aboutsummaryrefslogtreecommitdiff
path: root/vendor/github.com/docker/docker-credential-helpers/credentials
diff options
context:
space:
mode:
authorMatthew Heon <matthew.heon@gmail.com>2017-11-01 11:24:59 -0400
committerMatthew Heon <matthew.heon@gmail.com>2017-11-01 11:24:59 -0400
commita031b83a09a8628435317a03f199cdc18b78262f (patch)
treebc017a96769ce6de33745b8b0b1304ccf38e9df0 /vendor/github.com/docker/docker-credential-helpers/credentials
parent2b74391cd5281f6fdf391ff8ad50fd1490f6bf89 (diff)
downloadpodman-a031b83a09a8628435317a03f199cdc18b78262f.tar.gz
podman-a031b83a09a8628435317a03f199cdc18b78262f.tar.bz2
podman-a031b83a09a8628435317a03f199cdc18b78262f.zip
Initial checkin from CRI-O repo
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Diffstat (limited to 'vendor/github.com/docker/docker-credential-helpers/credentials')
-rw-r--r--vendor/github.com/docker/docker-credential-helpers/credentials/credentials.go186
-rw-r--r--vendor/github.com/docker/docker-credential-helpers/credentials/error.go102
-rw-r--r--vendor/github.com/docker/docker-credential-helpers/credentials/helper.go14
-rw-r--r--vendor/github.com/docker/docker-credential-helpers/credentials/version.go4
4 files changed, 306 insertions, 0 deletions
diff --git a/vendor/github.com/docker/docker-credential-helpers/credentials/credentials.go b/vendor/github.com/docker/docker-credential-helpers/credentials/credentials.go
new file mode 100644
index 000000000..da8b594e7
--- /dev/null
+++ b/vendor/github.com/docker/docker-credential-helpers/credentials/credentials.go
@@ -0,0 +1,186 @@
+package credentials
+
+import (
+ "bufio"
+ "bytes"
+ "encoding/json"
+ "fmt"
+ "io"
+ "os"
+ "strings"
+)
+
+// Credentials holds the information shared between docker and the credentials store.
+type Credentials struct {
+ ServerURL string
+ Username string
+ Secret string
+}
+
+// isValid checks the integrity of Credentials object such that no credentials lack
+// a server URL or a username.
+// It returns whether the credentials are valid and the error if it isn't.
+// error values can be errCredentialsMissingServerURL or errCredentialsMissingUsername
+func (c *Credentials) isValid() (bool, error) {
+ if len(c.ServerURL) == 0 {
+ return false, NewErrCredentialsMissingServerURL()
+ }
+
+ if len(c.Username) == 0 {
+ return false, NewErrCredentialsMissingUsername()
+ }
+
+ return true, nil
+}
+
+// CredsLabel holds the way Docker credentials should be labeled as such in credentials stores that allow labelling.
+// That label allows to filter out non-Docker credentials too at lookup/search in macOS keychain,
+// Windows credentials manager and Linux libsecret. Default value is "Docker Credentials"
+var CredsLabel = "Docker Credentials"
+
+// SetCredsLabel is a simple setter for CredsLabel
+func SetCredsLabel(label string) {
+ CredsLabel = label
+}
+
+// Serve initializes the credentials helper and parses the action argument.
+// This function is designed to be called from a command line interface.
+// It uses os.Args[1] as the key for the action.
+// It uses os.Stdin as input and os.Stdout as output.
+// This function terminates the program with os.Exit(1) if there is an error.
+func Serve(helper Helper) {
+ var err error
+ if len(os.Args) != 2 {
+ err = fmt.Errorf("Usage: %s <store|get|erase|list|version>", os.Args[0])
+ }
+
+ if err == nil {
+ err = HandleCommand(helper, os.Args[1], os.Stdin, os.Stdout)
+ }
+
+ if err != nil {
+ fmt.Fprintf(os.Stdout, "%v\n", err)
+ os.Exit(1)
+ }
+}
+
+// HandleCommand uses a helper and a key to run a credential action.
+func HandleCommand(helper Helper, key string, in io.Reader, out io.Writer) error {
+ switch key {
+ case "store":
+ return Store(helper, in)
+ case "get":
+ return Get(helper, in, out)
+ case "erase":
+ return Erase(helper, in)
+ case "list":
+ return List(helper, out)
+ case "version":
+ return PrintVersion(out)
+ }
+ return fmt.Errorf("Unknown credential action `%s`", key)
+}
+
+// Store uses a helper and an input reader to save credentials.
+// The reader must contain the JSON serialization of a Credentials struct.
+func Store(helper Helper, reader io.Reader) error {
+ scanner := bufio.NewScanner(reader)
+
+ buffer := new(bytes.Buffer)
+ for scanner.Scan() {
+ buffer.Write(scanner.Bytes())
+ }
+
+ if err := scanner.Err(); err != nil && err != io.EOF {
+ return err
+ }
+
+ var creds Credentials
+ if err := json.NewDecoder(buffer).Decode(&creds); err != nil {
+ return err
+ }
+
+ if ok, err := creds.isValid(); !ok {
+ return err
+ }
+
+ return helper.Add(&creds)
+}
+
+// Get retrieves the credentials for a given server url.
+// The reader must contain the server URL to search.
+// The writer is used to write the JSON serialization of the credentials.
+func Get(helper Helper, reader io.Reader, writer io.Writer) error {
+ scanner := bufio.NewScanner(reader)
+
+ buffer := new(bytes.Buffer)
+ for scanner.Scan() {
+ buffer.Write(scanner.Bytes())
+ }
+
+ if err := scanner.Err(); err != nil && err != io.EOF {
+ return err
+ }
+
+ serverURL := strings.TrimSpace(buffer.String())
+ if len(serverURL) == 0 {
+ return NewErrCredentialsMissingServerURL()
+ }
+
+ username, secret, err := helper.Get(serverURL)
+ if err != nil {
+ return err
+ }
+
+ resp := Credentials{
+ ServerURL: serverURL,
+ Username: username,
+ Secret: secret,
+ }
+
+ buffer.Reset()
+ if err := json.NewEncoder(buffer).Encode(resp); err != nil {
+ return err
+ }
+
+ fmt.Fprint(writer, buffer.String())
+ return nil
+}
+
+// Erase removes credentials from the store.
+// The reader must contain the server URL to remove.
+func Erase(helper Helper, reader io.Reader) error {
+ scanner := bufio.NewScanner(reader)
+
+ buffer := new(bytes.Buffer)
+ for scanner.Scan() {
+ buffer.Write(scanner.Bytes())
+ }
+
+ if err := scanner.Err(); err != nil && err != io.EOF {
+ return err
+ }
+
+ serverURL := strings.TrimSpace(buffer.String())
+ if len(serverURL) == 0 {
+ return NewErrCredentialsMissingServerURL()
+ }
+
+ return helper.Delete(serverURL)
+}
+
+//List returns all the serverURLs of keys in
+//the OS store as a list of strings
+func List(helper Helper, writer io.Writer) error {
+ accts, err := helper.List()
+ if err != nil {
+ return err
+ }
+ return json.NewEncoder(writer).Encode(accts)
+}
+
+//PrintVersion outputs the current version.
+func PrintVersion(writer io.Writer) error {
+ fmt.Fprintln(writer, Version)
+ return nil
+}
diff --git a/vendor/github.com/docker/docker-credential-helpers/credentials/error.go b/vendor/github.com/docker/docker-credential-helpers/credentials/error.go
new file mode 100644
index 000000000..fe6a5aef4
--- /dev/null
+++ b/vendor/github.com/docker/docker-credential-helpers/credentials/error.go
@@ -0,0 +1,102 @@
+package credentials
+
+const (
+ // ErrCredentialsNotFound standardizes the not found error, so every helper returns
+ // the same message and docker can handle it properly.
+ errCredentialsNotFoundMessage = "credentials not found in native keychain"
+
+ // ErrCredentialsMissingServerURL and ErrCredentialsMissingUsername standardize
+ // invalid credentials or credentials management operations
+ errCredentialsMissingServerURLMessage = "no credentials server URL"
+ errCredentialsMissingUsernameMessage = "no credentials username"
+)
+
+// errCredentialsNotFound represents an error
+// raised when credentials are not in the store.
+type errCredentialsNotFound struct{}
+
+// Error returns the standard error message
+// for when the credentials are not in the store.
+func (errCredentialsNotFound) Error() string {
+ return errCredentialsNotFoundMessage
+}
+
+// NewErrCredentialsNotFound creates a new error
+// for when the credentials are not in the store.
+func NewErrCredentialsNotFound() error {
+ return errCredentialsNotFound{}
+}
+
+// IsErrCredentialsNotFound returns true if the error
+// was caused by not having a set of credentials in a store.
+func IsErrCredentialsNotFound(err error) bool {
+ _, ok := err.(errCredentialsNotFound)
+ return ok
+}
+
+// IsErrCredentialsNotFoundMessage returns true if the error
+// was caused by not having a set of credentials in a store.
+//
+// This function helps to check messages returned by an
+// external program via its standard output.
+func IsErrCredentialsNotFoundMessage(err string) bool {
+ return err == errCredentialsNotFoundMessage
+}
+
+// errCredentialsMissingServerURL represents an error raised
+// when the credentials object has no server URL or when no
+// server URL is provided to a credentials operation requiring
+// one.
+type errCredentialsMissingServerURL struct{}
+
+func (errCredentialsMissingServerURL) Error() string {
+ return errCredentialsMissingServerURLMessage
+}
+
+// errCredentialsMissingUsername represents an error raised
+// when the credentials object has no username or when no
+// username is provided to a credentials operation requiring
+// one.
+type errCredentialsMissingUsername struct{}
+
+func (errCredentialsMissingUsername) Error() string {
+ return errCredentialsMissingUsernameMessage
+}
+
+// NewErrCredentialsMissingServerURL creates a new error for
+// errCredentialsMissingServerURL.
+func NewErrCredentialsMissingServerURL() error {
+ return errCredentialsMissingServerURL{}
+}
+
+// NewErrCredentialsMissingUsername creates a new error for
+// errCredentialsMissingUsername.
+func NewErrCredentialsMissingUsername() error {
+ return errCredentialsMissingUsername{}
+}
+
+// IsCredentialsMissingServerURL returns true if the error
+// was an errCredentialsMissingServerURL.
+func IsCredentialsMissingServerURL(err error) bool {
+ _, ok := err.(errCredentialsMissingServerURL)
+ return ok
+}
+
+// IsCredentialsMissingServerURLMessage checks for an
+// errCredentialsMissingServerURL in the error message.
+func IsCredentialsMissingServerURLMessage(err string) bool {
+ return err == errCredentialsMissingServerURLMessage
+}
+
+// IsCredentialsMissingUsername returns true if the error
+// was an errCredentialsMissingUsername.
+func IsCredentialsMissingUsername(err error) bool {
+ _, ok := err.(errCredentialsMissingUsername)
+ return ok
+}
+
+// IsCredentialsMissingUsernameMessage checks for an
+// errCredentialsMissingUsername in the error message.
+func IsCredentialsMissingUsernameMessage(err string) bool {
+ return err == errCredentialsMissingUsernameMessage
+}
diff --git a/vendor/github.com/docker/docker-credential-helpers/credentials/helper.go b/vendor/github.com/docker/docker-credential-helpers/credentials/helper.go
new file mode 100644
index 000000000..135acd254
--- /dev/null
+++ b/vendor/github.com/docker/docker-credential-helpers/credentials/helper.go
@@ -0,0 +1,14 @@
+package credentials
+
+// Helper is the interface a credentials store helper must implement.
+type Helper interface {
+ // Add appends credentials to the store.
+ Add(*Credentials) error
+ // Delete removes credentials from the store.
+ Delete(serverURL string) error
+ // Get retrieves credentials from the store.
+ // It returns username and secret as strings.
+ Get(serverURL string) (string, string, error)
+ // List returns the stored serverURLs and their associated usernames.
+ List() (map[string]string, error)
+}
diff --git a/vendor/github.com/docker/docker-credential-helpers/credentials/version.go b/vendor/github.com/docker/docker-credential-helpers/credentials/version.go
new file mode 100644
index 000000000..033a5fee5
--- /dev/null
+++ b/vendor/github.com/docker/docker-credential-helpers/credentials/version.go
@@ -0,0 +1,4 @@
+package credentials
+
+// Version holds a string describing the current version
+const Version = "0.6.0"