-
Notifications
You must be signed in to change notification settings - Fork 13
/
dockersecrets.go
83 lines (67 loc) · 2.18 KB
/
dockersecrets.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
package kubernetes
import (
"encoding/base64"
"encoding/json"
"fmt"
perrors "github.com/pkg/errors"
k8sv1 "k8s.io/api/core/v1"
)
// DockerConfigJSON represents a local docker auth config file
// for pulling images.
type DockerConfigJSON struct {
Auths DockerConfig `json:"auths"`
}
// DockerConfig represents the config file used by the docker CLI.
// This config that represents the credentials that should be used
// when pulling images from specific image repositories.
type DockerConfig map[string]DockerConfigEntry
// DockerConfigEntry holds the user information that grant the access to docker registry
type DockerConfigEntry struct {
Auth string `json:"auth"`
Email string `json:"email"`
}
func PreparePullSecretData(registryURL, authToken, email string) (string, error) {
dockerConfig := &DockerConfigJSON{
Auths: DockerConfig{
registryURL: newDockerConfigEntry(authToken, email),
},
}
pullSecretData, err := toPullSecretData(dockerConfig)
if err != nil {
return "", perrors.Wrap(err, "new pull secret")
}
return pullSecretData, nil
}
func newDockerConfigEntry(authToken, email string) DockerConfigEntry {
return DockerConfigEntry{
Auth: base64.StdEncoding.EncodeToString([]byte(authToken)),
Email: email,
}
}
func toPullSecretData(dockerConfig *DockerConfigJSON) (string, error) {
data, err := json.Marshal(dockerConfig)
if err != nil {
return "", perrors.Wrap(err, "marshal docker config")
}
return k8sv1.DockerConfigJsonKey + "=" + string(data), nil
}
func DecodeAuthTokenFromPullSecret(secret k8sv1.Secret, host string) (string, error) {
dockerConfigBytes, ok := secret.Data[k8sv1.DockerConfigJsonKey]
if !ok {
return "", fmt.Errorf("could not find %s in secret data", k8sv1.DockerConfigJsonKey)
}
var dockerConfig DockerConfigJSON
err := json.Unmarshal(dockerConfigBytes, &dockerConfig)
if err != nil {
return "", perrors.Wrap(err, "unmarshal docker config")
}
auth, ok := dockerConfig.Auths[host]
if !ok {
return "", fmt.Errorf("no auth found for host: %s", host)
}
decodedAuthToken, err := base64.StdEncoding.DecodeString(auth.Auth)
if err != nil {
return "", perrors.Wrap(err, "decode auth token")
}
return string(decodedAuthToken), nil
}