mirror of
https://github.com/docker/docker-credential-helpers.git
synced 2026-06-13 16:01:28 +05:30
Move away from password as a name. We store secrets.
Signed-off-by: David Calavera <david.calavera@gmail.com>
This commit is contained in:
David Calavera
@@ -15,11 +15,11 @@ const SecretSchema *docker_get_schema(void)
|
||||
return &docker_schema;
|
||||
}
|
||||
|
||||
GError *add(char *server, char *username, char *password) {
|
||||
GError *add(char *server, char *username, char *secret) {
|
||||
GError *err = NULL;
|
||||
|
||||
secret_password_store_sync (DOCKER_SCHEMA, SECRET_COLLECTION_DEFAULT,
|
||||
server, password, NULL, &err,
|
||||
server, secret, NULL, &err,
|
||||
"server", server,
|
||||
"username", username,
|
||||
"docker_cli", "1",
|
||||
@@ -54,13 +54,13 @@ char *get_username(SecretItem *item) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
GError *get(char *server, char **username, char **password) {
|
||||
GError *get(char *server, char **username, char **secret) {
|
||||
GError *err = NULL;
|
||||
GHashTable *attributes;
|
||||
SecretService *service;
|
||||
GList *items, *l;
|
||||
SecretSearchFlags flags = SECRET_SEARCH_LOAD_SECRETS | SECRET_SEARCH_ALL | SECRET_SEARCH_UNLOCK;
|
||||
SecretValue *secret;
|
||||
SecretValue *secretValue;
|
||||
gsize length;
|
||||
gchar *value;
|
||||
|
||||
@@ -79,10 +79,10 @@ GError *get(char *server, char **username, char **password) {
|
||||
continue;
|
||||
}
|
||||
g_free(value);
|
||||
secret = secret_item_get_secret(l->data);
|
||||
secretValue = secret_item_get_secret(l->data);
|
||||
if (secret != NULL) {
|
||||
*password = strdup(secret_value_get(secret, &length));
|
||||
secret_value_unref(secret);
|
||||
*secret = strdup(secret_value_get(secretValue, &length));
|
||||
secret_value_unref(secretValue);
|
||||
}
|
||||
*username = get_username(l->data);
|
||||
}
|
||||
|
||||
@@ -30,10 +30,10 @@ func (h secretservice) Add(creds *credentials.Credentials) error {
|
||||
defer C.free(unsafe.Pointer(server))
|
||||
username := C.CString(creds.Username)
|
||||
defer C.free(unsafe.Pointer(username))
|
||||
password := C.CString(creds.Password)
|
||||
defer C.free(unsafe.Pointer(password))
|
||||
secret := C.CString(creds.Secret)
|
||||
defer C.free(unsafe.Pointer(secret))
|
||||
|
||||
if err := C.add(server, username, password); err != nil {
|
||||
if err := C.add(server, username, secret); err != nil {
|
||||
defer C.g_error_free(err)
|
||||
errMsg := (*C.char)(unsafe.Pointer(err.message))
|
||||
return errors.New(C.GoString(errMsg))
|
||||
@@ -57,26 +57,26 @@ func (h secretservice) Delete(serverURL string) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// Get returns the username and password to use for a given registry server URL.
|
||||
// Get returns the username and secret to use for a given registry server URL.
|
||||
func (h secretservice) Get(serverURL string) (string, string, error) {
|
||||
if serverURL == "" {
|
||||
return "", "", errors.New("missing server url")
|
||||
}
|
||||
var username *C.char
|
||||
defer C.free(unsafe.Pointer(username))
|
||||
var password *C.char
|
||||
defer C.free(unsafe.Pointer(password))
|
||||
var secret *C.char
|
||||
defer C.free(unsafe.Pointer(secret))
|
||||
server := C.CString(serverURL)
|
||||
defer C.free(unsafe.Pointer(server))
|
||||
|
||||
err := C.get(server, &username, &password)
|
||||
err := C.get(server, &username, &secret)
|
||||
if err != nil {
|
||||
defer C.g_error_free(err)
|
||||
errMsg := (*C.char)(unsafe.Pointer(err.message))
|
||||
return "", "", errors.New(C.GoString(errMsg))
|
||||
}
|
||||
user := C.GoString(username)
|
||||
pass := C.GoString(password)
|
||||
pass := C.GoString(secret)
|
||||
if pass == "" {
|
||||
return "", "", credentials.ErrCredentialsNotFound
|
||||
}
|
||||
|
||||
@@ -6,6 +6,6 @@ const SecretSchema *docker_get_schema(void) G_GNUC_CONST;
|
||||
|
||||
#define DOCKER_SCHEMA docker_get_schema()
|
||||
|
||||
GError *add(char *server, char *username, char *password);
|
||||
GError *add(char *server, char *username, char *secret);
|
||||
GError *delete(char *server);
|
||||
GError *get(char *server, char **username, char **password);
|
||||
GError *get(char *server, char **username, char **secret);
|
||||
|
||||
@@ -12,7 +12,7 @@ func TestSecretServiceHelper(t *testing.T) {
|
||||
creds := &credentials.Credentials{
|
||||
ServerURL: "https://foobar.docker.io:2376/v1",
|
||||
Username: "foobar",
|
||||
Password: "foobarbaz",
|
||||
Secret: "foobarbaz",
|
||||
}
|
||||
|
||||
helper := New()
|
||||
@@ -20,7 +20,7 @@ func TestSecretServiceHelper(t *testing.T) {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
username, password, err := helper.Get(creds.ServerURL)
|
||||
username, secret, err := helper.Get(creds.ServerURL)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
@@ -29,8 +29,8 @@ func TestSecretServiceHelper(t *testing.T) {
|
||||
t.Fatalf("expected %s, got %s\n", "foobar", username)
|
||||
}
|
||||
|
||||
if password != "foobarbaz" {
|
||||
t.Fatalf("expected %s, got %s\n", "foobarbaz", password)
|
||||
if secret != "foobarbaz" {
|
||||
t.Fatalf("expected %s, got %s\n", "foobarbaz", secret)
|
||||
}
|
||||
|
||||
if err := helper.Delete(creds.ServerURL); err != nil {
|
||||
|
||||
Reference in New Issue
Block a user