diff --git a/go.mod b/go.mod index c1490ce1c4..f5aa02882d 100644 --- a/go.mod +++ b/go.mod @@ -93,6 +93,7 @@ require ( github.com/docker/go-metrics v0.0.1 // indirect github.com/docker/go-units v0.4.0 // indirect github.com/docker/swarmkit v1.12.1-0.20180726190244-7567d47988d8 // indirect + github.com/ePirat/docker-credential-gitlabci v1.0.0 github.com/emirpasic/gods v1.12.0 // indirect github.com/fsnotify/fsnotify v1.5.1 // indirect github.com/go-git/gcfg v1.5.0 // indirect diff --git a/go.sum b/go.sum index 547fe08792..6c3e39051c 100644 --- a/go.sum +++ b/go.sum @@ -604,6 +604,8 @@ github.com/docker/swarmkit v1.12.1-0.20180726190244-7567d47988d8/go.mod h1:n3Z4l github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= +github.com/ePirat/docker-credential-gitlabci v1.0.0 h1:YRkUSvkON6rT88vtscClAmPEYWhtltGEAuRVYtz1/+Y= +github.com/ePirat/docker-credential-gitlabci v1.0.0/go.mod h1:Ptmh+D0lzBQtgb6+QHjXl9HqOn3T1P8fKUHldiSQQGA= github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= diff --git a/pkg/creds/creds.go b/pkg/creds/creds.go index 394bf3f64e..5c95eaeeb3 100644 --- a/pkg/creds/creds.go +++ b/pkg/creds/creds.go @@ -21,6 +21,7 @@ import ( ecr "github.com/awslabs/amazon-ecr-credential-helper/ecr-login" "github.com/chrismellard/docker-credential-acr-env/pkg/credhelper" + gitlab "github.com/ePirat/docker-credential-gitlabci/pkg/credhelper" "github.com/google/go-containerregistry/pkg/authn" "github.com/google/go-containerregistry/pkg/v1/google" ) @@ -32,5 +33,6 @@ func GetKeychain() authn.Keychain { google.Keychain, authn.NewKeychainFromHelper(ecr.NewECRHelper(ecr.WithLogger(ioutil.Discard))), authn.NewKeychainFromHelper(credhelper.NewACRCredentialsHelper()), + authn.NewKeychainFromHelper(gitlab.NewGitLabCredentialsHelper()), ) } diff --git a/vendor/github.com/ePirat/docker-credential-gitlabci/LICENSE b/vendor/github.com/ePirat/docker-credential-gitlabci/LICENSE new file mode 100644 index 0000000000..a29567155d --- /dev/null +++ b/vendor/github.com/ePirat/docker-credential-gitlabci/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2022 Marvin Scholz + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/vendor/github.com/ePirat/docker-credential-gitlabci/pkg/credhelper/credhelper.go b/vendor/github.com/ePirat/docker-credential-gitlabci/pkg/credhelper/credhelper.go new file mode 100644 index 0000000000..3d44d7ff76 --- /dev/null +++ b/vendor/github.com/ePirat/docker-credential-gitlabci/pkg/credhelper/credhelper.go @@ -0,0 +1,108 @@ +/* Copyright (c) 2022 Marvin Scholz + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +package credhelper + +import ( + "errors" + "fmt" + "net/url" + "os" + "strings" + + "github.com/docker/docker-credential-helpers/credentials" +) + +type GitLabCredentialsHelper struct{} + +var ErrUnsupportedOperation = errors.New("unsupported operation") + +func NewGitLabCredentialsHelper() credentials.Helper { + return &GitLabCredentialsHelper{} +} + +func parseRegistryURL(urlString string) (*url.URL, error) { + // If no scheme is given, use https as it is the default + // for docker registries + if !(strings.HasPrefix(urlString, "https://") || + strings.HasPrefix(urlString, "http://")) { + urlString = "https://" + urlString + } + return url.Parse(urlString) +} + +func matchRegistryURL(serverURLString string) error { + // Read registry URL from predefined CI environment variable + // https://docs.gitlab.com/ee/ci/variables/predefined_variables.html + envURLString, urlFound := os.LookupEnv("CI_REGISTRY") + if !urlFound { + return errors.New("no CI_REGISTRY env var set") + } + envURL, err := parseRegistryURL(envURLString) + if err != nil { + return fmt.Errorf("failed to parse CI_REGISTRY URL: %w", err) + } + serverURL, err := parseRegistryURL(serverURLString) + if err != nil { + return fmt.Errorf("failed to parse registry URL: %w", err) + } + if serverURL.Hostname() == "" || envURL.Hostname() == "" { + return errors.New("failed getting hosts for matching") + } + if serverURL.Scheme != envURL.Scheme { + return fmt.Errorf("protocol for '%s' does not match CI_REGISTRY host '%s'", + serverURLString, + envURLString) + } + if serverURL.Hostname() != envURL.Hostname() { + return fmt.Errorf("host '%s' does not match CI_REGISTRY host '%s'", + serverURL.Hostname(), + envURL.Hostname()) + } + return nil +} + +func (credHelper GitLabCredentialsHelper) Add(c *credentials.Credentials) error { + return ErrUnsupportedOperation +} + +func (credHelper GitLabCredentialsHelper) Delete(serverURL string) error { + return ErrUnsupportedOperation +} + +func (credHelper GitLabCredentialsHelper) Get(serverURL string) (string, string, error) { + if err := matchRegistryURL(serverURL); err != nil { + return "", "", fmt.Errorf("server URL does not match CI_REGISTRY URL: %w", err) + } + user, found := os.LookupEnv("CI_REGISTRY_USER") + if !found { + return "", "", errors.New("no CI_REGISTRY_USER env var set") + } + pass, found := os.LookupEnv("CI_REGISTRY_PASSWORD") + if !found { + return "", "", errors.New("no CI_REGISTRY_PASSWORD env var set") + } + return user, pass, nil +} + +func (credHelper GitLabCredentialsHelper) List() (map[string]string, error) { + return nil, ErrUnsupportedOperation +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 224a43e9ca..09b4d3aecb 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -434,6 +434,9 @@ github.com/docker/swarmkit/log github.com/docker/swarmkit/manager/raftselector github.com/docker/swarmkit/protobuf/plugin github.com/docker/swarmkit/protobuf/ptypes +# github.com/ePirat/docker-credential-gitlabci v1.0.0 +## explicit; go 1.17 +github.com/ePirat/docker-credential-gitlabci/pkg/credhelper # github.com/emirpasic/gods v1.12.0 ## explicit github.com/emirpasic/gods/containers