From 49eea2c04f72a0ae1fbc627f961751d21cc009f5 Mon Sep 17 00:00:00 2001 From: Yadong Ding Date: Tue, 19 Sep 2023 11:23:10 +0800 Subject: [PATCH] feat: support reading auth from docker config User can don't put the auth in config file, just use docker/nerdctl login. Acceld will try to read registry auth from the docker config if cant't find auth in config file. Signed-off-by: Yadong Ding --- misc/config/config.estargz.yaml | 3 ++- misc/config/config.nydus.ref.yaml | 3 ++- misc/config/config.nydus.yaml | 3 ++- pkg/config/config.go | 15 ++++++++++++++- script/integration/concurrent/config.yaml | 3 ++- 5 files changed, 22 insertions(+), 5 deletions(-) diff --git a/misc/config/config.estargz.yaml b/misc/config/config.estargz.yaml index 95ae30ff..2ca01939 100644 --- a/misc/config/config.estargz.yaml +++ b/misc/config/config.estargz.yaml @@ -25,7 +25,8 @@ provider: # webhook request auth header configured in harbor auth_header: header localhost: - auth: YWRtaW46SGFyYm9yMTIzNDU= + # If auth is not provided, it will attempt to read from docker config + # auth: YWRtaW46SGFyYm9yMTIzNDU= # work directory of acceld work_dir: /tmp gcpolicy: diff --git a/misc/config/config.nydus.ref.yaml b/misc/config/config.nydus.ref.yaml index c30a2687..0aa6dca4 100644 --- a/misc/config/config.nydus.ref.yaml +++ b/misc/config/config.nydus.ref.yaml @@ -25,7 +25,8 @@ provider: # webhook request auth header configured in harbor auth_header: header localhost: - auth: YWRtaW46SGFyYm9yMTIzNDU= + # If auth is not provided, it will attempt to read from docker config + # auth: YWRtaW46SGFyYm9yMTIzNDU= # work directory of acceld work_dir: /tmp gcpolicy: diff --git a/misc/config/config.nydus.yaml b/misc/config/config.nydus.yaml index 75ef3b68..8868bb9c 100644 --- a/misc/config/config.nydus.yaml +++ b/misc/config/config.nydus.yaml @@ -25,7 +25,8 @@ provider: # webhook request auth header configured in harbor auth_header: header localhost: - auth: YWRtaW46SGFyYm9yMTIzNDU= + # If auth is not provided, it will attempt to read from docker config + # auth: YWRtaW46SGFyYm9yMTIzNDU= # work directory of acceld work_dir: /tmp gcpolicy: diff --git a/pkg/config/config.go b/pkg/config/config.go index e7bafab7..adf6fe32 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -19,8 +19,10 @@ import ( "fmt" "io/ioutil" "net/url" + "os" "strings" + "github.com/docker/cli/cli/config" "github.com/goharbor/acceleration-service/pkg/remote" "github.com/pkg/errors" "gopkg.in/yaml.v3" @@ -109,7 +111,18 @@ func (cfg *Config) Host(ref string) (remote.CredentialFunc, bool, error) { if !ok { return nil, fmt.Errorf("not found matched hostname %s in config", refURL.Host) } - + // try to finds auth for a given host in docker's config.json settings. + if len(auth.Auth) == 0 { + config := config.LoadDefaultConfigFile(os.Stderr) + authConfig, err := config.GetAuthConfig(refURL.Host) + if err != nil { + return nil, err + } + if len(authConfig.Username) == 0 || len(authConfig.Password) == 0 { + return nil, fmt.Errorf("no auth from docker config for host %s", refURL.Host) + } + auth.Auth = base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", authConfig.Username, authConfig.Password))) + } return &auth, nil } diff --git a/script/integration/concurrent/config.yaml b/script/integration/concurrent/config.yaml index 8b57331d..d1e5474d 100644 --- a/script/integration/concurrent/config.yaml +++ b/script/integration/concurrent/config.yaml @@ -9,7 +9,8 @@ metric: provider: source: localhost: - auth: YWRtaW46SGFyYm9yMTIzNDU= + # If auth is not provided, it will attempt to read from docker config + # auth: YWRtaW46SGFyYm9yMTIzNDU= work_dir: /tmp gcpolicy: threshold: 10MB