mirror of
https://github.com/docker/docker-credential-helpers.git
synced 2026-06-13 16:01:28 +05:30
Add a Docker Credentials label support for linux
Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com>
This commit is contained in:
Nassim 'Nass' Eddequiouaq
@@ -7,6 +7,7 @@ const SecretSchema *docker_get_schema(void)
|
|||||||
static const SecretSchema docker_schema = {
|
static const SecretSchema docker_schema = {
|
||||||
"io.docker.Credentials", SECRET_SCHEMA_NONE,
|
"io.docker.Credentials", SECRET_SCHEMA_NONE,
|
||||||
{
|
{
|
||||||
|
{ "label", SECRET_SCHEMA_ATTRIBUTE_STRING },
|
||||||
{ "server", SECRET_SCHEMA_ATTRIBUTE_STRING },
|
{ "server", SECRET_SCHEMA_ATTRIBUTE_STRING },
|
||||||
{ "username", SECRET_SCHEMA_ATTRIBUTE_STRING },
|
{ "username", SECRET_SCHEMA_ATTRIBUTE_STRING },
|
||||||
{ "docker_cli", SECRET_SCHEMA_ATTRIBUTE_STRING },
|
{ "docker_cli", SECRET_SCHEMA_ATTRIBUTE_STRING },
|
||||||
@@ -16,11 +17,12 @@ const SecretSchema *docker_get_schema(void)
|
|||||||
return &docker_schema;
|
return &docker_schema;
|
||||||
}
|
}
|
||||||
|
|
||||||
GError *add(char *server, char *username, char *secret) {
|
GError *add(char *label, char *server, char *username, char *secret) {
|
||||||
GError *err = NULL;
|
GError *err = NULL;
|
||||||
|
|
||||||
secret_password_store_sync (DOCKER_SCHEMA, SECRET_COLLECTION_DEFAULT,
|
secret_password_store_sync (DOCKER_SCHEMA, SECRET_COLLECTION_DEFAULT,
|
||||||
server, secret, NULL, &err,
|
server, secret, NULL, &err,
|
||||||
|
"label", label,
|
||||||
"server", server,
|
"server", server,
|
||||||
"username", username,
|
"username", username,
|
||||||
"docker_cli", "1",
|
"docker_cli", "1",
|
||||||
@@ -98,14 +100,15 @@ GError *get(char *server, char **username, char **secret) {
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
GError *list(char *** paths, char *** accts, unsigned int *list_l) {
|
GError *list(char *label, char *** paths, char *** accts, unsigned int *list_l) {
|
||||||
GList *items;
|
GList *items;
|
||||||
GError *err = NULL;
|
GError *err = NULL;
|
||||||
SecretService *service;
|
SecretService *service;
|
||||||
SecretSearchFlags flags = SECRET_SEARCH_LOAD_SECRETS | SECRET_SEARCH_ALL | SECRET_SEARCH_UNLOCK;
|
SecretSearchFlags flags = SECRET_SEARCH_LOAD_SECRETS | SECRET_SEARCH_ALL | SECRET_SEARCH_UNLOCK;
|
||||||
GHashTable *attributes;
|
GHashTable *attributes = secret_attributes_build(NULL,
|
||||||
g_hash_table_new_full(g_str_hash, g_str_equal, g_free, g_free);
|
"label", label,
|
||||||
attributes = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, g_free);
|
NULL);
|
||||||
|
|
||||||
service = secret_service_get_sync(SECRET_SERVICE_NONE, NULL, &err);
|
service = secret_service_get_sync(SECRET_SERVICE_NONE, NULL, &err);
|
||||||
items = secret_service_search_sync(service, NULL, attributes, flags, NULL, &err);
|
items = secret_service_search_sync(service, NULL, attributes, flags, NULL, &err);
|
||||||
int numKeys = g_list_length(items);
|
int numKeys = g_list_length(items);
|
||||||
|
|||||||
@@ -22,6 +22,8 @@ func (h Secretservice) Add(creds *credentials.Credentials) error {
|
|||||||
if creds == nil {
|
if creds == nil {
|
||||||
return errors.New("missing credentials")
|
return errors.New("missing credentials")
|
||||||
}
|
}
|
||||||
|
credsLabel := C.CString(creds.Label)
|
||||||
|
defer C.free(unsafe.Pointer(credsLabel))
|
||||||
server := C.CString(creds.ServerURL)
|
server := C.CString(creds.ServerURL)
|
||||||
defer C.free(unsafe.Pointer(server))
|
defer C.free(unsafe.Pointer(server))
|
||||||
username := C.CString(creds.Username)
|
username := C.CString(creds.Username)
|
||||||
@@ -29,7 +31,7 @@ func (h Secretservice) Add(creds *credentials.Credentials) error {
|
|||||||
secret := C.CString(creds.Secret)
|
secret := C.CString(creds.Secret)
|
||||||
defer C.free(unsafe.Pointer(secret))
|
defer C.free(unsafe.Pointer(secret))
|
||||||
|
|
||||||
if err := C.add(server, username, secret); err != nil {
|
if err := C.add(credsLabel, server, username, secret); err != nil {
|
||||||
defer C.g_error_free(err)
|
defer C.g_error_free(err)
|
||||||
errMsg := (*C.char)(unsafe.Pointer(err.message))
|
errMsg := (*C.char)(unsafe.Pointer(err.message))
|
||||||
return errors.New(C.GoString(errMsg))
|
return errors.New(C.GoString(errMsg))
|
||||||
@@ -79,14 +81,17 @@ func (h Secretservice) Get(serverURL string) (string, string, error) {
|
|||||||
return user, pass, nil
|
return user, pass, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// List returns the stored URLs and corresponding usernames.
|
// List returns the stored URLs and corresponding usernames for a given credentials label
|
||||||
func (h Secretservice) List() (map[string]string, error) {
|
func (h Secretservice) List(credsLabel string) (map[string]string, error) {
|
||||||
|
credsLabelC := C.CString(credsLabel)
|
||||||
|
defer C.free(unsafe.Pointer(credsLabelC))
|
||||||
|
|
||||||
var pathsC **C.char
|
var pathsC **C.char
|
||||||
defer C.free(unsafe.Pointer(pathsC))
|
defer C.free(unsafe.Pointer(pathsC))
|
||||||
var acctsC **C.char
|
var acctsC **C.char
|
||||||
defer C.free(unsafe.Pointer(acctsC))
|
defer C.free(unsafe.Pointer(acctsC))
|
||||||
var listLenC C.uint
|
var listLenC C.uint
|
||||||
err := C.list(&pathsC, &acctsC, &listLenC)
|
err := C.list(credsLabelC, &pathsC, &acctsC, &listLenC)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
defer C.free(unsafe.Pointer(err))
|
defer C.free(unsafe.Pointer(err))
|
||||||
return nil, errors.New("Error from list function in secretservice_linux.c likely due to error in secretservice library")
|
return nil, errors.New("Error from list function in secretservice_linux.c likely due to error in secretservice library")
|
||||||
|
|||||||
@@ -6,8 +6,8 @@ const SecretSchema *docker_get_schema(void) G_GNUC_CONST;
|
|||||||
|
|
||||||
#define DOCKER_SCHEMA docker_get_schema()
|
#define DOCKER_SCHEMA docker_get_schema()
|
||||||
|
|
||||||
GError *add(char *server, char *username, char *secret);
|
GError *add(char *label, char *server, char *username, char *secret);
|
||||||
GError *delete(char *server);
|
GError *delete(char *server);
|
||||||
GError *get(char *server, char **username, char **secret);
|
GError *get(char *server, char **username, char **secret);
|
||||||
GError *list(char *** paths, char *** accts, unsigned int *list_l);
|
GError *list(char *label, char *** paths, char *** accts, unsigned int *list_l);
|
||||||
void freeListData(char *** data, unsigned int length);
|
void freeListData(char *** data, unsigned int length);
|
||||||
|
|||||||
@@ -13,6 +13,7 @@ func TestSecretServiceHelper(t *testing.T) {
|
|||||||
ServerURL: "https://foobar.docker.io:2376/v1",
|
ServerURL: "https://foobar.docker.io:2376/v1",
|
||||||
Username: "foobar",
|
Username: "foobar",
|
||||||
Secret: "foobarbaz",
|
Secret: "foobarbaz",
|
||||||
|
Label: credentials.CredsLabel,
|
||||||
}
|
}
|
||||||
|
|
||||||
helper := Secretservice{}
|
helper := Secretservice{}
|
||||||
@@ -36,12 +37,12 @@ func TestSecretServiceHelper(t *testing.T) {
|
|||||||
if err := helper.Delete(creds.ServerURL); err != nil {
|
if err := helper.Delete(creds.ServerURL); err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
auths, err := helper.List()
|
auths, err := helper.List(credentials.CredsLabel)
|
||||||
if err != nil || len(auths) == 0 {
|
if err != nil || len(auths) == 0 {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
helper.Add(creds)
|
helper.Add(creds)
|
||||||
if newauths, err := helper.List(); (len(newauths) - len(auths)) != 1 {
|
if newauths, err := helper.List(credentials.CredsLabel); (len(newauths) - len(auths)) != 1 {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user