Add optional auth config to docker push

docker/api/image.py

@@ -205,7 +205,7 @@ def pull(self, repository, tag=None, stream=False,
         return self._result(response)
 
     def push(self, repository, tag=None, stream=False,
-             insecure_registry=False, decode=False):
+             insecure_registry=False, auth_config=None, decode=False):
         if insecure_registry:
             warnings.warn(
                 INSECURE_REGISTRY_DEPRECATION_WARNING.format('push()'),
@@ -224,15 +224,22 @@ def push(self, repository, tag=None, stream=False,
         if utils.compare_version('1.5', self._version) >= 0:
             # If we don't have any auth data so far, try reloading the config
             # file one more time in case anything showed up in there.
-            if not self._auth_configs:
-                self._auth_configs = auth.load_config()
-            authcfg = auth.resolve_authconfig(self._auth_configs, registry)
-
-            # Do not fail here if no authentication exists for this specific
-            # registry as we can have a readonly pull. Just put the header if
-            # we can.
-            if authcfg:
-                headers['X-Registry-Auth'] = auth.encode_header(authcfg)
+            if auth_config is None:
+                log.debug('Looking for auth config')
+                if not self._auth_configs:
+                    log.debug(
+                        "No auth config in memory - loading from filesystem"
+                    )
+                    self._auth_configs = auth.load_config()
+                authcfg = auth.resolve_authconfig(self._auth_configs, registry)
+                # Do not fail here if no authentication exists for this
+                # specific registry as we can have a readonly pull. Just
+                # put the header if we can.
+                if authcfg:
+                    headers['X-Registry-Auth'] = auth.encode_header(authcfg)
+            else:
+                log.debug('Sending supplied auth config')
+                headers['X-Registry-Auth'] = auth.encode_header(auth_config)
 
         response = self._post_json(
             u, None, headers=headers, stream=stream, params=params

docs/api.md

@@ -801,6 +801,8 @@ command.
 * tag (str): An optional tag to push
 * stream (bool): Stream the output as a blocking generator
 * insecure_registry (bool): Use `http://` to connect to the registry
+* auth_config (dict): Override the credentials that Client.login has set for this request
+  `auth_config` should contain the `username` and `password` keys to be valid.
 
 **Returns** (generator or str): The output of the upload
 

tests/unit/image_test.py

@@ -2,6 +2,7 @@
 import pytest
 
 from . import fake_api
+from docker import auth
 from .api_test import (
     DockerClientTest, fake_request, DEFAULT_TIMEOUT_SECONDS, url_prefix,
     fake_resolve_authconfig
@@ -262,6 +263,31 @@ def test_push_image_with_tag(self):
             timeout=DEFAULT_TIMEOUT_SECONDS
         )
 
+    def test_push_image_with_auth(self):
+        auth_config = {
+            'username': "test_user",
+            'password': "test_password",
+            'serveraddress': "test_server",
+        }
+        encoded_auth = auth.encode_header(auth_config)
+        self.client.push(
+                fake_api.FAKE_IMAGE_NAME, tag=fake_api.FAKE_TAG_NAME,
+                auth_config=auth_config
+                )
+
+        fake_request.assert_called_with(
+            'POST',
+            url_prefix + 'images/test_image/push',
+            params={
+                'tag': fake_api.FAKE_TAG_NAME,
+            },
+            data='{}',
+            headers={'Content-Type': 'application/json',
+                     'X-Registry-Auth': encoded_auth},
+            stream=False,
+            timeout=DEFAULT_TIMEOUT_SECONDS
+        )
+
     def test_push_image_stream(self):
         with mock.patch('docker.auth.auth.resolve_authconfig',
                         fake_resolve_authconfig):