github.com/dtroyer-salad/og2/v2@v2.0.0-20240412154159-c47231610877/registry/remote/credentials/file_store.go (about) 1 /* 2 Copyright The ORAS Authors. 3 Licensed under the Apache License, Version 2.0 (the "License"); 4 you may not use this file except in compliance with the License. 5 You may obtain a copy of the License at 6 7 http://www.apache.org/licenses/LICENSE-2.0 8 9 Unless required by applicable law or agreed to in writing, software 10 distributed under the License is distributed on an "AS IS" BASIS, 11 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 See the License for the specific language governing permissions and 13 limitations under the License. 14 */ 15 16 package credentials 17 18 import ( 19 "context" 20 "errors" 21 "fmt" 22 "strings" 23 24 "oras.land/oras-go/v2/registry/remote/auth" 25 "oras.land/oras-go/v2/registry/remote/credentials/internal/config" 26 ) 27 28 // FileStore implements a credentials store using the docker configuration file 29 // to keep the credentials in plain-text. 30 // 31 // Reference: https://docs.docker.com/engine/reference/commandline/cli/#docker-cli-configuration-file-configjson-properties 32 type FileStore struct { 33 // DisablePut disables putting credentials in plaintext. 34 // If DisablePut is set to true, Put() will return ErrPlaintextPutDisabled. 35 DisablePut bool 36 37 config *config.Config 38 } 39 40 var ( 41 // ErrPlaintextPutDisabled is returned by Put() when DisablePut is set 42 // to true. 43 ErrPlaintextPutDisabled = errors.New("putting plaintext credentials is disabled") 44 // ErrBadCredentialFormat is returned by Put() when the credential format 45 // is bad. 46 ErrBadCredentialFormat = errors.New("bad credential format") 47 ) 48 49 // NewFileStore creates a new file credentials store. 50 // 51 // Reference: https://docs.docker.com/engine/reference/commandline/cli/#docker-cli-configuration-file-configjson-properties 52 func NewFileStore(configPath string) (*FileStore, error) { 53 cfg, err := config.Load(configPath) 54 if err != nil { 55 return nil, err 56 } 57 return newFileStore(cfg), nil 58 } 59 60 // newFileStore creates a file credentials store based on the given config instance. 61 func newFileStore(cfg *config.Config) *FileStore { 62 return &FileStore{config: cfg} 63 } 64 65 // Get retrieves credentials from the store for the given server address. 66 func (fs *FileStore) Get(_ context.Context, serverAddress string) (auth.Credential, error) { 67 return fs.config.GetCredential(serverAddress) 68 } 69 70 // Put saves credentials into the store for the given server address. 71 // Returns ErrPlaintextPutDisabled if fs.DisablePut is set to true. 72 func (fs *FileStore) Put(_ context.Context, serverAddress string, cred auth.Credential) error { 73 if fs.DisablePut { 74 return ErrPlaintextPutDisabled 75 } 76 if err := validateCredentialFormat(cred); err != nil { 77 return err 78 } 79 80 return fs.config.PutCredential(serverAddress, cred) 81 } 82 83 // Delete removes credentials from the store for the given server address. 84 func (fs *FileStore) Delete(_ context.Context, serverAddress string) error { 85 return fs.config.DeleteCredential(serverAddress) 86 } 87 88 // validateCredentialFormat validates the format of cred. 89 func validateCredentialFormat(cred auth.Credential) error { 90 if strings.ContainsRune(cred.Username, ':') { 91 // Username and password will be encoded in the base64(username:password) 92 // format in the file. The decoded result will be wrong if username 93 // contains colon(s). 94 return fmt.Errorf("%w: colons(:) are not allowed in username", ErrBadCredentialFormat) 95 } 96 return nil 97 }