Use docker-credential-helpers client to talk with native creds stores.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2022-11-09 12:21:53 -05:00 · 2016-06-04 10:08:22 -07:00 · 2016-06-04 10:08:22 -07:00 · ff3e187cc7
commit ff3e187cc7
parent feab8db60d
3 changed files with 51 additions and 147 deletions
--- a/cliconfig/credentials/native_store.go
+++ b/cliconfig/credentials/native_store.go
@ -1,14 +1,8 @@
 package credentials
 import (
-	"bytes"
+	"github.com/docker/docker-credential-helpers/client"
-	"encoding/json"
+	"github.com/docker/docker-credential-helpers/credentials"
 	"errors"
 	"fmt"
 	"io"
 	"strings"
 	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/cliconfig/configfile"
 	"github.com/docker/engine-api/types"
 )
@ -18,50 +12,27 @@ const (
 	tokenUsername           = "<token>"
 )
 // Standarize the not found error, so every helper returns
 // the same message and docker can handle it properly.
 var errCredentialsNotFound = errors.New("credentials not found in native keychain")
 // command is an interface that remote executed commands implement.
 type command interface {
 	Output() ([]byte, error)
 	Input(in io.Reader)
 }
 // credentialsRequest holds information shared between docker and a remote credential store.
 type credentialsRequest struct {
 	ServerURL string
 	Username  string
 	Secret    string
 }
 // credentialsGetResponse is the information serialized from a remote store
 // when the plugin sends requests to get the user credentials.
 type credentialsGetResponse struct {
 	Username string
 	Secret   string
 }
 // nativeStore implements a credentials store
 // using native keychain to keep credentials secure.
 // It piggybacks into a file store to keep users' emails.
 type nativeStore struct {
-	commandFn func(args ...string) command
+	programFunc client.ProgramFunc
 	fileStore   Store
 }
 // NewNativeStore creates a new native store that
 // uses a remote helper program to manage credentials.
 func NewNativeStore(file *configfile.ConfigFile) Store {
 	name := remoteCredentialsPrefix + file.CredentialsStore
 	return &nativeStore{
-		commandFn: shellCommandFn(file.CredentialsStore),
+		programFunc: client.NewShellProgramFunc(name),
 		fileStore:   NewFileStore(file),
 	}
 }
 // Erase removes the given credentials from the native store.
 func (c *nativeStore) Erase(serverAddress string) error {
-	if err := c.eraseCredentialsFromStore(serverAddress); err != nil {
+	if err := client.Erase(c.programFunc, serverAddress); err != nil {
 		return err
 	}
@ -115,8 +86,7 @@ func (c *nativeStore) Store(authConfig types.AuthConfig) error {
 // storeCredentialsInStore executes the command to store the credentials in the native store.
 func (c *nativeStore) storeCredentialsInStore(config types.AuthConfig) error {
-	cmd := c.commandFn("store")
+	creds := &credentials.Credentials{
 	creds := &credentialsRequest{
 		ServerURL: config.ServerAddress,
 		Username:  config.Username,
 		Secret:    config.Password,
@ -127,70 +97,30 @@ func (c *nativeStore) storeCredentialsInStore(config types.AuthConfig) error {
 		creds.Secret = config.IdentityToken
 	}
-	buffer := new(bytes.Buffer)
+	return client.Store(c.programFunc, creds)
 	if err := json.NewEncoder(buffer).Encode(creds); err != nil {
 		return err
 	}
 	cmd.Input(buffer)
 	out, err := cmd.Output()
 	if err != nil {
 		t := strings.TrimSpace(string(out))
 		logrus.Debugf("error adding credentials - err: %v, out: `%s`", err, t)
 		return fmt.Errorf(t)
 	}
 	return nil
 }
 // getCredentialsFromStore executes the command to get the credentials from the native store.
 func (c *nativeStore) getCredentialsFromStore(serverAddress string) (types.AuthConfig, error) {
 	var ret types.AuthConfig
-	cmd := c.commandFn("get")
+	creds, err := client.Get(c.programFunc, serverAddress)
 	cmd.Input(strings.NewReader(serverAddress))
 	out, err := cmd.Output()
 	if err != nil {
-		t := strings.TrimSpace(string(out))
+		if credentials.IsErrCredentialsNotFound(err) {
 			// do not return an error if the credentials are not
 			// in the keyckain. Let docker ask for new credentials.
 		if t == errCredentialsNotFound.Error() {
 			return ret, nil
 		}
 		logrus.Debugf("error getting credentials - err: %v, out: `%s`", err, t)
 		return ret, fmt.Errorf(t)
 	}
 	var resp credentialsGetResponse
 	if err := json.NewDecoder(bytes.NewReader(out)).Decode(&resp); err != nil {
 		return ret, err
 	}
-	if resp.Username == tokenUsername {
+	if creds.Username == tokenUsername {
-		ret.IdentityToken = resp.Secret
+		ret.IdentityToken = creds.Secret
 	} else {
-		ret.Password = resp.Secret
+		ret.Password = creds.Secret
-		ret.Username = resp.Username
+		ret.Username = creds.Username
 	}
 	ret.ServerAddress = serverAddress
 	return ret, nil
 }
 // eraseCredentialsFromStore executes the command to remove the server credentails from the native store.
 func (c *nativeStore) eraseCredentialsFromStore(serverURL string) error {
 	cmd := c.commandFn("erase")
 	cmd.Input(strings.NewReader(serverURL))
 	out, err := cmd.Output()
 	if err != nil {
 		t := strings.TrimSpace(string(out))
 		logrus.Debugf("error erasing credentials - err: %v, out: `%s`", err, t)
 		return fmt.Errorf(t)
 	}
 	return nil
 }
--- a/cliconfig/credentials/native_store_test.go
+++ b/cliconfig/credentials/native_store_test.go
@ -8,6 +8,8 @@ import (
 	"strings"
 	"testing"
 	"github.com/docker/docker-credential-helpers/client"
 	"github.com/docker/docker-credential-helpers/credentials"
 	"github.com/docker/engine-api/types"
 )
@ -43,7 +45,7 @@ func (m *mockCommand) Output() ([]byte, error) {
 		case validServerAddress:
 			return nil, nil
 		default:
-			return []byte("error erasing credentials"), errCommandExited
+			return []byte("program failed"), errCommandExited
 		}
 	case "get":
 		switch inS {
@ -52,21 +54,21 @@ func (m *mockCommand) Output() ([]byte, error) {
 		case validServerAddress2:
 			return []byte(`{"Username": "<token>", "Secret": "abcd1234"}`), nil
 		case missingCredsAddress:
-			return []byte(errCredentialsNotFound.Error()), errCommandExited
+			return []byte(credentials.NewErrCredentialsNotFound().Error()), errCommandExited
 		case invalidServerAddress:
-			return []byte("error getting credentials"), errCommandExited
+			return []byte("program failed"), errCommandExited
 		}
 	case "store":
-		var c credentialsRequest
+		var c credentials.Credentials
 		err := json.NewDecoder(strings.NewReader(inS)).Decode(&c)
 		if err != nil {
-			return []byte("error storing credentials"), errCommandExited
+			return []byte("program failed"), errCommandExited
 		}
 		switch c.ServerURL {
 		case validServerAddress:
 			return nil, nil
 		default:
-			return []byte("error storing credentials"), errCommandExited
+			return []byte("program failed"), errCommandExited
 		}
 	}
@ -78,7 +80,7 @@ func (m *mockCommand) Input(in io.Reader) {
 	m.input = in
 }
-func mockCommandFn(args ...string) command {
+func mockCommandFn(args ...string) client.Program {
 	return &mockCommand{
 		arg: args[0],
 	}
@ -89,7 +91,7 @@ func TestNativeStoreAddCredentials(t *testing.T) {
 	f.CredentialsStore = "mock"
 	s := &nativeStore{
-		commandFn: mockCommandFn,
+		programFunc: mockCommandFn,
 		fileStore:   NewFileStore(f),
 	}
 	err := s.Store(types.AuthConfig{
@ -133,7 +135,7 @@ func TestNativeStoreAddInvalidCredentials(t *testing.T) {
 	f.CredentialsStore = "mock"
 	s := &nativeStore{
-		commandFn: mockCommandFn,
+		programFunc: mockCommandFn,
 		fileStore:   NewFileStore(f),
 	}
 	err := s.Store(types.AuthConfig{
@ -147,8 +149,8 @@ func TestNativeStoreAddInvalidCredentials(t *testing.T) {
 		t.Fatal("expected error, got nil")
 	}
-	if err.Error() != "error storing credentials" {
+	if !strings.Contains(err.Error(), "program failed") {
-		t.Fatalf("expected `error storing credentials`, got %v", err)
+		t.Fatalf("expected `program failed`, got %v", err)
 	}
 	if len(f.AuthConfigs) != 0 {
@ -165,7 +167,7 @@ func TestNativeStoreGet(t *testing.T) {
 	f.CredentialsStore = "mock"
 	s := &nativeStore{
-		commandFn: mockCommandFn,
+		programFunc: mockCommandFn,
 		fileStore:   NewFileStore(f),
 	}
 	a, err := s.Get(validServerAddress)
@ -196,7 +198,7 @@ func TestNativeStoreGetIdentityToken(t *testing.T) {
 	f.CredentialsStore = "mock"
 	s := &nativeStore{
-		commandFn: mockCommandFn,
+		programFunc: mockCommandFn,
 		fileStore:   NewFileStore(f),
 	}
 	a, err := s.Get(validServerAddress2)
@ -230,7 +232,7 @@ func TestNativeStoreGetAll(t *testing.T) {
 	f.CredentialsStore = "mock"
 	s := &nativeStore{
-		commandFn: mockCommandFn,
+		programFunc: mockCommandFn,
 		fileStore:   NewFileStore(f),
 	}
 	as, err := s.GetAll()
@ -277,7 +279,7 @@ func TestNativeStoreGetMissingCredentials(t *testing.T) {
 	f.CredentialsStore = "mock"
 	s := &nativeStore{
-		commandFn: mockCommandFn,
+		programFunc: mockCommandFn,
 		fileStore:   NewFileStore(f),
 	}
 	_, err := s.Get(missingCredsAddress)
@ -296,7 +298,7 @@ func TestNativeStoreGetInvalidAddress(t *testing.T) {
 	f.CredentialsStore = "mock"
 	s := &nativeStore{
-		commandFn: mockCommandFn,
+		programFunc: mockCommandFn,
 		fileStore:   NewFileStore(f),
 	}
 	_, err := s.Get(invalidServerAddress)
@ -304,8 +306,8 @@ func TestNativeStoreGetInvalidAddress(t *testing.T) {
 		t.Fatal("expected error, got nil")
 	}
-	if err.Error() != "error getting credentials" {
+	if !strings.Contains(err.Error(), "program failed") {
-		t.Fatalf("expected `error getting credentials`, got %v", err)
+		t.Fatalf("expected `program failed`, got %v", err)
 	}
 }
@ -318,7 +320,7 @@ func TestNativeStoreErase(t *testing.T) {
 	f.CredentialsStore = "mock"
 	s := &nativeStore{
-		commandFn: mockCommandFn,
+		programFunc: mockCommandFn,
 		fileStore:   NewFileStore(f),
 	}
 	err := s.Erase(validServerAddress)
@ -340,7 +342,7 @@ func TestNativeStoreEraseInvalidAddress(t *testing.T) {
 	f.CredentialsStore = "mock"
 	s := &nativeStore{
-		commandFn: mockCommandFn,
+		programFunc: mockCommandFn,
 		fileStore:   NewFileStore(f),
 	}
 	err := s.Erase(invalidServerAddress)
@ -348,7 +350,7 @@ func TestNativeStoreEraseInvalidAddress(t *testing.T) {
 		t.Fatal("expected error, got nil")
 	}
-	if err.Error() != "error erasing credentials" {
+	if !strings.Contains(err.Error(), "program failed") {
-		t.Fatalf("expected `error erasing credentials`, got %v", err)
+		t.Fatalf("expected `program failed`, got %v", err)
 	}
 }
--- a/cliconfig/credentials/shell_command.go
+++ b/cliconfig/credentials/shell_command.go
@ -1,28 +0,0 @@
 package credentials
 import (
 	"io"
 	"os/exec"
 )
 func shellCommandFn(storeName string) func(args ...string) command {
 	name := remoteCredentialsPrefix + storeName
 	return func(args ...string) command {
 		return &shell{cmd: exec.Command(name, args...)}
 	}
 }
 // shell invokes shell commands to talk with a remote credentials helper.
 type shell struct {
 	cmd *exec.Cmd
 }
 // Output returns responses from the remote credentials helper.
 func (s *shell) Output() ([]byte, error) {
 	return s.cmd.Output()
 }
 // Input sets the input to send to a remote credentials helper.
 func (s *shell) Input(in io.Reader) {
 	s.cmd.Stdin = in
 }