github.com/AliyunContainerService/cli@v0.0.0-20181009023821-814ced4b30d0/cli/command/registry.go (about) 1 package command 2 3 import ( 4 "bufio" 5 "context" 6 "encoding/base64" 7 "encoding/json" 8 "fmt" 9 "io" 10 "os" 11 "runtime" 12 "strings" 13 14 "github.com/docker/cli/cli/debug" 15 "github.com/docker/distribution/reference" 16 "github.com/docker/docker/api/types" 17 registrytypes "github.com/docker/docker/api/types/registry" 18 "github.com/docker/docker/pkg/term" 19 "github.com/docker/docker/registry" 20 "github.com/pkg/errors" 21 ) 22 23 // ElectAuthServer returns the default registry to use (by asking the daemon) 24 func ElectAuthServer(ctx context.Context, cli Cli) string { 25 // The daemon `/info` endpoint informs us of the default registry being 26 // used. This is essential in cross-platforms environment, where for 27 // example a Linux client might be interacting with a Windows daemon, hence 28 // the default registry URL might be Windows specific. 29 serverAddress := registry.IndexServer 30 if info, err := cli.Client().Info(ctx); err != nil && debug.IsEnabled() { 31 // Only report the warning if we're in debug mode to prevent nagging during engine initialization workflows 32 fmt.Fprintf(cli.Err(), "Warning: failed to get default registry endpoint from daemon (%v). Using system default: %s\n", err, serverAddress) 33 } else if info.IndexServerAddress == "" && debug.IsEnabled() { 34 fmt.Fprintf(cli.Err(), "Warning: Empty registry endpoint from daemon. Using system default: %s\n", serverAddress) 35 } else { 36 serverAddress = info.IndexServerAddress 37 } 38 return serverAddress 39 } 40 41 // EncodeAuthToBase64 serializes the auth configuration as JSON base64 payload 42 func EncodeAuthToBase64(authConfig types.AuthConfig) (string, error) { 43 buf, err := json.Marshal(authConfig) 44 if err != nil { 45 return "", err 46 } 47 return base64.URLEncoding.EncodeToString(buf), nil 48 } 49 50 // RegistryAuthenticationPrivilegedFunc returns a RequestPrivilegeFunc from the specified registry index info 51 // for the given command. 52 func RegistryAuthenticationPrivilegedFunc(cli Cli, index *registrytypes.IndexInfo, cmdName string) types.RequestPrivilegeFunc { 53 return func() (string, error) { 54 fmt.Fprintf(cli.Out(), "\nPlease login prior to %s:\n", cmdName) 55 indexServer := registry.GetAuthConfigKey(index) 56 isDefaultRegistry := indexServer == ElectAuthServer(context.Background(), cli) 57 authConfig, err := GetDefaultAuthConfig(cli, true, indexServer, isDefaultRegistry) 58 if err != nil { 59 fmt.Fprintf(cli.Err(), "Unable to retrieve stored credentials for %s, error: %s.\n", indexServer, err) 60 } 61 err = ConfigureAuth(cli, "", "", authConfig, isDefaultRegistry) 62 if err != nil { 63 return "", err 64 } 65 return EncodeAuthToBase64(*authConfig) 66 } 67 } 68 69 // ResolveAuthConfig is like registry.ResolveAuthConfig, but if using the 70 // default index, it uses the default index name for the daemon's platform, 71 // not the client's platform. 72 func ResolveAuthConfig(ctx context.Context, cli Cli, index *registrytypes.IndexInfo) types.AuthConfig { 73 configKey := index.Name 74 if index.Official { 75 configKey = ElectAuthServer(ctx, cli) 76 } 77 78 a, _ := cli.ConfigFile().GetAuthConfig(configKey) 79 return a 80 } 81 82 // GetDefaultAuthConfig gets the default auth config given a serverAddress 83 // If credentials for given serverAddress exists in the credential store, the configuration will be populated with values in it 84 func GetDefaultAuthConfig(cli Cli, checkCredStore bool, serverAddress string, isDefaultRegistry bool) (*types.AuthConfig, error) { 85 if !isDefaultRegistry { 86 serverAddress = registry.ConvertToHostname(serverAddress) 87 } 88 var authconfig types.AuthConfig 89 var err error 90 if checkCredStore { 91 authconfig, err = cli.ConfigFile().GetAuthConfig(serverAddress) 92 } else { 93 authconfig = types.AuthConfig{} 94 } 95 authconfig.ServerAddress = serverAddress 96 authconfig.IdentityToken = "" 97 return &authconfig, err 98 } 99 100 // ConfigureAuth handles prompting of user's username and password if needed 101 func ConfigureAuth(cli Cli, flUser, flPassword string, authconfig *types.AuthConfig, isDefaultRegistry bool) error { 102 // On Windows, force the use of the regular OS stdin stream. Fixes #14336/#14210 103 if runtime.GOOS == "windows" { 104 cli.SetIn(NewInStream(os.Stdin)) 105 } 106 107 // Some links documenting this: 108 // - https://code.google.com/archive/p/mintty/issues/56 109 // - https://github.com/docker/docker/issues/15272 110 // - https://mintty.github.io/ (compatibility) 111 // Linux will hit this if you attempt `cat | docker login`, and Windows 112 // will hit this if you attempt docker login from mintty where stdin 113 // is a pipe, not a character based console. 114 if flPassword == "" && !cli.In().IsTerminal() { 115 return errors.Errorf("Error: Cannot perform an interactive login from a non TTY device") 116 } 117 118 authconfig.Username = strings.TrimSpace(authconfig.Username) 119 120 if flUser = strings.TrimSpace(flUser); flUser == "" { 121 if isDefaultRegistry { 122 // if this is a default registry (docker hub), then display the following message. 123 fmt.Fprintln(cli.Out(), "Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.") 124 } 125 promptWithDefault(cli.Out(), "Username", authconfig.Username) 126 flUser = readInput(cli.In(), cli.Out()) 127 flUser = strings.TrimSpace(flUser) 128 if flUser == "" { 129 flUser = authconfig.Username 130 } 131 } 132 if flUser == "" { 133 return errors.Errorf("Error: Non-null Username Required") 134 } 135 if flPassword == "" { 136 oldState, err := term.SaveState(cli.In().FD()) 137 if err != nil { 138 return err 139 } 140 fmt.Fprintf(cli.Out(), "Password: ") 141 term.DisableEcho(cli.In().FD(), oldState) 142 143 flPassword = readInput(cli.In(), cli.Out()) 144 fmt.Fprint(cli.Out(), "\n") 145 146 term.RestoreTerminal(cli.In().FD(), oldState) 147 if flPassword == "" { 148 return errors.Errorf("Error: Password Required") 149 } 150 } 151 152 authconfig.Username = flUser 153 authconfig.Password = flPassword 154 155 return nil 156 } 157 158 func readInput(in io.Reader, out io.Writer) string { 159 reader := bufio.NewReader(in) 160 line, _, err := reader.ReadLine() 161 if err != nil { 162 fmt.Fprintln(out, err.Error()) 163 os.Exit(1) 164 } 165 return string(line) 166 } 167 168 func promptWithDefault(out io.Writer, prompt string, configDefault string) { 169 if configDefault == "" { 170 fmt.Fprintf(out, "%s: ", prompt) 171 } else { 172 fmt.Fprintf(out, "%s (%s): ", prompt, configDefault) 173 } 174 } 175 176 // RetrieveAuthTokenFromImage retrieves an encoded auth token given a complete image 177 func RetrieveAuthTokenFromImage(ctx context.Context, cli Cli, image string) (string, error) { 178 // Retrieve encoded auth token from the image reference 179 authConfig, err := resolveAuthConfigFromImage(ctx, cli, image) 180 if err != nil { 181 return "", err 182 } 183 encodedAuth, err := EncodeAuthToBase64(authConfig) 184 if err != nil { 185 return "", err 186 } 187 return encodedAuth, nil 188 } 189 190 // resolveAuthConfigFromImage retrieves that AuthConfig using the image string 191 func resolveAuthConfigFromImage(ctx context.Context, cli Cli, image string) (types.AuthConfig, error) { 192 registryRef, err := reference.ParseNormalizedNamed(image) 193 if err != nil { 194 return types.AuthConfig{}, err 195 } 196 repoInfo, err := registry.ParseRepositoryInfo(registryRef) 197 if err != nil { 198 return types.AuthConfig{}, err 199 } 200 return ResolveAuthConfig(ctx, cli, repoInfo.Index), nil 201 }