Merge pull request #1181 from docker/credstore-support

Add credentials store support

Merge pull request #1181 from docker/credstore-support
Add credentials store support
fab4a06c · Joffrey F · GitHub · 545c5ac3 · 219a8699 · fab4a06c
Kaydet (Commit) fab4a06c authored Eyl 06, 2016 tarafından Joffrey F Kaydeden (comit) GitHub Eyl 06, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 42 additions and 2 deletions

auth.py docker/auth/auth.py +38 -0

requirements.txt requirements.txt +3 -2

setup.py setup.py +1 -0

No files found.
--- a/docker/auth/auth.py
+++ b/docker/auth/auth.py
@@ -3,6 +3,7 @@ import json
 import logging
 import os
+import dockerpycreds
 import six
 from .. import errors
@@ -11,6 +12,7 @@ INDEX_NAME = 'docker.io'
 INDEX_URL = 'https://{0}/v1/'.format(INDEX_NAME)
 DOCKER_CONFIG_FILENAME = os.path.join('.docker', 'config.json')
 LEGACY_DOCKER_CONFIG_FILENAME = '.dockercfg'
+TOKEN_USERNAME = '<token>'
 log = logging.getLogger(__name__)
@@ -74,6 +76,13 @@ def resolve_authconfig(authconfig, registry=None):
    with full URLs are stripped down to hostnames before checking for a match.
    Returns None if no match was found.
    """
+    if 'credsStore' in authconfig:
+        log.debug(
+            'Using credentials store "{0}"'.format(authconfig['credsStore'])
+        )
+        return _resolve_authconfig_credstore(
+            authconfig, registry, authconfig['credsStore']
+        )
    # Default to the public index server
    registry = resolve_index_name(registry) if registry else INDEX_NAME
    log.debug("Looking for auth entry for {0}".format(repr(registry)))
@@ -91,6 +100,35 @@ def resolve_authconfig(authconfig, registry=None):
    return None
+def _resolve_authconfig_credstore(authconfig, registry, credstore_name):
+    if not registry or registry == INDEX_NAME:
+        # The ecosystem is a little schizophrenic with index.docker.io VS
+        # docker.io - in that case, it seems the full URL is necessary.
+        registry = 'https://index.docker.io/v1/'
+    log.debug("Looking for auth entry for {0}".format(repr(registry)))
+    store = dockerpycreds.Store(credstore_name)
+    try:
+        data = store.get(registry)
+        res = {
+            'ServerAddress': registry,
+        }
+        if data['Username'] == TOKEN_USERNAME:
+            res['IdentityToken'] = data['Secret']
+        else:
+            res.update({
+                'Username': data['Username'],
+                'Password': data['Secret'],
+            })
+        return res
+    except dockerpycreds.CredentialsNotFound as e:
+        log.debug('No entry found')
+        return None
+    except dockerpycreds.StoreError as e:
+        raise errors.DockerException(
+            'Credentials store error: {0}'.format(repr(e))
+        )
 def convert_to_hostname(url):
    return url.replace('http://', '').replace('https://', '').split('/', 1)[0]

--- a/requirements.txt
+++ b/requirements.txt
@@ -2,4 +2,5 @@ requests==2.5.3
 six>=1.4.0
 websocket-client==0.32.0
 backports.ssl_match_hostname>=3.5 ; python_version < '3.5'
 ipaddress==1.0.16 ; python_version < '3.3'
\ No newline at end of file
+docker-pycreds==0.2.0
\ No newline at end of file
--- a/setup.py
+++ b/setup.py
@@ -12,6 +12,7 @@ requirements = [
    'requests >= 2.5.2, < 2.11',
    'six >= 1.4.0',
    'websocket-client >= 0.32.0',
+    'docker-pycreds >= 0.2.0'
 ]
 if sys.platform == 'win32':