]>
Commit | Line | Data |
---|---|---|
9b12e4fe JC |
1 | // Copyright 2015 go-dockerclient authors. All rights reserved. |
2 | // Use of this source code is governed by a BSD-style | |
3 | // license that can be found in the LICENSE file. | |
4 | ||
5 | package docker | |
6 | ||
7 | import ( | |
8 | "bytes" | |
9 | "encoding/base64" | |
10 | "encoding/json" | |
11 | "errors" | |
12 | "fmt" | |
13 | "io" | |
14 | "io/ioutil" | |
15 | "os" | |
16 | "path" | |
17 | "strings" | |
18 | ) | |
19 | ||
20 | // ErrCannotParseDockercfg is the error returned by NewAuthConfigurations when the dockercfg cannot be parsed. | |
21 | var ErrCannotParseDockercfg = errors.New("Failed to read authentication from dockercfg") | |
22 | ||
23 | // AuthConfiguration represents authentication options to use in the PushImage | |
24 | // method. It represents the authentication in the Docker index server. | |
25 | type AuthConfiguration struct { | |
26 | Username string `json:"username,omitempty"` | |
27 | Password string `json:"password,omitempty"` | |
28 | Email string `json:"email,omitempty"` | |
29 | ServerAddress string `json:"serveraddress,omitempty"` | |
30 | } | |
31 | ||
32 | // AuthConfigurations represents authentication options to use for the | |
33 | // PushImage method accommodating the new X-Registry-Config header | |
34 | type AuthConfigurations struct { | |
35 | Configs map[string]AuthConfiguration `json:"configs"` | |
36 | } | |
37 | ||
38 | // AuthConfigurations119 is used to serialize a set of AuthConfigurations | |
39 | // for Docker API >= 1.19. | |
40 | type AuthConfigurations119 map[string]AuthConfiguration | |
41 | ||
42 | // dockerConfig represents a registry authentation configuration from the | |
43 | // .dockercfg file. | |
44 | type dockerConfig struct { | |
45 | Auth string `json:"auth"` | |
46 | Email string `json:"email"` | |
47 | } | |
48 | ||
49 | // NewAuthConfigurationsFromDockerCfg returns AuthConfigurations from the | |
50 | // ~/.dockercfg file. | |
51 | func NewAuthConfigurationsFromDockerCfg() (*AuthConfigurations, error) { | |
52 | var r io.Reader | |
53 | var err error | |
54 | p := path.Join(os.Getenv("HOME"), ".docker", "config.json") | |
55 | r, err = os.Open(p) | |
56 | if err != nil { | |
57 | p := path.Join(os.Getenv("HOME"), ".dockercfg") | |
58 | r, err = os.Open(p) | |
59 | if err != nil { | |
60 | return nil, err | |
61 | } | |
62 | } | |
63 | return NewAuthConfigurations(r) | |
64 | } | |
65 | ||
66 | // NewAuthConfigurations returns AuthConfigurations from a JSON encoded string in the | |
67 | // same format as the .dockercfg file. | |
68 | func NewAuthConfigurations(r io.Reader) (*AuthConfigurations, error) { | |
69 | var auth *AuthConfigurations | |
70 | confs, err := parseDockerConfig(r) | |
71 | if err != nil { | |
72 | return nil, err | |
73 | } | |
74 | auth, err = authConfigs(confs) | |
75 | if err != nil { | |
76 | return nil, err | |
77 | } | |
78 | return auth, nil | |
79 | } | |
80 | ||
81 | func parseDockerConfig(r io.Reader) (map[string]dockerConfig, error) { | |
82 | buf := new(bytes.Buffer) | |
83 | buf.ReadFrom(r) | |
84 | byteData := buf.Bytes() | |
85 | ||
86 | confsWrapper := struct { | |
87 | Auths map[string]dockerConfig `json:"auths"` | |
88 | }{} | |
89 | if err := json.Unmarshal(byteData, &confsWrapper); err == nil { | |
90 | if len(confsWrapper.Auths) > 0 { | |
91 | return confsWrapper.Auths, nil | |
92 | } | |
93 | } | |
94 | ||
95 | var confs map[string]dockerConfig | |
96 | if err := json.Unmarshal(byteData, &confs); err != nil { | |
97 | return nil, err | |
98 | } | |
99 | return confs, nil | |
100 | } | |
101 | ||
102 | // authConfigs converts a dockerConfigs map to a AuthConfigurations object. | |
103 | func authConfigs(confs map[string]dockerConfig) (*AuthConfigurations, error) { | |
104 | c := &AuthConfigurations{ | |
105 | Configs: make(map[string]AuthConfiguration), | |
106 | } | |
107 | for reg, conf := range confs { | |
108 | data, err := base64.StdEncoding.DecodeString(conf.Auth) | |
109 | if err != nil { | |
110 | return nil, err | |
111 | } | |
112 | userpass := strings.SplitN(string(data), ":", 2) | |
113 | if len(userpass) != 2 { | |
114 | return nil, ErrCannotParseDockercfg | |
115 | } | |
116 | c.Configs[reg] = AuthConfiguration{ | |
117 | Email: conf.Email, | |
118 | Username: userpass[0], | |
119 | Password: userpass[1], | |
120 | ServerAddress: reg, | |
121 | } | |
122 | } | |
123 | return c, nil | |
124 | } | |
125 | ||
126 | // AuthStatus returns the authentication status for Docker API versions >= 1.23. | |
127 | type AuthStatus struct { | |
128 | Status string `json:"Status,omitempty" yaml:"Status,omitempty"` | |
129 | IdentityToken string `json:"IdentityToken,omitempty" yaml:"IdentityToken,omitempty"` | |
130 | } | |
131 | ||
132 | // AuthCheck validates the given credentials. It returns nil if successful. | |
133 | // | |
134 | // For Docker API versions >= 1.23, the AuthStatus struct will be populated, otherwise it will be empty.` | |
135 | // | |
136 | // See https://goo.gl/6nsZkH for more details. | |
137 | func (c *Client) AuthCheck(conf *AuthConfiguration) (AuthStatus, error) { | |
138 | var authStatus AuthStatus | |
139 | if conf == nil { | |
140 | return authStatus, fmt.Errorf("conf is nil") | |
141 | } | |
142 | resp, err := c.do("POST", "/auth", doOptions{data: conf}) | |
143 | if err != nil { | |
144 | return authStatus, err | |
145 | } | |
146 | defer resp.Body.Close() | |
147 | data, err := ioutil.ReadAll(resp.Body) | |
148 | if err != nil { | |
149 | return authStatus, err | |
150 | } | |
151 | if len(data) == 0 { | |
152 | return authStatus, nil | |
153 | } | |
154 | if err := json.Unmarshal(data, &authStatus); err != nil { | |
155 | return authStatus, err | |
156 | } | |
157 | return authStatus, nil | |
158 | } |