def Run(self, args):
"""Run the helper command."""
if args.method == DockerHelper.LIST:
return {
# This tells Docker that the secret will be an access token, not a
# username/password.
# Docker normally expects a prefixed 'https://' for auth configs.
('https://' + url): '_dcgcloud_token'
for url in credential_utils.DefaultAuthenticatedRegistries()
}
elif args.method == DockerHelper.GET:
cred = c_store.Load()
if (not cred.token_expiry or cred.token_expiry.utcnow() >
cred.token_expiry - datetime.timedelta(minutes=55)):
c_store.Refresh(cred)
url = sys.stdin.read().strip()
if (url.replace('https://', '', 1)
not in credential_utils.SupportedRegistries()):
raise exceptions.Error(
'Repository url [{url}] is not supported'.format(url=url))
# Putting an actual username in the response doesn't work. Docker will
# then prompt for a password instead of using the access token.
return {
'Secret': cred.access_token,
'Username': '******',
}
# Don't print anything if we are not supporting the given action.
# The credential helper protocol also support 'store' and 'erase' actions
# that don't apply here. The full spec can be found here:
# https://github.com/docker/docker-credential-helpers#development
args.GetDisplayInfo().AddFormat('none')
return None
def testGet_AllSupported_WithScheme(self):
for supported_registry in credential_utils.SupportedRegistries():
self.WriteInput('https://{}\n'.format(supported_registry))
self.Run('auth docker-helper get')
data = json.loads(self.GetOutput())
self.assertEqual(
data, {
'Secret': self.FakeAuthAccessToken(),
'Username': '******'
})
self.refresh_mock.assert_not_called()
self.ClearOutput()
self.ClearErr()
def Run(self, args):
"""Run the helper command."""
if args.method == DockerHelper.LIST:
return {
# This tells Docker that the secret will be an access token, not a
# username/password.
# Docker normally expects a prefixed 'https://' for auth configs.
('https://' + url): '_dcgcloud_token'
for url in credential_utils.DefaultAuthenticatedRegistries()
}
elif args.method == DockerHelper.GET:
# docker credential helper protocol expects that error is printed to
# stdout.
try:
cred = c_store.Load(use_google_auth=True)
except creds_exceptions.NoActiveAccountException:
log.Print(
'You do not currently have an active account selected. '
'See https://cloud.google.com/sdk/docs/authorizing for more '
'information.')
sys.exit(1)
c_store.RefreshIfExpireWithinWindow(cred,
window=TOKEN_MIN_LIFETIME)
url = sys.stdin.read().strip()
if (url.replace('https://', '', 1)
not in credential_utils.SupportedRegistries()):
raise exceptions.Error(
'Repository url [{url}] is not supported'.format(url=url))
# Putting an actual username in the response doesn't work. Docker will
# then prompt for a password instead of using the access token.
token = (cred.token if c_creds.IsGoogleAuthCredentials(cred) else
cred.access_token)
return {
'Secret': token,
'Username': '******',
}
# Don't print anything if we are not supporting the given action.
# The credential helper protocol also support 'store' and 'erase' actions
# that don't apply here. The full spec can be found here:
# https://github.com/docker/docker-credential-helpers#development
args.GetDisplayInfo().AddFormat('none')
return None
def CheckValidRegistry(self, registry):
if registry not in cred_utils.SupportedRegistries():
log.warning('{0} is not a supported registry'.format(registry))
return False
return True