86 lines
2.4 KiB
Go
86 lines
2.4 KiB
Go
package container
|
|
|
|
import (
|
|
"errors"
|
|
"os"
|
|
"strings"
|
|
log "github.com/Sirupsen/logrus"
|
|
"github.com/docker/docker/api/types"
|
|
"github.com/docker/docker/api/types/reference"
|
|
"github.com/docker/docker/cli/command"
|
|
"github.com/docker/docker/cliconfig/configfile"
|
|
"github.com/docker/docker/cliconfig/credentials"
|
|
)
|
|
|
|
/*
|
|
* Return an encoded auth config for the given registry
|
|
* loaded from environment variables
|
|
*/
|
|
func EncodedEnvAuth(ref string) (string, error) {
|
|
username := os.Getenv("REPO_USER")
|
|
password := os.Getenv("REPO_PASS")
|
|
if username != "" && password != "" {
|
|
auth := types.AuthConfig {
|
|
Username: username,
|
|
Password: password,
|
|
}
|
|
log.Debugf("Loaded auth credentials %s for %s", auth, ref)
|
|
return EncodeAuth(auth)
|
|
} else {
|
|
return "", errors.New("Registry auth environment variables (REPO_USER, REPO_PASS) not set")
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Return an encoded auth config for the given registry
|
|
* loaded from the docker config
|
|
* The docker config must be mounted on the container
|
|
*/
|
|
func EncodedConfigAuth(ref string) (string, error) {
|
|
server, err := ParseServerAddress(ref)
|
|
configFile := command.LoadDefaultConfigFile(log.StandardLogger().Out)
|
|
credStore := CredentialsStore(*configFile)
|
|
auth, err := credStore.Get(server)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
log.Debugf("Loaded auth credentials %s from Docker config for reference %s", auth, ref)
|
|
return EncodeAuth(auth)
|
|
}
|
|
|
|
func ParseServerAddress(ref string) (string, error) {
|
|
repository, _, err := reference.Parse(ref)
|
|
if err != nil {
|
|
return ref, err
|
|
}
|
|
parts := strings.Split(repository, "/")
|
|
return parts[0], nil
|
|
|
|
}
|
|
|
|
// CredentialsStore returns a new credentials store based
|
|
// on the settings provided in the configuration file.
|
|
func CredentialsStore(configFile configfile.ConfigFile) credentials.Store {
|
|
if configFile.CredentialsStore != "" {
|
|
return credentials.NewNativeStore(&configFile)
|
|
}
|
|
return credentials.NewFileStore(&configFile)
|
|
}
|
|
|
|
/*
|
|
* Base64 encode an AuthConfig struct for transmission over HTTP
|
|
*/
|
|
func EncodeAuth(auth types.AuthConfig) (string, error) {
|
|
return command.EncodeAuthToBase64(auth)
|
|
}
|
|
|
|
/**
|
|
* This function will be invoked if an AuthConfig is rejected
|
|
* It could be used to return a new value for the "X-Registry-Auth" authentication header,
|
|
* but there's no point trying again with the same value as used in AuthConfig
|
|
*/
|
|
func DefaultAuthHandler() (string, error) {
|
|
log.Debug("Authentication request was rejected. Trying again without authentication")
|
|
return "", nil
|
|
}
|