kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity
moby--moby/auth/auth.go

280 lines
8.1 KiB
Go
Raw Normal View History

added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
package auth
import (
"encoding/base64"
"encoding/json"
Update tests with new cookies for registry
2013-05-28 20:35:10 -04:00
"errors"
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
"fmt"
auth with user agent
2013-08-02 03:30:45 -04:00
"github.com/dotcloud/docker/utils"
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
"io/ioutil"
"net/http"
"os"
Integrate Auth in runtime and make the config file relative to runtime root
2013-03-22 05:19:39 -04:00
"path"
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
"strings"
)
// Where we store the config file
Integrate Auth in runtime and make the config file relative to runtime root
2013-03-22 05:19:39 -04:00
const CONFIGFILE = ".dockercfg"
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
Adding support for nicer URLs to support standalone registry (+ some registry code cleaning)
2013-07-05 15:20:58 -04:00
// Only used for user auth + account creation
Switch json/payload order
2013-07-22 19:16:31 -04:00
const INDEXSERVER = "https://index.docker.io/v1/"
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
Switch json/payload order
2013-07-22 19:16:31 -04:00
//const INDEXSERVER = "https://indexstaging-docker.dotcloud.com/v1/"
Update tests with new cookies for registry
2013-05-28 20:35:10 -04:00
var (
drop/omit
2013-06-04 09:51:12 -04:00
ErrConfigFileMissing = errors.New("The Auth config file is missing")
Update tests with new cookies for registry
2013-05-28 20:35:10 -04:00
)
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
type AuthConfig struct {
Login against private registry To improve the use of docker with a private registry the login command is extended with a parameter for the server address. While implementing i noticed that two problems hindered authentication to a private registry: 1. the resolve of the authentication did not match during push because the looked up key was for example localhost:8080 but the stored one would have been https://localhost:8080 Besides The lookup needs to still work if the https->http fallback is used 2. During pull of an image no authentication is sent, which means all repositories are expected to be private. These points are fixed now. The changes are implemented in a way to be compatible to existing behavior both in the API as also with the private registry. Update: - login does not require the full url any more, you can login to the repository prefix: example: docker logon localhost:8080 Fixed corner corner cases: - When login is done during pull and push the registry endpoint is used and not the central index - When Remote sends a 401 during pull, it is now correctly delegating to CmdLogin - After a Login is done pull and push are using the newly entered login data, and not the previous ones. This one seems to be also broken in master, too. - Auth config is now transfered in a parameter instead of the body when /images/create is called.
2013-09-03 14:45:49 -04:00
Username string `json:"username,omitempty"`
Password string `json:"password,omitempty"`
Auth string `json:"auth"`
Email string `json:"email"`
ServerAddress string `json:"serveraddress,omitempty"`
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
}
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
type ConfigFile struct {
Configs map[string]AuthConfig `json:"configs,omitempty"`
rootPath string
Fix the rootPath for auth
2013-03-22 08:52:13 -04:00
}
Find docker index URL in ENV before using default value. Unit tests for docker pull
2013-05-08 13:21:21 -04:00
func IndexServerAddress() string {
linted names
2013-06-04 14:00:22 -04:00
return INDEXSERVER
Find docker index URL in ENV before using default value. Unit tests for docker pull
2013-05-08 13:21:21 -04:00
}
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
// create a base64 encoded auth string to store in config
move auth to the client WIP
2013-05-30 11:39:43 -04:00
func encodeAuth(authConfig *AuthConfig) string {
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
authStr := authConfig.Username + ":" + authConfig.Password
msg := []byte(authStr)
encoded := make([]byte, base64.StdEncoding.EncodedLen(len(msg)))
base64.StdEncoding.Encode(encoded, msg)
return string(encoded)
}
// decode the auth string
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
func decodeAuth(authStr string) (string, string, error) {
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
decLen := base64.StdEncoding.DecodedLen(len(authStr))
decoded := make([]byte, decLen)
authByte := []byte(authStr)
n, err := base64.StdEncoding.Decode(decoded, authByte)
if err != nil {
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
return "", "", err
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
}
if n > decLen {
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
return "", "", fmt.Errorf("Something went wrong decoding auth config")
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
}
Split auth on first colon
2013-11-29 18:14:36 -05:00
arr := strings.SplitN(string(decoded), ":", 2)
Integrate Auth in runtime and make the config file relative to runtime root
2013-03-22 05:19:39 -04:00
if len(arr) != 2 {
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
return "", "", fmt.Errorf("Invalid auth configuration file")
Integrate Auth in runtime and make the config file relative to runtime root
2013-03-22 05:19:39 -04:00
}
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
password := strings.Trim(arr[1], "\x00")
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
return arr[0], password, nil
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
}
// load up the auth config information and return values
Integrate Auth in runtime and make the config file relative to runtime root
2013-03-22 05:19:39 -04:00
// FIXME: use the internal golang config parser
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
func LoadConfig(rootPath string) (*ConfigFile, error) {
configFile := ConfigFile{Configs: make(map[string]AuthConfig), rootPath: rootPath}
Integrate Auth in runtime and make the config file relative to runtime root
2013-03-22 05:19:39 -04:00
confFile := path.Join(rootPath, CONFIGFILE)
if _, err := os.Stat(confFile); err != nil {
load authConfig only when needed and fix useless WARNING
2013-08-16 10:29:40 -04:00
return &configFile, nil //missing file is not an error
Integrate Auth in runtime and make the config file relative to runtime root
2013-03-22 05:19:39 -04:00
}
b, err := ioutil.ReadFile(confFile)
if err != nil {
prevent crash when .dockercfg not readable
2013-08-14 06:26:18 -04:00
return &configFile, err
Integrate Auth in runtime and make the config file relative to runtime root
2013-03-22 05:19:39 -04:00
}
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
if err := json.Unmarshal(b, &configFile.Configs); err != nil {
arr := strings.Split(string(b), "\n")
if len(arr) < 2 {
load authConfig only when needed and fix useless WARNING
2013-08-16 10:29:40 -04:00
return &configFile, fmt.Errorf("The Auth config file is empty")
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
}
authConfig := AuthConfig{}
origAuth := strings.Split(arr[0], " = ")
fix panic with wrong dockercfg file
2013-09-30 07:07:32 -04:00
if len(origAuth) != 2 {
return &configFile, fmt.Errorf("Invalid Auth config file")
}
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
authConfig.Username, authConfig.Password, err = decodeAuth(origAuth[1])
if err != nil {
load authConfig only when needed and fix useless WARNING
2013-08-16 10:29:40 -04:00
return &configFile, err
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
}
origEmail := strings.Split(arr[1], " = ")
fix panic with wrong dockercfg file
2013-09-30 07:07:32 -04:00
if len(origEmail) != 2 {
return &configFile, fmt.Errorf("Invalid Auth config file")
}
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
authConfig.Email = origEmail[1]
Login against private registry To improve the use of docker with a private registry the login command is extended with a parameter for the server address. While implementing i noticed that two problems hindered authentication to a private registry: 1. the resolve of the authentication did not match during push because the looked up key was for example localhost:8080 but the stored one would have been https://localhost:8080 Besides The lookup needs to still work if the https->http fallback is used 2. During pull of an image no authentication is sent, which means all repositories are expected to be private. These points are fixed now. The changes are implemented in a way to be compatible to existing behavior both in the API as also with the private registry. Update: - login does not require the full url any more, you can login to the repository prefix: example: docker logon localhost:8080 Fixed corner corner cases: - When login is done during pull and push the registry endpoint is used and not the central index - When Remote sends a 401 during pull, it is now correctly delegating to CmdLogin - After a Login is done pull and push are using the newly entered login data, and not the previous ones. This one seems to be also broken in master, too. - Auth config is now transfered in a parameter instead of the body when /images/create is called.
2013-09-03 14:45:49 -04:00
authConfig.ServerAddress = IndexServerAddress()
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
configFile.Configs[IndexServerAddress()] = authConfig
} else {
for k, authConfig := range configFile.Configs {
authConfig.Username, authConfig.Password, err = decodeAuth(authConfig.Auth)
if err != nil {
load authConfig only when needed and fix useless WARNING
2013-08-16 10:29:40 -04:00
return &configFile, err
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
}
fix tests
2013-07-24 08:28:22 -04:00
authConfig.Auth = ""
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
configFile.Configs[k] = authConfig
Login against private registry To improve the use of docker with a private registry the login command is extended with a parameter for the server address. While implementing i noticed that two problems hindered authentication to a private registry: 1. the resolve of the authentication did not match during push because the looked up key was for example localhost:8080 but the stored one would have been https://localhost:8080 Besides The lookup needs to still work if the https->http fallback is used 2. During pull of an image no authentication is sent, which means all repositories are expected to be private. These points are fixed now. The changes are implemented in a way to be compatible to existing behavior both in the API as also with the private registry. Update: - login does not require the full url any more, you can login to the repository prefix: example: docker logon localhost:8080 Fixed corner corner cases: - When login is done during pull and push the registry endpoint is used and not the central index - When Remote sends a 401 during pull, it is now correctly delegating to CmdLogin - After a Login is done pull and push are using the newly entered login data, and not the previous ones. This one seems to be also broken in master, too. - Auth config is now transfered in a parameter instead of the body when /images/create is called.
2013-09-03 14:45:49 -04:00
authConfig.ServerAddress = k
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
}
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
}
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
return &configFile, nil
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
}
// save the auth config
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
func SaveConfig(configFile *ConfigFile) error {
confFile := path.Join(configFile.rootPath, CONFIGFILE)
if len(configFile.Configs) == 0 {
Handled wrong user credentials by re-init the auth file (it was impossible to login after having wrong crendentials)
2013-05-01 19:36:01 -04:00
os.Remove(confFile)
return nil
}
Copy authConfigs on save so data is not modified SaveConfig sets the Username and Password to an empty string on save. A copy of the authConfigs need to be made so that the in memory data is not modified.
2013-07-24 20:35:52 -04:00
configs := make(map[string]AuthConfig, len(configFile.Configs))
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
for k, authConfig := range configFile.Configs {
Copy authConfigs on save so data is not modified SaveConfig sets the Username and Password to an empty string on save. A copy of the authConfigs need to be made so that the in memory data is not modified.
2013-07-24 20:35:52 -04:00
authCopy := authConfig
authCopy.Auth = encodeAuth(&authCopy)
authCopy.Username = ""
authCopy.Password = ""
Login against private registry To improve the use of docker with a private registry the login command is extended with a parameter for the server address. While implementing i noticed that two problems hindered authentication to a private registry: 1. the resolve of the authentication did not match during push because the looked up key was for example localhost:8080 but the stored one would have been https://localhost:8080 Besides The lookup needs to still work if the https->http fallback is used 2. During pull of an image no authentication is sent, which means all repositories are expected to be private. These points are fixed now. The changes are implemented in a way to be compatible to existing behavior both in the API as also with the private registry. Update: - login does not require the full url any more, you can login to the repository prefix: example: docker logon localhost:8080 Fixed corner corner cases: - When login is done during pull and push the registry endpoint is used and not the central index - When Remote sends a 401 during pull, it is now correctly delegating to CmdLogin - After a Login is done pull and push are using the newly entered login data, and not the previous ones. This one seems to be also broken in master, too. - Auth config is now transfered in a parameter instead of the body when /images/create is called.
2013-09-03 14:45:49 -04:00
authCopy.ServerAddress = ""
Copy authConfigs on save so data is not modified SaveConfig sets the Username and Password to an empty string on save. A copy of the authConfigs need to be made so that the in memory data is not modified.
2013-07-24 20:35:52 -04:00
configs[k] = authCopy
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
}
Copy authConfigs on save so data is not modified SaveConfig sets the Username and Password to an empty string on save. A copy of the authConfigs need to be made so that the in memory data is not modified.
2013-07-24 20:35:52 -04:00
b, err := json.Marshal(configs)
change dockercfg to json and support multiple auth remote
2013-07-23 11:04:31 -04:00
if err != nil {
return err
}
err = ioutil.WriteFile(confFile, b, 0600)
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
if err != nil {
return err
}
return nil
}
// try to register/login to the registry server
auth with user agent
2013-08-02 03:30:45 -04:00
func Login(authConfig *AuthConfig, factory *utils.HTTPRequestFactory) (string, error) {
Fixed docker login
2013-04-24 15:15:34 -04:00
client := &http.Client{}
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
reqStatusCode := 0
var status string
var reqBody []byte
Login against private registry To improve the use of docker with a private registry the login command is extended with a parameter for the server address. While implementing i noticed that two problems hindered authentication to a private registry: 1. the resolve of the authentication did not match during push because the looked up key was for example localhost:8080 but the stored one would have been https://localhost:8080 Besides The lookup needs to still work if the https->http fallback is used 2. During pull of an image no authentication is sent, which means all repositories are expected to be private. These points are fixed now. The changes are implemented in a way to be compatible to existing behavior both in the API as also with the private registry. Update: - login does not require the full url any more, you can login to the repository prefix: example: docker logon localhost:8080 Fixed corner corner cases: - When login is done during pull and push the registry endpoint is used and not the central index - When Remote sends a 401 during pull, it is now correctly delegating to CmdLogin - After a Login is done pull and push are using the newly entered login data, and not the previous ones. This one seems to be also broken in master, too. - Auth config is now transfered in a parameter instead of the body when /images/create is called.
2013-09-03 14:45:49 -04:00
serverAddress := authConfig.ServerAddress
if serverAddress == "" {
serverAddress = IndexServerAddress()
}
loginAgainstOfficialIndex := serverAddress == IndexServerAddress()
// to avoid sending the server address to the server it should be removed before marshalled
authCopy := *authConfig
authCopy.ServerAddress = ""
jsonBody, err := json.Marshal(authCopy)
added more debugging/ error catching
2013-03-15 17:41:55 -04:00
if err != nil {
Style changes in auth.Login
2013-04-24 12:11:29 -04:00
return "", fmt.Errorf("Config Error: %s", err)
added more debugging/ error catching
2013-03-15 17:41:55 -04:00
}
Fix for #307
2013-04-02 06:00:21 -04:00
// using `bytes.NewReader(jsonBody)` here causes the server to respond with a 411 status.
b := strings.NewReader(string(jsonBody))
Login against private registry To improve the use of docker with a private registry the login command is extended with a parameter for the server address. While implementing i noticed that two problems hindered authentication to a private registry: 1. the resolve of the authentication did not match during push because the looked up key was for example localhost:8080 but the stored one would have been https://localhost:8080 Besides The lookup needs to still work if the https->http fallback is used 2. During pull of an image no authentication is sent, which means all repositories are expected to be private. These points are fixed now. The changes are implemented in a way to be compatible to existing behavior both in the API as also with the private registry. Update: - login does not require the full url any more, you can login to the repository prefix: example: docker logon localhost:8080 Fixed corner corner cases: - When login is done during pull and push the registry endpoint is used and not the central index - When Remote sends a 401 during pull, it is now correctly delegating to CmdLogin - After a Login is done pull and push are using the newly entered login data, and not the previous ones. This one seems to be also broken in master, too. - Auth config is now transfered in a parameter instead of the body when /images/create is called.
2013-09-03 14:45:49 -04:00
req1, err := http.Post(serverAddress+"users/", "application/json; charset=utf-8", b)
cleaned up the code a little
2013-03-14 21:43:02 -04:00
if err != nil {
Style changes in auth.Login
2013-04-24 12:11:29 -04:00
return "", fmt.Errorf("Server Error: %s", err)
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
}
cleaned up the code a little
2013-03-14 21:43:02 -04:00
reqStatusCode = req1.StatusCode
added more debugging/ error catching
2013-03-15 17:41:55 -04:00
defer req1.Body.Close()
reqBody, err = ioutil.ReadAll(req1.Body)
if err != nil {
Style changes in auth.Login
2013-04-24 12:11:29 -04:00
return "", fmt.Errorf("Server Error: [%#v] %s", reqStatusCode, err)
added more debugging/ error catching
2013-03-15 17:41:55 -04:00
}
cleaned up the code a little
2013-03-14 21:43:02 -04:00
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
if reqStatusCode == 201 {
Login against private registry To improve the use of docker with a private registry the login command is extended with a parameter for the server address. While implementing i noticed that two problems hindered authentication to a private registry: 1. the resolve of the authentication did not match during push because the looked up key was for example localhost:8080 but the stored one would have been https://localhost:8080 Besides The lookup needs to still work if the https->http fallback is used 2. During pull of an image no authentication is sent, which means all repositories are expected to be private. These points are fixed now. The changes are implemented in a way to be compatible to existing behavior both in the API as also with the private registry. Update: - login does not require the full url any more, you can login to the repository prefix: example: docker logon localhost:8080 Fixed corner corner cases: - When login is done during pull and push the registry endpoint is used and not the central index - When Remote sends a 401 during pull, it is now correctly delegating to CmdLogin - After a Login is done pull and push are using the newly entered login data, and not the previous ones. This one seems to be also broken in master, too. - Auth config is now transfered in a parameter instead of the body when /images/create is called.
2013-09-03 14:45:49 -04:00
if loginAgainstOfficialIndex {
status = "Account created. Please use the confirmation link we sent" +
" to your e-mail to activate it."
} else {
status = "Account created. Please see the documentation of the registry " + serverAddress + " for instructions how to activate it."
}
Fixed some login quirks
2013-05-01 16:41:58 -04:00
} else if reqStatusCode == 403 {
Login against private registry To improve the use of docker with a private registry the login command is extended with a parameter for the server address. While implementing i noticed that two problems hindered authentication to a private registry: 1. the resolve of the authentication did not match during push because the looked up key was for example localhost:8080 but the stored one would have been https://localhost:8080 Besides The lookup needs to still work if the https->http fallback is used 2. During pull of an image no authentication is sent, which means all repositories are expected to be private. These points are fixed now. The changes are implemented in a way to be compatible to existing behavior both in the API as also with the private registry. Update: - login does not require the full url any more, you can login to the repository prefix: example: docker logon localhost:8080 Fixed corner corner cases: - When login is done during pull and push the registry endpoint is used and not the central index - When Remote sends a 401 during pull, it is now correctly delegating to CmdLogin - After a Login is done pull and push are using the newly entered login data, and not the previous ones. This one seems to be also broken in master, too. - Auth config is now transfered in a parameter instead of the body when /images/create is called.
2013-09-03 14:45:49 -04:00
if loginAgainstOfficialIndex {
return "", fmt.Errorf("Login: Your account hasn't been activated. " +
"Please check your e-mail for a confirmation link.")
}
Lintify code with confidence=1
2013-11-18 18:35:56 -05:00
return "", fmt.Errorf("Login: Your account hasn't been activated. " +
"Please see the documentation of the registry " + serverAddress + " for instructions how to activate it.")
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
} else if reqStatusCode == 400 {
Fixed typo in 'username or email already exists'
2013-05-01 12:06:17 -04:00
if string(reqBody) == "\"Username or email already exists\"" {
Login against private registry To improve the use of docker with a private registry the login command is extended with a parameter for the server address. While implementing i noticed that two problems hindered authentication to a private registry: 1. the resolve of the authentication did not match during push because the looked up key was for example localhost:8080 but the stored one would have been https://localhost:8080 Besides The lookup needs to still work if the https->http fallback is used 2. During pull of an image no authentication is sent, which means all repositories are expected to be private. These points are fixed now. The changes are implemented in a way to be compatible to existing behavior both in the API as also with the private registry. Update: - login does not require the full url any more, you can login to the repository prefix: example: docker logon localhost:8080 Fixed corner corner cases: - When login is done during pull and push the registry endpoint is used and not the central index - When Remote sends a 401 during pull, it is now correctly delegating to CmdLogin - After a Login is done pull and push are using the newly entered login data, and not the previous ones. This one seems to be also broken in master, too. - Auth config is now transfered in a parameter instead of the body when /images/create is called.
2013-09-03 14:45:49 -04:00
req, err := factory.NewRequest("GET", serverAddress+"users/", nil)
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
req.SetBasicAuth(authConfig.Username, authConfig.Password)
resp, err := client.Do(req)
if err != nil {
return "", err
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
return "", err
}
if resp.StatusCode == 200 {
update docs, remove config file on 401
2013-06-14 09:38:51 -04:00
status = "Login Succeeded"
Handled wrong user credentials by re-init the auth file (it was impossible to login after having wrong crendentials)
2013-05-01 19:36:01 -04:00
} else if resp.StatusCode == 401 {
return "", fmt.Errorf("Wrong login/password, please try again")
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
} else {
Handled wrong user credentials by re-init the auth file (it was impossible to login after having wrong crendentials)
2013-05-01 19:36:01 -04:00
return "", fmt.Errorf("Login: %s (Code: %d; Headers: %s)", body,
resp.StatusCode, resp.Header)
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
}
} else {
Style changes in auth.Login
2013-04-24 12:11:29 -04:00
return "", fmt.Errorf("Registration: %s", reqBody)
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
}
cleaned up the code a little
2013-03-14 21:43:02 -04:00
} else {
Style changes in auth.Login
2013-04-24 12:11:29 -04:00
return "", fmt.Errorf("Unexpected status code [%d] : %s", reqStatusCode, reqBody)
added ability to login/register to the docker registry, via the docker login command
2013-03-14 20:43:59 -04:00
}
return status, nil
}
Login against private registry To improve the use of docker with a private registry the login command is extended with a parameter for the server address. While implementing i noticed that two problems hindered authentication to a private registry: 1. the resolve of the authentication did not match during push because the looked up key was for example localhost:8080 but the stored one would have been https://localhost:8080 Besides The lookup needs to still work if the https->http fallback is used 2. During pull of an image no authentication is sent, which means all repositories are expected to be private. These points are fixed now. The changes are implemented in a way to be compatible to existing behavior both in the API as also with the private registry. Update: - login does not require the full url any more, you can login to the repository prefix: example: docker logon localhost:8080 Fixed corner corner cases: - When login is done during pull and push the registry endpoint is used and not the central index - When Remote sends a 401 during pull, it is now correctly delegating to CmdLogin - After a Login is done pull and push are using the newly entered login data, and not the previous ones. This one seems to be also broken in master, too. - Auth config is now transfered in a parameter instead of the body when /images/create is called.
2013-09-03 14:45:49 -04:00
// this method matches a auth configuration to a server address or a url
func (config *ConfigFile) ResolveAuthConfig(registry string) AuthConfig {
if registry == IndexServerAddress() || len(registry) == 0 {
// default to the index server
return config.Configs[IndexServerAddress()]
}
// if its not the index server there are three cases:
//
// 1. this is a full config url -> it should be used as is
// 2. it could be a full url, but with the wrong protocol
// 3. it can be the hostname optionally with a port
//
// as there is only one auth entry which is fully qualified we need to start
// parsing and matching
Minor spelling correction of protocoll -> protocol
2013-09-23 23:14:42 -04:00
swapProtocol := func(url string) string {
Login against private registry To improve the use of docker with a private registry the login command is extended with a parameter for the server address. While implementing i noticed that two problems hindered authentication to a private registry: 1. the resolve of the authentication did not match during push because the looked up key was for example localhost:8080 but the stored one would have been https://localhost:8080 Besides The lookup needs to still work if the https->http fallback is used 2. During pull of an image no authentication is sent, which means all repositories are expected to be private. These points are fixed now. The changes are implemented in a way to be compatible to existing behavior both in the API as also with the private registry. Update: - login does not require the full url any more, you can login to the repository prefix: example: docker logon localhost:8080 Fixed corner corner cases: - When login is done during pull and push the registry endpoint is used and not the central index - When Remote sends a 401 during pull, it is now correctly delegating to CmdLogin - After a Login is done pull and push are using the newly entered login data, and not the previous ones. This one seems to be also broken in master, too. - Auth config is now transfered in a parameter instead of the body when /images/create is called.
2013-09-03 14:45:49 -04:00
if strings.HasPrefix(url, "http:") {
return strings.Replace(url, "http:", "https:", 1)
}
if strings.HasPrefix(url, "https:") {
return strings.Replace(url, "https:", "http:", 1)
}
return url
}
resolveIgnoringProtocol := func(url string) AuthConfig {
if c, found := config.Configs[url]; found {
return c
}
Minor spelling correction of protocoll -> protocol
2013-09-23 23:14:42 -04:00
registrySwappedProtocol := swapProtocol(url)
Login against private registry To improve the use of docker with a private registry the login command is extended with a parameter for the server address. While implementing i noticed that two problems hindered authentication to a private registry: 1. the resolve of the authentication did not match during push because the looked up key was for example localhost:8080 but the stored one would have been https://localhost:8080 Besides The lookup needs to still work if the https->http fallback is used 2. During pull of an image no authentication is sent, which means all repositories are expected to be private. These points are fixed now. The changes are implemented in a way to be compatible to existing behavior both in the API as also with the private registry. Update: - login does not require the full url any more, you can login to the repository prefix: example: docker logon localhost:8080 Fixed corner corner cases: - When login is done during pull and push the registry endpoint is used and not the central index - When Remote sends a 401 during pull, it is now correctly delegating to CmdLogin - After a Login is done pull and push are using the newly entered login data, and not the previous ones. This one seems to be also broken in master, too. - Auth config is now transfered in a parameter instead of the body when /images/create is called.
2013-09-03 14:45:49 -04:00
// now try to match with the different protocol
Minor spelling correction of protocoll -> protocol
2013-09-23 23:14:42 -04:00
if c, found := config.Configs[registrySwappedProtocol]; found {
Login against private registry To improve the use of docker with a private registry the login command is extended with a parameter for the server address. While implementing i noticed that two problems hindered authentication to a private registry: 1. the resolve of the authentication did not match during push because the looked up key was for example localhost:8080 but the stored one would have been https://localhost:8080 Besides The lookup needs to still work if the https->http fallback is used 2. During pull of an image no authentication is sent, which means all repositories are expected to be private. These points are fixed now. The changes are implemented in a way to be compatible to existing behavior both in the API as also with the private registry. Update: - login does not require the full url any more, you can login to the repository prefix: example: docker logon localhost:8080 Fixed corner corner cases: - When login is done during pull and push the registry endpoint is used and not the central index - When Remote sends a 401 during pull, it is now correctly delegating to CmdLogin - After a Login is done pull and push are using the newly entered login data, and not the previous ones. This one seems to be also broken in master, too. - Auth config is now transfered in a parameter instead of the body when /images/create is called.
2013-09-03 14:45:49 -04:00
return c
}
return AuthConfig{}
}
// match both protocols as it could also be a server name like httpfoo
if strings.HasPrefix(registry, "http:") || strings.HasPrefix(registry, "https:") {
return resolveIgnoringProtocol(registry)
}
url := "https://" + registry
if !strings.Contains(registry, "/") {
url = url + "/v1/"
}
return resolveIgnoringProtocol(url)
}
Copy permalink