docker_credential 1.4.0

Reads a user's docker credentials from config
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122

use super::{CredentialRetrievalError, Result};
use serde::Deserialize;
use std::collections::HashMap;
use std::io::Read;

#[derive(Deserialize)]
pub(crate) struct AuthConfig {
    pub(crate) auth: Option<String>,
    pub(crate) username: Option<String>,
    pub(crate) password: Option<String>,
    pub(crate) identitytoken: Option<String>,
}

#[derive(Deserialize)]
#[serde(rename_all = "camelCase")]
pub(crate) struct DockerConfig {
    pub(crate) auths: Option<HashMap<String, AuthConfig>>,
    pub(crate) creds_store: Option<String>,
    pub(crate) cred_helpers: Option<HashMap<String, String>>,
}

impl DockerConfig {
    pub fn get_auth(&self, image_registry: &str) -> Option<&String> {
        if let Some(auths) = &self.auths {
            if let Some(credential) = auths.get(image_registry) {
                return credential.auth.as_ref();
            }

            let image_registry = normalize_registry(image_registry);
            if let Some((_, auth_str)) = auths
                .iter()
                .find(|(key, _)| normalize_key_to_registry(key) == image_registry)
            {
                return auth_str.auth.as_ref();
            }
        }

        None
    }

    pub fn get_identity_token(&self, image_registry: &str) -> Option<&String> {
        if let Some(auths) = &self.auths {
            if let Some(auth_config) = auths.get(image_registry) {
                return auth_config.identitytoken.as_ref();
            }

            let image_registry = normalize_registry(image_registry);
            if let Some((_, auth_config)) = auths
                .iter()
                .find(|(key, _)| normalize_key_to_registry(key) == image_registry)
            {
                return auth_config.identitytoken.as_ref();
            }
        }

        None
    }

    pub fn get_username_password(&self, image_registry: &str) -> Option<(&String, &String)> {
        if let Some(auths) = &self.auths {
            if let Some(credential) = auths.get(image_registry) {
                if let (Some(u), Some(p)) = (&credential.username, &credential.password) {
                    return Some((u, p));
                }
            }

            let image_registry = normalize_registry(image_registry);
            if let Some((_, auth_config)) = auths
                .iter()
                .find(|(key, _)| normalize_key_to_registry(key) == image_registry)
            {
                if let (Some(u), Some(p)) = (&auth_config.username, &auth_config.password) {
                    return Some((u, p));
                }
            }
        }

        None
    }

    pub fn get_helper(&self, server: &str) -> Option<&String> {
        self.cred_helpers
            .as_ref()
            .and_then(|helpers| helpers.get(server).filter(|s| !s.is_empty()))
    }
}

pub(crate) fn read_config(reader: impl Read) -> Result<DockerConfig> {
    serde_json::from_reader(reader).map_err(|_| CredentialRetrievalError::ConfigReadError)
}

/// Normalizes a given key (image reference) into its resulting registry
fn normalize_key_to_registry(key: &str) -> &str {
    let stripped = key.strip_prefix("http://").unwrap_or(key);
    let mut stripped = key.strip_prefix("https://").unwrap_or(stripped);
    if stripped != key {
        stripped = stripped.split_once('/').unwrap_or((stripped, "")).0;
    }

    normalize_registry(stripped)
}

/// Converts the provided registry if a known `docker.io` host
/// is provided.
fn normalize_registry(registry: &str) -> &str {
    match registry {
        "registry-1.docker.io" | "docker.io" => "index.docker.io",
        _ => registry,
    }
}

#[cfg(test)]
mod tests {
    #[rstest::rstest]
    #[case("https://index.docker.io/v1/", "index.docker.io")]
    #[case("https://docker.io/v1/", "index.docker.io")]
    #[case("quay.io", "quay.io")]
    fn test_normalize_key_to_registry(#[case] key: &str, #[case] expected: &str) {
        let registry = super::normalize_key_to_registry(key);
        assert_eq!(registry, expected);
    }
}