github/skopeo
1
0
Fork 0
mirror of https://github.com/containers/skopeo.git synced 2025-06-30 00:22:27 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #1470 from jaikiran/527

Browse Source 
Introduce --username and --password to pass credentials
This commit is contained in:
Miloslav Trmač 2021-10-07 18:34:51 +02:00 committed by GitHub
commit 116e75fbfd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 142 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
cmd/skopeo/utils.go
View File

@ -91,6 +91,8 @@ type dockerImageOptions struct {
deprecatedTLSVerify *deprecatedTLSVerifyOption // May be shared across several imageOptions instances, or nil. deprecatedTLSVerify *deprecatedTLSVerifyOption // May be shared across several imageOptions instances, or nil.
authFilePath optionalString // Path to a */containers/auth.json (prefixed version to override shared image option). authFilePath optionalString // Path to a */containers/auth.json (prefixed version to override shared image option).
credsOption optionalString // username[:password] for accessing a registry credsOption optionalString // username[:password] for accessing a registry
userName optionalString // username for accessing a registry
password optionalString // password for accessing a registry
registryToken optionalString // token to be used directly as a Bearer token when accessing the registry registryToken optionalString // token to be used directly as a Bearer token when accessing the registry
dockerCertPath string // A directory using Docker-like *.{crt,cert,key} files for connecting to a registry or a daemon dockerCertPath string // A directory using Docker-like *.{crt,cert,key} files for connecting to a registry or a daemon
tlsVerify optionalBool // Require HTTPS and verify certificates (for docker: and docker-daemon:) tlsVerify optionalBool // Require HTTPS and verify certificates (for docker: and docker-daemon:)
@ -122,6 +124,8 @@ func dockerImageFlags(global *globalOptions, shared *sharedImageOptions, depreca
fs.Var(newOptionalStringValue(&flags.authFilePath), flagPrefix+"authfile", "path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json") fs.Var(newOptionalStringValue(&flags.authFilePath), flagPrefix+"authfile", "path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json")
} }
fs.Var(newOptionalStringValue(&flags.credsOption), flagPrefix+"creds", "Use `USERNAME[:PASSWORD]` for accessing the registry") fs.Var(newOptionalStringValue(&flags.credsOption), flagPrefix+"creds", "Use `USERNAME[:PASSWORD]` for accessing the registry")
fs.Var(newOptionalStringValue(&flags.userName), flagPrefix+"username", "Username for accessing the registry")
fs.Var(newOptionalStringValue(&flags.password), flagPrefix+"password", "Password for accessing the registry")
if credsOptionAlias != "" { if credsOptionAlias != "" {
// This is horribly ugly, but we need to support the old option forms of (skopeo copy) for compatibility. // This is horribly ugly, but we need to support the old option forms of (skopeo copy) for compatibility.
// Don't add any more cases like this. // Don't add any more cases like this.
@ -180,12 +184,30 @@ func (opts *imageOptions) newSystemContext() (*types.SystemContext, error) {
if opts.credsOption.present && opts.noCreds { if opts.credsOption.present && opts.noCreds {
return nil, errors.New("creds and no-creds cannot be specified at the same time") return nil, errors.New("creds and no-creds cannot be specified at the same time")
} }
if opts.userName.present && opts.noCreds {
return nil, errors.New("username and no-creds cannot be specified at the same time")
}
if opts.credsOption.present && opts.userName.present {
return nil, errors.New("creds and username cannot be specified at the same time")
}
// if any of username or password is present, then both are expected to be present
if opts.userName.present != opts.password.present {
if opts.userName.present {
return nil, errors.New("password must be specified when username is specified")
}
return nil, errors.New("username must be specified when password is specified")
}
if opts.credsOption.present { if opts.credsOption.present {
var err error var err error
ctx.DockerAuthConfig, err = getDockerAuth(opts.credsOption.value) ctx.DockerAuthConfig, err = getDockerAuth(opts.credsOption.value)
if err != nil { if err != nil {
return nil, err return nil, err
} }
} else if opts.userName.present {
ctx.DockerAuthConfig = &types.DockerAuthConfig{
Username: opts.userName.value,
Password: opts.password.value,
}
} }
if opts.registryToken.present { if opts.registryToken.present {
ctx.DockerBearerRegistryToken = opts.registryToken.value ctx.DockerBearerRegistryToken = opts.registryToken.value

48
cmd/skopeo/utils_test.go
View File

@ -197,6 +197,54 @@ func TestImageDestOptionsNewSystemContext(t *testing.T) {
assert.Error(t, err) assert.Error(t, err)
} }
// TestImageOptionsUsernamePassword verifies that using the username and password
// options works as expected
func TestImageOptionsUsernamePassword(t *testing.T) {
for _, command := range []struct {
commandArgs []string
expectedAuthConfig *types.DockerAuthConfig // data to expect, or nil if an error is expected
}{
// Set only username/password (without --creds), expected to pass
{
commandArgs: []string{"--dest-username", "foo", "--dest-password", "bar"},
expectedAuthConfig: &types.DockerAuthConfig{Username: "foo", Password: "bar"},
},
// no username but set password, expect error
{
commandArgs: []string{"--dest-password", "foo"},
expectedAuthConfig: nil,
},
// set username but no password. expected to fail (we currently don't allow a user without password)
{
commandArgs: []string{"--dest-username", "bar"},
expectedAuthConfig: nil,
},
// set username with --creds, expected to fail
{
commandArgs: []string{"--dest-username", "bar", "--dest-creds", "hello:world", "--dest-password", "foo"},
expectedAuthConfig: nil,
},
// set username with --no-creds, expected to fail
{
commandArgs: []string{"--dest-username", "bar", "--dest-no-creds", "--dest-password", "foo"},
expectedAuthConfig: nil,
},
} {
opts := fakeImageDestOptions(t, "dest-", true, []string{}, command.commandArgs)
// parse the command options
res, err := opts.newSystemContext()
if command.expectedAuthConfig == nil {
assert.Error(t, err)
} else {
require.NoError(t, err)
assert.Equal(t, &types.SystemContext{
DockerRegistryUserAgent: defaultUserAgent,
DockerAuthConfig: command.expectedAuthConfig,
}, res)
}
}
}
func TestTLSVerifyFlags(t *testing.T) { func TestTLSVerifyFlags(t *testing.T) {
type systemContextOpts interface { // Either *imageOptions or *imageDestOptions type systemContextOpts interface { // Either *imageOptions or *imageDestOptions
newSystemContext() (*types.SystemContext, error) newSystemContext() (*types.SystemContext, error)

16
completions/bash/skopeo
View File

@ -51,6 +51,10 @@ _skopeo_copy() {
--dest-daemon-host --dest-daemon-host
--src-registry-token --src-registry-token
--dest-registry-token --dest-registry-token
--src-username
--src-password
--dest-username
--dest-password
" "
local boolean_options=" local boolean_options="
@ -87,6 +91,10 @@ _skopeo_sync() {
--src-cert-dir --src-cert-dir
--src-creds --src-creds
--src-registry-token --src-registry-token
--src-username
--src-password
--dest-username
--dest-password
" "
local boolean_options=" local boolean_options="
@ -116,6 +124,8 @@ _skopeo_inspect() {
--format --format
--retry-times --retry-times
--registry-token --registry-token
--username
--password
" "
local boolean_options=" local boolean_options="
--config --config
@ -163,6 +173,8 @@ _skopeo_delete() {
--creds --creds
--cert-dir --cert-dir
--registry-token --registry-token
--username
--password
" "
local boolean_options=" local boolean_options="
--tls-verify --tls-verify
@ -183,6 +195,8 @@ _skopeo_layers() {
--creds --creds
--cert-dir --cert-dir
--registry-token --registry-token
--username
--password
" "
local boolean_options=" local boolean_options="
--tls-verify --tls-verify
@ -197,6 +211,8 @@ _skopeo_list_repository_tags() {
--creds --creds
--cert-dir --cert-dir
--registry-token --registry-token
--username
--password
" "
local boolean_options=" local boolean_options="

16
docs/skopeo-copy.1.md
View File

@ -164,6 +164,22 @@ Bearer token for accessing the destination registry.
The number of times to retry. Retry wait time will be exponentially increased based on the number of failed attempts. The number of times to retry. Retry wait time will be exponentially increased based on the number of failed attempts.
**--src-username**
The username to access the source registry.
**--src-password**
The password to access the source registry.
**--dest-username**
The username to access the destination registry.
**--dest-password**
The password to access the destination registry.
## EXAMPLES ## EXAMPLES
To just copy an image from one registry to another: To just copy an image from one registry to another:

8
docs/skopeo-delete.1.md
View File

@ -64,6 +64,14 @@ Directory to use to share blobs across OCI repositories.
Require HTTPS and verify certificates when talking to the container registry or daemon. Default to registry.conf setting. Require HTTPS and verify certificates when talking to the container registry or daemon. Default to registry.conf setting.
**--username**
The username to access the registry.
**--password**
The password to access the registry.
## EXAMPLES ## EXAMPLES
Mark image example/pause for deletion from the registry.example.com registry: Mark image example/pause for deletion from the registry.example.com registry:

8
docs/skopeo-inspect.1.md
View File

@ -69,6 +69,14 @@ Directory to use to share blobs across OCI repositories.
Require HTTPS and verify certificates when talking to the container registry or daemon. Default to registry.conf setting. Require HTTPS and verify certificates when talking to the container registry or daemon. Default to registry.conf setting.
**--username**
The username to access the registry.
**--password**
The password to access the registry.
## EXAMPLES ## EXAMPLES
To review information for the image fedora from the docker.io registry: To review information for the image fedora from the docker.io registry:

8
docs/skopeo-list-tags.1.md
View File

@ -43,6 +43,14 @@ The number of times to retry. Retry wait time will be exponentially increased ba
Require HTTPS and verify certificates when talking to the container registry or daemon. Default to registry.conf setting. Require HTTPS and verify certificates when talking to the container registry or daemon. Default to registry.conf setting.
**--username**
The username to access the registry.
**--password**
The password to access the registry.
## REPOSITORY NAMES ## REPOSITORY NAMES
Repository names are transport-specific references as each transport may have its own concept of a "repository" and "tags". Currently, only the Docker transport is supported. Repository names are transport-specific references as each transport may have its own concept of a "repository" and "tags". Currently, only the Docker transport is supported.

16
docs/skopeo-sync.1.md
View File

@ -91,6 +91,22 @@ Print usage statement.
**--keep-going** **--keep-going**
If any errors occur during copying of images, those errors are logged and the process continues syncing rest of the images and finally fails at the end. If any errors occur during copying of images, those errors are logged and the process continues syncing rest of the images and finally fails at the end.
**--src-username**
The username to access the source registry.
**--src-password**
The password to access the source registry.
**--dest-username**
The username to access the destination registry.
**--dest-password**
The password to access the destination registry.
## EXAMPLES ## EXAMPLES
### Synchronizing to a local directory ### Synchronizing to a local directory