Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create Docker registry auth detector #2677

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Create Docker registry auth detector #2677

wants to merge 1 commit into from

Conversation

rgmz
Copy link
Contributor

@rgmz rgmz commented Apr 5, 2024
edited
Loading

Description:

This implements a detector to find Docker registry credentials, inspired by this suggestion from @bgoareguer.

The current code works, but is a bit messy and requires more feedback + testing.

Questions/TODO

  • Should this also match and decode Kubernetes .dockerconfigjson results, or rely on the base64 decoder?
  • Add or remove logging? IMO, there are a few potential failures (e.g., json.Unmarshal) that are worth noting, as it could be indicative of a bug.
  • Test against a live gcr.io credential, as that registry uses base64-encoded GCP service principals as the password. It's possible that this doesn't work with the current logic (e.g., encoded newlines.)
  • Add username to extradata
  • Handle username for GCR credentials? (It's a static _json_key, the real username is in the auth)
  • Are there any other potential formats this data gets stored in? (e.g., YAML)
  • Should this handle encoded \n as well as literal?
  • Update comments to add relevant pointers to the spec https://distribution.github.io/distribution/spec/auth/token/
  • Handle docker.io which is a special case (https://stackoverflow.com/a/68654659)
  • Fix incorrect path handling in certain circumstances 
    Found unverified result 🐷🔑❓
Verification issue: unexpected HTTP response status 404 for 'https://index.docker.io/v1//v2/'
Detector Type: Docker
Decoder Type: PLAIN
Link: https://github.com/lyft/docker/blob/34679e568a22b4f35ff8460f3b5b7bf7089df818/cliconfig/config_test.go#L358

Future work?

Checklist:

  • Tests passing (make test-community)?
  • Lint passing (make lint this requires golangci-lint)?

@rgmz rgmz requested a review from a team as a code owner April 5, 2024 17:39
@rgmz rgmz force-pushed the feat/docker-detector branch 7 times, most recently from 2d4d336 to 3d0aa96 Compare April 8, 2024 18:09
@rgmz rgmz force-pushed the feat/docker-detector branch from 3d0aa96 to 37e6685 Compare April 18, 2024 04:23
@rgmz rgmz force-pushed the feat/docker-detector branch from 37e6685 to 074cb1a Compare May 2, 2024 13:37
@rgmz rgmz mentioned this pull request May 9, 2024
Merged
2 tasks
@rgmz rgmz force-pushed the feat/docker-detector branch 2 times, most recently from 2cb905e to 87c6a62 Compare May 21, 2024 12:06
@rgmz rgmz changed the title Create Docker auth credentials detector Create Docker registry auth detector May 21, 2024
@rgmz rgmz marked this pull request as draft May 21, 2024 12:12
@rgmz rgmz force-pushed the feat/docker-detector branch 10 times, most recently from 1633ac6 to a8c6c9f Compare May 22, 2024 02:37
@rgmz rgmz force-pushed the feat/docker-detector branch 2 times, most recently from de80769 to 4fef2e4 Compare June 5, 2024 01:09
@rgmz rgmz marked this pull request as ready for review June 5, 2024 01:10
@rgmz rgmz mentioned this pull request Jun 10, 2024
Open
@rgmz rgmz force-pushed the feat/docker-detector branch from 4fef2e4 to 2e8f9e9 Compare June 17, 2024 01:02
@rgmz rgmz force-pushed the feat/docker-detector branch from c107eef to 16d0e35 Compare July 1, 2024 18:39
@rgmz rgmz force-pushed the feat/docker-detector branch from 16d0e35 to eb03c7f Compare September 13, 2024 11:54
@rgmz rgmz force-pushed the feat/docker-detector branch from eb03c7f to 75e0ee4 Compare November 3, 2024 15:43
@rgmz rgmz requested a review from a team as a code owner November 3, 2024 15:43
@rgmz rgmz force-pushed the feat/docker-detector branch 2 times, most recently from e9ee964 to a79828f Compare November 11, 2024 19:23
@rgmz rgmz force-pushed the feat/docker-detector branch from a79828f to d7abdd8 Compare November 20, 2024 03:16
@rgmz rgmz requested a review from a team as a code owner November 20, 2024 03:16
@rgmz rgmz force-pushed the feat/docker-detector branch 8 times, most recently from 17b9929 to 2a2570a Compare November 27, 2024 00:22
@rgmz rgmz force-pushed the feat/docker-detector branch 2 times, most recently from befdef0 to 5e3c671 Compare December 2, 2024 16:55
@rgmz rgmz force-pushed the feat/docker-detector branch 2 times, most recently from 91ad2d8 to 874f306 Compare December 21, 2024 16:00
@rgmz rgmz force-pushed the feat/docker-detector branch from 874f306 to 6026c51 Compare December 31, 2024 15:19
@rgmz rgmz force-pushed the feat/docker-detector branch from 6026c51 to 59cae37 Compare January 11, 2025 18:57
@rgmz rgmz force-pushed the feat/docker-detector branch 2 times, most recently from 5820a07 to f73dc67 Compare January 27, 2025 14:11
@rgmz rgmz force-pushed the feat/docker-detector branch 3 times, most recently from c131fd1 to 1ded170 Compare February 2, 2025 23:03
@rgmz rgmz force-pushed the feat/docker-detector branch from 1ded170 to eb44ba7 Compare February 13, 2025 01:59
@rgmz rgmz force-pushed the feat/docker-detector branch from eb44ba7 to 48b2759 Compare February 15, 2025 21:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@rgmz