-
Notifications
You must be signed in to change notification settings - Fork 277
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do-Not-Merge: Use default keychain to authenticate image pulls #78
Conversation
This is quite ugly but I've tested this change successfully against a Docker image in a private repository and against GCR. |
tokenAtoms := strings.SplitN(string(tokenBytes), ":", 2) | ||
rc, err := d.ImagePull(context.Background(), ref, dockertypes.ImagePullOptions{ | ||
RegistryAuth: base64.StdEncoding.EncodeToString([]byte( | ||
fmt.Sprintf(`{"username": "%s", "password": "%s"}`, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
based on moby/moby#34503 (comment)
reference, _ := name.ParseReference(ref, name.WeakValidation) | ||
authenticator, _ := authn.DefaultKeychain.Resolve(reference.Context().Registry) | ||
encodedHeader, _ := authenticator.Authorization() | ||
encodedToken := strings.Replace(encodedHeader, "Basic ", "", 1) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
based on moby/moby#34503 (comment)
This should not be merged as there is, I hope, a more robust approach or at least similar library code that does what this change does. |
Our docker pull code moved to The implementation is very similar to the one you contributed. |
Great news, @ekcasey. |
Fixes #74.