Commit Graph

15 Commits

Author SHA1 Message Date
Kermit Alexander
0dcafb1f37 Add RegistryConfig/RegistryConfigEntry. 2021-03-02 00:08:54 +00:00
Kermit Alexander
42fb89eb89 Move config and provider code out of pkg/credentialprovider and into staging. 2021-03-02 00:07:02 +00:00
Nikolaos Moraitis
b907f9e118 avoid potential secret leaking while reading .dockercfg
There are a lot of scenarios where an invalid .dockercfg file
will still contain secrets. This commit removes logging of the
contents to avoid any potential leaking and manages the actual error
by printing to the user the actual location of the invalid file.

Signed-off-by: Nikolaos Moraitis <nmoraiti@redhat.com>
2020-09-14 15:39:05 +02:00
zzde
a95d04993a
Fix golint failures in pkg/credentialprovider (#88860)
* Fix golint failures in pkg/credentialprovider

* improve Comment

* test
2020-03-18 20:10:43 -07:00
Tim Allclair
9d3670f358 Ensure testing credentials are labeled as such 2020-02-04 10:36:05 -08:00
Oleg Bulatov
5bec54ed5b
fix: padded base64 encoded docker auth field
base64 allows usage of new line characters and some tools use them.
As a result, the length of the encoded string cannot be used to
determine whether it's padded or not.

This patch fixes the regression after #82148.
2019-11-28 17:12:03 +01:00
hwdef
170eadc3d2 pkg/credentialprovider: fix staticcheck warning 2019-11-11 09:46:52 +08:00
Benoît Bourbié
a3e434cee4 fix: handling unpadded base64 encoded docker auth field
docker-credential-desk does not pad anymore the auth field.
it is then possible to have unpadded auth field.

field might be encoded either with RawStdEncoding or StdEncoding

we now determine if it is correctly padded in order to handle
both cases.
2019-09-09 21:30:03 -07:00
guangxuli
8a9cfdf86a make function ReadDockerConfigFile more flexible
rename the variable

make parameter more flexible

handle docker config file path

use a single set of paths

delete debug print

gofmt

delete the empty line

comment is not correct

move the comment to the correct place

keep original signature

godoc
2016-10-14 23:23:46 +08:00
David McMahon
ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
tamnd
906b279080 Support new docker config format for private registries 2015-08-22 15:37:25 +07:00
deads2k
ac2c43fc87 serialize dockercfg with matching auth field 2015-06-05 11:14:10 -04:00
deads2k
be0f2d2930 add dockercfg secret types 2015-05-18 08:25:27 -04:00
Eric Paris
6b3a6e6b98 Make copyright ownership statement generic
Instead of saying "Google Inc." (which is not always correct) say "The
Kubernetes Authors", which is generic.
2015-05-01 17:49:56 -04:00
Matt Moore
0c5d9ed0d2 Implements a credentialprovider library for use by DockerPuller.
This change refactors the way Kubelet's DockerPuller handles the docker config credentials to utilize a new credentialprovider library.

The credentialprovider library is based on several of the files from the Kubelet's dockertools directory, but supports a new pluggable model for retrieving a .dockercfg-compatible JSON blob with credentials.

With this change, the Kubelet will lazily ask for the docker config from a set of DockerConfigProvider extensions each time it needs a credential.

This change provides common implementations of DockerConfigProvider for:
 - "Default": load .dockercfg from disk
 - "Caching": wraps another provider in a cache that expires after a pre-specified lifetime.

GCP-only:
 - "google-dockercfg": reads a .dockercfg from a GCE instance's metadata
 - "google-dockercfg-url": reads a .dockercfg from a URL specified in a GCE instance's metadata.
 - "google-container-registry": reads an access token from GCE metadata into a password field.
2014-11-17 21:46:54 -08:00