Make dockerpycreds part of the SDK under docker.credentials

Signed-off-by: Joffrey F <joffrey@docker.com>

Author: shin-

MANIFEST.in

@@ -6,3 +6,4 @@ include LICENSE
 recursive-include tests *.py
 recursive-include tests/unit/testdata *
 recursive-include tests/integration/testdata *
+recursive-include tests/gpg-keys *

Makefile

@@ -8,11 +8,11 @@ clean:
 
 .PHONY: build
 build:
-	docker build -t docker-sdk-python .
+	docker build -t docker-sdk-python -f tests/Dockerfile --build-arg PYTHON_VERSION=2.7 .
 
 .PHONY: build-py3
 build-py3:
-	docker build -t docker-sdk-python3 -f Dockerfile-py3 .
+	docker build -t docker-sdk-python3 -f tests/Dockerfile .
 
 .PHONY: build-docs
 build-docs:
@@ -39,7 +39,7 @@ integration-test: build
 
 .PHONY: integration-test-py3
 integration-test-py3: build-py3
-	docker run -t --rm -v /var/run/docker.sock:/var/run/docker.sock docker-sdk-python3 py.test tests/integration/${file}
+	docker run -t --rm -v /var/run/docker.sock:/var/run/docker.sock docker-sdk-python3 py.test -v tests/integration/${file}
 
 TEST_API_VERSION ?= 1.35
 TEST_ENGINE_VERSION ?= 17.12.0-ce

docker/auth.py

@@ -2,9 +2,9 @@
 import json
 import logging
 
-import dockerpycreds
 import six
 
+from . import credentials
 from . import errors
 from .utils import config
 
@@ -273,17 +273,17 @@ def _resolve_authconfig_credstore(self, registry, credstore_name):
                     'Password': data['Secret'],
                 })
             return res
-        except dockerpycreds.CredentialsNotFound:
+        except credentials.CredentialsNotFound:
             log.debug('No entry found')
             return None
-        except dockerpycreds.StoreError as e:
+        except credentials.StoreError as e:
             raise errors.DockerException(
                 'Credentials store error: {0}'.format(repr(e))
             )
 
     def _get_store_instance(self, name):
         if name not in self._stores:
-            self._stores[name] = dockerpycreds.Store(
+            self._stores[name] = credentials.Store(
                 name, environment=self._credstore_env
             )
         return self._stores[name]

docker/credentials/__init__.py

@@ -0,0 +1,4 @@
+# flake8: noqa
+from .store import Store
+from .errors import StoreError, CredentialsNotFound
+from .constants import *

docker/credentials/constants.py

@@ -0,0 +1,4 @@
+PROGRAM_PREFIX = 'docker-credential-'
+DEFAULT_LINUX_STORE = 'secretservice'
+DEFAULT_OSX_STORE = 'osxkeychain'
+DEFAULT_WIN32_STORE = 'wincred'

docker/credentials/errors.py

@@ -0,0 +1,25 @@
+class StoreError(RuntimeError):
+    pass
+
+
+class CredentialsNotFound(StoreError):
+    pass
+
+
+class InitializationError(StoreError):
+    pass
+
+
+def process_store_error(cpe, program):
+    message = cpe.output.decode('utf-8')
+    if 'credentials not found in native keychain' in message:
+        return CredentialsNotFound(
+            'No matching credentials in {}'.format(
+                program
+            )
+        )
+    return StoreError(
+        'Credentials store {} exited with "{}".'.format(
+            program, cpe.output.decode('utf-8').strip()
+        )
+    )

docker/credentials/store.py

@@ -0,0 +1,107 @@
+import json
+import os
+import subprocess
+
+import six
+
+from . import constants
+from . import errors
+from .utils import create_environment_dict
+from .utils import find_executable
+
+
+class Store(object):
+    def __init__(self, program, environment=None):
+        """ Create a store object that acts as an interface to
+            perform the basic operations for storing, retrieving
+            and erasing credentials using `program`.
+        """
+        self.program = constants.PROGRAM_PREFIX + program
+        self.exe = find_executable(self.program)
+        self.environment = environment
+        if self.exe is None:
+            raise errors.InitializationError(
+                '{} not installed or not available in PATH'.format(
+                    self.program
+                )
+            )
+
+    def get(self, server):
+        """ Retrieve credentials for `server`. If no credentials are found,
+            a `StoreError` will be raised.
+        """
+        if not isinstance(server, six.binary_type):
+            server = server.encode('utf-8')
+        data = self._execute('get', server)
+        result = json.loads(data.decode('utf-8'))
+
+        # docker-credential-pass will return an object for inexistent servers
+        # whereas other helpers will exit with returncode != 0. For
+        # consistency, if no significant data is returned,
+        # raise CredentialsNotFound
+        if result['Username'] == '' and result['Secret'] == '':
+            raise errors.CredentialsNotFound(
+                'No matching credentials in {}'.format(self.program)
+            )
+
+        return result
+
+    def store(self, server, username, secret):
+        """ Store credentials for `server`. Raises a `StoreError` if an error
+            occurs.
+        """
+        data_input = json.dumps({
+            'ServerURL': server,
+            'Username': username,
+            'Secret': secret
+        }).encode('utf-8')
+        return self._execute('store', data_input)
+
+    def erase(self, server):
+        """ Erase credentials for `server`. Raises a `StoreError` if an error
+            occurs.
+        """
+        if not isinstance(server, six.binary_type):
+            server = server.encode('utf-8')
+        self._execute('erase', server)
+
+    def list(self):
+        """ List stored credentials. Requires v0.4.0+ of the helper.
+        """
+        data = self._execute('list', None)
+        return json.loads(data.decode('utf-8'))
+
+    def _execute(self, subcmd, data_input):
+        output = None
+        env = create_environment_dict(self.environment)
+        try:
+            if six.PY3:
+                output = subprocess.check_output(
+                    [self.exe, subcmd], input=data_input, env=env,
+                )
+            else:
+                process = subprocess.Popen(
+                    [self.exe, subcmd], stdin=subprocess.PIPE,
+                    stdout=subprocess.PIPE, env=env,
+                )
+                output, err = process.communicate(data_input)
+                if process.returncode != 0:
+                    raise subprocess.CalledProcessError(
+                        returncode=process.returncode, cmd='', output=output
+                    )
+        except subprocess.CalledProcessError as e:
+            raise errors.process_store_error(e, self.program)
+        except OSError as e:
+            if e.errno == os.errno.ENOENT:
+                raise errors.StoreError(
+                    '{} not installed or not available in PATH'.format(
+                        self.program
+                    )
+                )
+            else:
+                raise errors.StoreError(
+                    'Unexpected OS error "{}", errno={}'.format(
+                        e.strerror, e.errno
+                    )
+                )
+        return output

docker/credentials/utils.py

@@ -0,0 +1,38 @@
+import distutils.spawn
+import os
+import sys
+
+
+def find_executable(executable, path=None):
+    """
+    As distutils.spawn.find_executable, but on Windows, look up
+    every extension declared in PATHEXT instead of just `.exe`
+    """
+    if sys.platform != 'win32':
+        return distutils.spawn.find_executable(executable, path)
+
+    if path is None:
+        path = os.environ['PATH']
+
+    paths = path.split(os.pathsep)
+    extensions = os.environ.get('PATHEXT', '.exe').split(os.pathsep)
+    base, ext = os.path.splitext(executable)
+
+    if not os.path.isfile(executable):
+        for p in paths:
+            for ext in extensions:
+                f = os.path.join(p, base + ext)
+                if os.path.isfile(f):
+                    return f
+        return None
+    else:
+        return executable
+
+
+def create_environment_dict(overrides):
+    """
+    Create and return a copy of os.environ with the specified overrides
+    """
+    result = os.environ.copy()
+    result.update(overrides or {})
+    return result

requirements.txt

@@ -3,7 +3,6 @@ asn1crypto==0.22.0
 backports.ssl-match-hostname==3.5.0.1
 cffi==1.10.0
 cryptography==2.3
-docker-pycreds==0.4.0
 enum34==1.1.6
 idna==2.5
 ipaddress==1.0.18

setup.py

@@ -12,7 +12,6 @@
 requirements = [
     'six >= 1.4.0',
     'websocket-client >= 0.32.0',
-    'docker-pycreds >= 0.4.0',
     'requests >= 2.14.2, != 2.18.0',
 ]