github.com/xeptore/docker-cli@v20.10.14+incompatible/cli/command/registry.go (about) 1 package command 2 3 import ( 4 "bufio" 5 "context" 6 "encoding/base64" 7 "encoding/json" 8 "fmt" 9 "io" 10 "os" 11 "runtime" 12 "strings" 13 14 configtypes "github.com/docker/cli/cli/config/types" 15 "github.com/docker/cli/cli/debug" 16 "github.com/docker/cli/cli/streams" 17 "github.com/docker/distribution/reference" 18 "github.com/docker/docker/api/types" 19 registrytypes "github.com/docker/docker/api/types/registry" 20 "github.com/docker/docker/registry" 21 "github.com/moby/term" 22 "github.com/pkg/errors" 23 ) 24 25 // ElectAuthServer returns the default registry to use (by asking the daemon) 26 func ElectAuthServer(ctx context.Context, cli Cli) string { 27 // The daemon `/info` endpoint informs us of the default registry being 28 // used. This is essential in cross-platforms environment, where for 29 // example a Linux client might be interacting with a Windows daemon, hence 30 // the default registry URL might be Windows specific. 31 info, err := cli.Client().Info(ctx) 32 if err != nil { 33 // Daemon is not responding so use system default. 34 if debug.IsEnabled() { 35 // Only report the warning if we're in debug mode to prevent nagging during engine initialization workflows 36 fmt.Fprintf(cli.Err(), "Warning: failed to get default registry endpoint from daemon (%v). Using system default: %s\n", err, registry.IndexServer) 37 } 38 return registry.IndexServer 39 } 40 if info.IndexServerAddress == "" { 41 if debug.IsEnabled() { 42 fmt.Fprintf(cli.Err(), "Warning: Empty registry endpoint from daemon. Using system default: %s\n", registry.IndexServer) 43 } 44 return registry.IndexServer 45 } 46 return info.IndexServerAddress 47 } 48 49 // EncodeAuthToBase64 serializes the auth configuration as JSON base64 payload 50 func EncodeAuthToBase64(authConfig types.AuthConfig) (string, error) { 51 buf, err := json.Marshal(authConfig) 52 if err != nil { 53 return "", err 54 } 55 return base64.URLEncoding.EncodeToString(buf), nil 56 } 57 58 // RegistryAuthenticationPrivilegedFunc returns a RequestPrivilegeFunc from the specified registry index info 59 // for the given command. 60 func RegistryAuthenticationPrivilegedFunc(cli Cli, index *registrytypes.IndexInfo, cmdName string) types.RequestPrivilegeFunc { 61 return func() (string, error) { 62 fmt.Fprintf(cli.Out(), "\nPlease login prior to %s:\n", cmdName) 63 indexServer := registry.GetAuthConfigKey(index) 64 isDefaultRegistry := indexServer == ElectAuthServer(context.Background(), cli) 65 authConfig, err := GetDefaultAuthConfig(cli, true, indexServer, isDefaultRegistry) 66 if err != nil { 67 fmt.Fprintf(cli.Err(), "Unable to retrieve stored credentials for %s, error: %s.\n", indexServer, err) 68 } 69 err = ConfigureAuth(cli, "", "", &authConfig, isDefaultRegistry) 70 if err != nil { 71 return "", err 72 } 73 return EncodeAuthToBase64(authConfig) 74 } 75 } 76 77 // ResolveAuthConfig is like registry.ResolveAuthConfig, but if using the 78 // default index, it uses the default index name for the daemon's platform, 79 // not the client's platform. 80 func ResolveAuthConfig(ctx context.Context, cli Cli, index *registrytypes.IndexInfo) types.AuthConfig { 81 configKey := index.Name 82 if index.Official { 83 configKey = ElectAuthServer(ctx, cli) 84 } 85 86 a, _ := cli.ConfigFile().GetAuthConfig(configKey) 87 return types.AuthConfig(a) 88 } 89 90 // GetDefaultAuthConfig gets the default auth config given a serverAddress 91 // If credentials for given serverAddress exists in the credential store, the configuration will be populated with values in it 92 func GetDefaultAuthConfig(cli Cli, checkCredStore bool, serverAddress string, isDefaultRegistry bool) (types.AuthConfig, error) { 93 if !isDefaultRegistry { 94 serverAddress = registry.ConvertToHostname(serverAddress) 95 } 96 var authconfig = configtypes.AuthConfig{} 97 var err error 98 if checkCredStore { 99 authconfig, err = cli.ConfigFile().GetAuthConfig(serverAddress) 100 if err != nil { 101 return types.AuthConfig{ 102 ServerAddress: serverAddress, 103 }, err 104 } 105 } 106 authconfig.ServerAddress = serverAddress 107 authconfig.IdentityToken = "" 108 res := types.AuthConfig(authconfig) 109 return res, nil 110 } 111 112 // ConfigureAuth handles prompting of user's username and password if needed 113 func ConfigureAuth(cli Cli, flUser, flPassword string, authconfig *types.AuthConfig, isDefaultRegistry bool) error { 114 // On Windows, force the use of the regular OS stdin stream. Fixes #14336/#14210 115 if runtime.GOOS == "windows" { 116 cli.SetIn(streams.NewIn(os.Stdin)) 117 } 118 119 // Some links documenting this: 120 // - https://code.google.com/archive/p/mintty/issues/56 121 // - https://github.com/docker/docker/issues/15272 122 // - https://mintty.github.io/ (compatibility) 123 // Linux will hit this if you attempt `cat | docker login`, and Windows 124 // will hit this if you attempt docker login from mintty where stdin 125 // is a pipe, not a character based console. 126 if flPassword == "" && !cli.In().IsTerminal() { 127 return errors.Errorf("Error: Cannot perform an interactive login from a non TTY device") 128 } 129 130 authconfig.Username = strings.TrimSpace(authconfig.Username) 131 132 if flUser = strings.TrimSpace(flUser); flUser == "" { 133 if isDefaultRegistry { 134 // if this is a default registry (docker hub), then display the following message. 135 fmt.Fprintln(cli.Out(), "Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.") 136 } 137 promptWithDefault(cli.Out(), "Username", authconfig.Username) 138 flUser = readInput(cli.In(), cli.Out()) 139 flUser = strings.TrimSpace(flUser) 140 if flUser == "" { 141 flUser = authconfig.Username 142 } 143 } 144 if flUser == "" { 145 return errors.Errorf("Error: Non-null Username Required") 146 } 147 if flPassword == "" { 148 oldState, err := term.SaveState(cli.In().FD()) 149 if err != nil { 150 return err 151 } 152 fmt.Fprintf(cli.Out(), "Password: ") 153 term.DisableEcho(cli.In().FD(), oldState) 154 155 flPassword = readInput(cli.In(), cli.Out()) 156 fmt.Fprint(cli.Out(), "\n") 157 158 term.RestoreTerminal(cli.In().FD(), oldState) 159 if flPassword == "" { 160 return errors.Errorf("Error: Password Required") 161 } 162 } 163 164 authconfig.Username = flUser 165 authconfig.Password = flPassword 166 167 return nil 168 } 169 170 func readInput(in io.Reader, out io.Writer) string { 171 reader := bufio.NewReader(in) 172 line, _, err := reader.ReadLine() 173 if err != nil { 174 fmt.Fprintln(out, err.Error()) 175 os.Exit(1) 176 } 177 return string(line) 178 } 179 180 func promptWithDefault(out io.Writer, prompt string, configDefault string) { 181 if configDefault == "" { 182 fmt.Fprintf(out, "%s: ", prompt) 183 } else { 184 fmt.Fprintf(out, "%s (%s): ", prompt, configDefault) 185 } 186 } 187 188 // RetrieveAuthTokenFromImage retrieves an encoded auth token given a complete image 189 func RetrieveAuthTokenFromImage(ctx context.Context, cli Cli, image string) (string, error) { 190 // Retrieve encoded auth token from the image reference 191 authConfig, err := resolveAuthConfigFromImage(ctx, cli, image) 192 if err != nil { 193 return "", err 194 } 195 encodedAuth, err := EncodeAuthToBase64(authConfig) 196 if err != nil { 197 return "", err 198 } 199 return encodedAuth, nil 200 } 201 202 // resolveAuthConfigFromImage retrieves that AuthConfig using the image string 203 func resolveAuthConfigFromImage(ctx context.Context, cli Cli, image string) (types.AuthConfig, error) { 204 registryRef, err := reference.ParseNormalizedNamed(image) 205 if err != nil { 206 return types.AuthConfig{}, err 207 } 208 repoInfo, err := registry.ParseRepositoryInfo(registryRef) 209 if err != nil { 210 return types.AuthConfig{}, err 211 } 212 return ResolveAuthConfig(ctx, cli, repoInfo.Index), nil 213 }