Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support IdentityToken in AuthConfiguration #744

Merged
merged 5 commits into from
Aug 13, 2018
Merged

Support IdentityToken in AuthConfiguration #744

merged 5 commits into from
Aug 13, 2018

Conversation

GeorgeMac
Copy link
Contributor

This change adds support for the sending and parsing of an
IdentityToken in an AuthConfiguration. IdentityToken's are retrieved via the /auth call (see
AuthCheck) and can then be used in place of the password. After a
successful docker login a users .dockercfg can contain an identity
token in place of the original username and password in the auth field.

See: https://docs.docker.com/engine/api/v1.25/#section/Authentication

Also see official docker types https://godoc.org/github.com/docker/docker/api/types#AuthConfig

@GeorgeMac
Support AuthConfiguration.IdentityToken
71d897d 
This change adds support for the sending and parsing of an
IdentityToken. IdentityToken's are retrieved via the /auth call (see
AuthCheck) and can then be used in place of the password. After a
successful `docker login` a users `.dockercfg` can contain an identity
token in place of the original username and password in the auth field.
@GeorgeMac
Drop username from IdentityToken auth
ae31b47 
Having this present appears to break the authentication. So I have
dropped it from being populated.
@GeorgeMac
Revert "Drop username from IdentityToken auth"
556c7a2 
This reverts commit ae31b47.
@GeorgeMac
Expect auth field to contain colon in all cases
f3a7fa4
fsouza
fsouza requested changes Aug 11, 2018
View reviewed changes
Copy link
Owner

@fsouza fsouza left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @GeorgeMac, thank you very much for contributing!

Can you take a look at the build failure?

auth_test.go Outdated
read := strings.NewReader(fmt.Sprintf(`{"auths":{"docker.io":{"auth":"%s","identitytoken":"sometoken"}}}`, auth))
ac, err := NewAuthConfigurations(read)
if err != nil {
t.Error(err)
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you replace this with t.Fatal(err) so the test execution aborts after failing?

@GeorgeMac
Copy link
Contributor Author

🙇 my pleasure. I will jump on that now.

@GeorgeMac
Fix TestAuthConfigIdentityToken configuration
e1f9857 
The docker config auths field is still expected to contain a base64
encoded string which is a colon ':' delimited username and password.
Even if the password is blank. This updates the test to include a
trailing colon in the auths payload. The password is empty as an
identitytoken should be provided.
fsouza
fsouza approved these changes Aug 13, 2018
View reviewed changes
Copy link
Owner

@fsouza fsouza left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you very much!

@fsouza fsouza merged commit ddfe58f into fsouza:master Aug 13, 2018
@GeorgeMac
Copy link
Contributor Author

🎉 amazing, thank you for the speedy response!

@GeorgeMac GeorgeMac deleted the gm/identitytoken branch August 13, 2018 17:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fsouza fsouza fsouza approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@GeorgeMac @fsouza