credentialprovider

package
v1.14.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 22, 2025 License: MIT Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ParseSchemelessURL 

func ParseSchemelessURL(schemelessURL string) (*url.URL, error)

ParseSchemelessURL parses a schemeless url and returns a url.URL url.Parse require a scheme, but ours don't have schemes. Adding a scheme to make url.Parse happy, then clear out the resulting scheme.

func SplitURL 

func SplitURL(url *url.URL) (parts []string, port string)

SplitURL splits the host name into parts, as well as the port

func URLsMatch 

func URLsMatch(globURL *url.URL, targetURL *url.URL) (bool, error)

URLsMatch checks whether the given target url matches the glob url, which may have glob wild cards in the host name.

Examples: 

globURL=*.docker.io, targetURL=blah.docker.io => match
globURL=*.docker.io, targetURL=not.right.io   => no match

Note that we don't support wildcards in ports and paths yet.

func URLsMatchStr 

func URLsMatchStr(glob string, target string) (bool, error)

URLsMatchStr is wrapper for URLsMatch, operating on strings instead of URLs.

Types

type AuthConfig 

type AuthConfig struct {
	Username string `json:"username,omitempty"`
	Password string `json:"password,omitempty"`
	Auth     string `json:"auth,omitempty"`

	// Email is an optional value associated with the username.
	// This field is deprecated and will be removed in a later
	// version of docker.
	Email string `json:"email,omitempty"`

	ServerAddress string `json:"serveraddress,omitempty"`

	// IdentityToken is used to authenticate the user and get
	// an access token for the registry.
	IdentityToken string `json:"identitytoken,omitempty"`

	// RegistryToken is a bearer token to be sent to a registry
	RegistryToken string `json:"registrytoken,omitempty"`
}

AuthConfig contains authorization information for connecting to a Registry This type mirrors "github.com/docker/docker/api/types.AuthConfig"

type BasicDockerKeyring 

type BasicDockerKeyring struct {
	// contains filtered or unexported fields
}

BasicDockerKeyring is a trivial map-backed implementation of DockerKeyring

func (*BasicDockerKeyring) Add 

func (dk *BasicDockerKeyring) Add(src *CredentialSource, cfg DockerConfig)

Add inserts the docker config `cfg` into the basic docker keyring. It attaches the `src` information that describes where the docker config `cfg` comes from. `src` is nil if the docker config is globally available on the node.

func (*BasicDockerKeyring) Lookup 

func (dk *BasicDockerKeyring) Lookup(image string) ([]TrackedAuthConfig, bool)

Lookup implements the DockerKeyring method for fetching credentials based on image name. Multiple credentials may be returned if there are multiple potentially valid credentials available. This allows for rotation.

type CredentialSource 

type CredentialSource struct {
	Secret         *SecretCoordinates
	ServiceAccount *ServiceAccountCoordinates
}

type DockerConfig 

type DockerConfig map[string]DockerConfigEntry

DockerConfig represents the config file used by the docker CLI. This config that represents the credentials that should be used when pulling images from specific image repositories.

type DockerConfigEntry 

type DockerConfigEntry struct {
	Username string
	Password string
	Email    string
}

DockerConfigEntry wraps a docker config as a entry

func (*DockerConfigEntry) UnmarshalJSON 

func (ident *DockerConfigEntry) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface.

type DockerConfigJSON 

type DockerConfigJSON struct {
	Auths DockerConfig `json:"auths"`
	// +optional
	HTTPHeaders map[string]string `json:"HttpHeaders,omitempty"`
}

DockerConfigJSON represents ~/.docker/config.json file info see https://github.com/docker/docker/pull/12009

type DockerKeyring 

type DockerKeyring interface {
	Lookup(image string) ([]TrackedAuthConfig, bool)
}

DockerKeyring tracks a set of docker registry credentials, maintaining a reverse index across the registry endpoints. A registry endpoint is made up of a host (e.g. registry.example.com), but it may also contain a path (e.g. registry.example.com/foo) This index is important for two reasons:

  • registry endpoints may overlap, and when this happens we must find the most specific match for a given image
  • iterating a map does not yield predictable results

type SecretCoordinates 

type SecretCoordinates struct {
	UID       string
	Namespace string
	Name      string
}

type ServiceAccountCoordinates 

type ServiceAccountCoordinates struct {
	UID       string
	Namespace string
	Name      string
}

type TrackedAuthConfig 

type TrackedAuthConfig struct {
	AuthConfig
	AuthConfigHash string

	Source *CredentialSource
}

TrackedAuthConfig wraps the AuthConfig and adds information about the source of the credentials.

func NewTrackedAuthConfig 

func NewTrackedAuthConfig(c *AuthConfig, src *CredentialSource) *TrackedAuthConfig

NewTrackedAuthConfig initializes the TrackedAuthConfig structure by adding the source information to the supplied AuthConfig. It also counts a hash of the AuthConfig and keeps it in the returned structure.

The supplied CredentialSource is only used when the "KubeletEnsureSecretPulledImages" is enabled, the same applies for counting the hash.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.