credentials

package
v1.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 1, 2025 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const UsedUserLogKey = "ociUser"

UsedUserLogKey describes the key that is injected into the logging context values.

Variables

This section is empty.

Functions

func IsEmptyAuthConfig 

func IsEmptyAuthConfig(auth Auth) bool

IsEmptyAuthConfig validates if the resulting auth config contains credentails

func Merge 

func Merge(k1, k2 *GeneralOciKeyring) error

Merge merges all authentication options from keyring 1 and 2. Keyring 2 overwrites authentication from keyring 1 on clashes.

Types

type Auth 

type Auth interface {
	GetUsername() string
	GetPassword() string
	GetAuth() string

	// GetIdentityToken is used to authenticate the user and get
	// an access token for the registry.
	GetIdentityToken() string

	// GetRegistryToken is a bearer token to be sent to a registry
	GetRegistryToken() string
}

Auth describes a interface of the dockerconfigtypes.Auth struct

type AuthConfig 

type AuthConfig struct {
	Username string `json:"username,omitempty"`
	Password string `json:"password,omitempty"`
	Auth     string `json:"auth,omitempty"`

	// Email is an optional value associated with the username.
	// This field is deprecated and will be removed in a later
	// version of docker.
	Email string `json:"email,omitempty"`

	ServerAddress string `json:"serveraddress,omitempty"`

	// IdentityToken is used to authenticate the user and get
	// an access token for the registry.
	IdentityToken string `json:"identitytoken,omitempty"`

	// RegistryToken is a bearer token to be sent to a registry
	RegistryToken string `json:"registrytoken,omitempty"`

	Metadata map[string]string `json:"metadata,omitempty"`
}

AuthConfig implements the Auth using the docker authconfig type. It also implements the Informer interface for additional information

func FromAuthConfig 

func FromAuthConfig(cfg dockerconfigtypes.AuthConfig, keysAndValues ...string) AuthConfig

FromAuthConfig creates a Auth object using the docker authConfig type

func (AuthConfig) GetAuth 

func (a AuthConfig) GetAuth() string

func (AuthConfig) GetIdentityToken 

func (a AuthConfig) GetIdentityToken() string

func (AuthConfig) GetPassword 

func (a AuthConfig) GetPassword() string

func (AuthConfig) GetRegistryToken 

func (a AuthConfig) GetRegistryToken() string

func (AuthConfig) GetUsername 

func (a AuthConfig) GetUsername() string

func (AuthConfig) Info 

func (a AuthConfig) Info() map[string]string

type AuthConfigGetter 

type AuthConfigGetter func(address string) (Auth, error)

AuthConfigGetter is a function that returns a auth config for a given host name

func CredentialHelperAuthConfigGetter 

func CredentialHelperAuthConfigGetter(log logr.Logger, dockerConfig *configfile.ConfigFile, address, helper string) AuthConfigGetter

CredentialHelperAuthConfigGetter describes a default getter method for a authentication method

func DefaultAuthConfigGetter 

func DefaultAuthConfigGetter(config Auth) AuthConfigGetter

DefaultAuthConfigGetter describes a default getter method for a authentication method

type GeneralOciKeyring 

type GeneralOciKeyring struct {
	// contains filtered or unexported fields
}

GeneralOciKeyring is general implementation of a oci keyring that can be extended with other credentials.

func CreateOCIRegistryKeyring 

func CreateOCIRegistryKeyring(pullSecrets []corev1.Secret, configFiles []string) (*GeneralOciKeyring, error)

CreateOCIRegistryKeyring creates a new OCI registry keyring. DEPRECATED: Use the Configbuilder

func CreateOCIRegistryKeyringFromFilesystem 

func CreateOCIRegistryKeyringFromFilesystem(pullSecrets []corev1.Secret, configFiles []string, fs vfs.FileSystem) (*GeneralOciKeyring, error)

CreateOCIRegistryKeyringFromFilesystem creates a new OCI registry keyring from a given file system. DEPRECATED: Use the Configbuilder

func New 

func New() *GeneralOciKeyring

New creates a new empty general oci keyring.

func (*GeneralOciKeyring) Add 

func (o *GeneralOciKeyring) Add(store dockercreds.Store) error

Add adds all addresses of a docker credential store.

func (*GeneralOciKeyring) AddAuthConfig 

func (o *GeneralOciKeyring) AddAuthConfig(address string, auth Auth) error

AddAuthConfig adds a auth config for a address

func (*GeneralOciKeyring) AddAuthConfigGetter 

func (o *GeneralOciKeyring) AddAuthConfigGetter(address string, getter AuthConfigGetter) error

AddAuthConfigGetter adds a auth config for a address

func (GeneralOciKeyring) Get 

func (o GeneralOciKeyring) Get(resourceURl string) Auth

func (*GeneralOciKeyring) GetCredentials 

func (o *GeneralOciKeyring) GetCredentials(hostname string) (username, password string, err error)

GetCredentials returns the username and password for a given hostname. It implements the Credentials func for a docker resolver

func (*GeneralOciKeyring) Resolve 

func (o *GeneralOciKeyring) Resolve(resource authn.Resource) (authn.Authenticator, error)

Resolve implements the google container registry auth interface.

func (*GeneralOciKeyring) ResolveWithContext 

func (o *GeneralOciKeyring) ResolveWithContext(ctx context.Context, resource authn.Resource) (authn.Authenticator, error)

ResolveWithContext implements the google container registry auth interface.

func (GeneralOciKeyring) Size 

func (o GeneralOciKeyring) Size() int

Size returns the size of the keyring

type IndexNode 

type IndexNode struct {
	Segment   string
	Addresses []string
	Children  []*IndexNode
}

func (*IndexNode) Find 

func (n *IndexNode) Find(path string) ([]string, bool)

func (*IndexNode) FindSegment 

func (n *IndexNode) FindSegment(segment string) *IndexNode

func (*IndexNode) Set 

func (n *IndexNode) Set(path string, addresses ...string)

type Informer 

type Informer interface {
	Info() map[string]string
}

Informer describes a interface that returns optional metadata. The Auth interface can be enhanced using metadata

type Keyring 

type Keyring interface {
	authn.Keychain
	// ResolveWithContext looks up the most appropriate credential for the specified target.
	ResolveWithContext(context.Context, authn.Resource) (authn.Authenticator, error)
}

Keyring enhances the google go-lib auth keyring with a contextified resolver

type KeyringBuilder 

type KeyringBuilder struct {
	// contains filtered or unexported fields
}

KeyringBuilder is a builder to create and fill a keyring from different sources

func NewBuilder 

func NewBuilder(log logr.Logger) *KeyringBuilder

NewBuilder creates a new keyring builder

func (*KeyringBuilder) Build 

func (b *KeyringBuilder) Build() (*GeneralOciKeyring, error)

Build creates a new oci registry keyring from the configured secrets.

func (*KeyringBuilder) DisableDefaultConfig 

func (b *KeyringBuilder) DisableDefaultConfig() *KeyringBuilder

DisableDefaultConfig disables the read from the default docker config on the system

func (*KeyringBuilder) FromConfigFiles 

func (b *KeyringBuilder) FromConfigFiles(files ...string) *KeyringBuilder

FromConfigFiles adds file paths to docker config definitions

func (*KeyringBuilder) FromPullSecrets 

func (b *KeyringBuilder) FromPullSecrets(secrets ...corev1.Secret) *KeyringBuilder

FromPullSecrets adds k8s secrets resources that contain pull secrets.

func (*KeyringBuilder) WithFS 

func (b *KeyringBuilder) WithFS(fs vfs.FileSystem) *KeyringBuilder

WithFS defines the filesystem that should be used to read data

type OCIKeyring 

type OCIKeyring interface {
	authn.Keychain
	// ResolveWithContext looks up the most appropriate credential for the specified target.
	ResolveWithContext(context.Context, authn.Resource) (authn.Authenticator, error)
	// Get retrieves credentials from the keyring for a given resource url.
	Get(resourceURl string) Auth
	// GetCredentials returns the username and password for a hostname if defined.
	GetCredentials(hostname string) (username, password string, err error)
}

OCIKeyring is the interface that implements are keyring to retrieve credentials for a given server.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.