def Run(self, args): """Run the helper command.""" if args.method == DockerHelper.LIST: return { # This tells Docker that the secret will be an access token, not a # username/password. # Docker normally expects a prefixed 'https://' for auth configs. ('https://' + url): '_dcgcloud_token' for url in credential_utils.DefaultAuthenticatedRegistries() } elif args.method == DockerHelper.GET: cred = c_store.Load() if (not cred.token_expiry or cred.token_expiry.utcnow() > cred.token_expiry - datetime.timedelta(minutes=55)): c_store.Refresh(cred) url = sys.stdin.read().strip() if (url.replace('https://', '', 1) not in credential_utils.SupportedRegistries()): raise exceptions.Error( 'Repository url [{url}] is not supported'.format(url=url)) # Putting an actual username in the response doesn't work. Docker will # then prompt for a password instead of using the access token. return { 'Secret': cred.access_token, 'Username': '******', } # Don't print anything if we are not supporting the given action. # The credential helper protocol also support 'store' and 'erase' actions # that don't apply here. The full spec can be found here: # https://github.com/docker/docker-credential-helpers#development args.GetDisplayInfo().AddFormat('none') return None
def testGet_AllSupported_WithScheme(self): for supported_registry in credential_utils.SupportedRegistries(): self.WriteInput('https://{}\n'.format(supported_registry)) self.Run('auth docker-helper get') data = json.loads(self.GetOutput()) self.assertEqual( data, { 'Secret': self.FakeAuthAccessToken(), 'Username': '******' }) self.refresh_mock.assert_not_called() self.ClearOutput() self.ClearErr()
def Run(self, args): """Run the helper command.""" if args.method == DockerHelper.LIST: return { # This tells Docker that the secret will be an access token, not a # username/password. # Docker normally expects a prefixed 'https://' for auth configs. ('https://' + url): '_dcgcloud_token' for url in credential_utils.DefaultAuthenticatedRegistries() } elif args.method == DockerHelper.GET: # docker credential helper protocol expects that error is printed to # stdout. try: cred = c_store.Load(use_google_auth=True) except creds_exceptions.NoActiveAccountException: log.Print( 'You do not currently have an active account selected. ' 'See https://cloud.google.com/sdk/docs/authorizing for more ' 'information.') sys.exit(1) c_store.RefreshIfExpireWithinWindow(cred, window=TOKEN_MIN_LIFETIME) url = sys.stdin.read().strip() if (url.replace('https://', '', 1) not in credential_utils.SupportedRegistries()): raise exceptions.Error( 'Repository url [{url}] is not supported'.format(url=url)) # Putting an actual username in the response doesn't work. Docker will # then prompt for a password instead of using the access token. token = (cred.token if c_creds.IsGoogleAuthCredentials(cred) else cred.access_token) return { 'Secret': token, 'Username': '******', } # Don't print anything if we are not supporting the given action. # The credential helper protocol also support 'store' and 'erase' actions # that don't apply here. The full spec can be found here: # https://github.com/docker/docker-credential-helpers#development args.GetDisplayInfo().AddFormat('none') return None
def CheckValidRegistry(self, registry): if registry not in cred_utils.SupportedRegistries(): log.warning('{0} is not a supported registry'.format(registry)) return False return True