use of io.fabric8.maven.docker.access.AuthConfig in project docker-maven-plugin by fabric8io.
the class AuthConfigFactory method extractAuthConfigFromAuths.
private AuthConfig extractAuthConfigFromAuths(String registryToLookup, JSONObject auths) {
JSONObject credentials = getCredentialsNode(auths, registryToLookup);
if (credentials == null || !credentials.has("auth")) {
return null;
}
String auth = credentials.getString("auth");
String email = credentials.has("email") ? credentials.getString("email") : null;
return new AuthConfig(auth, email);
}
use of io.fabric8.maven.docker.access.AuthConfig in project docker-maven-plugin by fabric8io.
the class AuthConfigFactory method parseUser.
private AuthConfig parseUser(String userName, Map user) {
if (user == null) {
return null;
}
String token = (String) user.get("token");
if (token == null) {
return null;
}
// Strip off stuff after username
Matcher matcher = Pattern.compile("^([^/]+).*$").matcher(userName);
return new AuthConfig(matcher.matches() ? matcher.group(1) : userName, token, null, null);
}
use of io.fabric8.maven.docker.access.AuthConfig in project docker-maven-plugin by fabric8io.
the class AuthConfigFactory method getAuthConfigFromPluginConfiguration.
private AuthConfig getAuthConfigFromPluginConfiguration(LookupMode lookupMode, Map authConfig) throws MojoExecutionException {
Map mapToCheck = getAuthConfigMapToCheck(lookupMode, authConfig);
if (mapToCheck != null && mapToCheck.containsKey(AuthConfig.AUTH_USERNAME)) {
if (!mapToCheck.containsKey(AuthConfig.AUTH_PASSWORD)) {
throw new MojoExecutionException("No 'password' given while using <authConfig> in configuration for mode " + lookupMode);
}
Map<String, String> cloneConfig = new HashMap<>(mapToCheck);
cloneConfig.put(AuthConfig.AUTH_PASSWORD, decrypt(cloneConfig.get(AuthConfig.AUTH_PASSWORD)));
return new AuthConfig(cloneConfig);
} else {
return null;
}
}
use of io.fabric8.maven.docker.access.AuthConfig in project docker-maven-plugin by fabric8io.
the class AuthConfigFactory method createStandardAuthConfig.
/**
* Create an authentication config object which can be used for communication with a Docker registry
*
* The authentication information is looked up at various places (in this order):
*
* <ul>
* <li>From system properties</li>
* <li>From the provided map which can contain key-value pairs</li>
* <li>From the openshift settings in ~/.config/kube</li>
* <li>From the Maven settings stored typically in ~/.m2/settings.xml</li>
* </ul>
*
* The following properties (prefix with 'docker.' or 'registry.') and config key are evaluated:
*
* <ul>
* <li>username: User to authenticate</li>
* <li>password: Password to authenticate. Can be encrypted</li>
* <li>email: Optional EMail address which is send to the registry, too</li>
* </ul>
*
* @param isPush if true this AuthConfig is created for a push, if false it's for a pull
* @param authConfigMap String-String Map holding configuration info from the plugin's configuration. Can be <code>null</code> in
* which case the settings are consulted.
* @param settings the global Maven settings object
* @param user user to check for
* @param registry registry to use, might be null in which case a default registry is checked,
* @return the authentication configuration or <code>null</code> if none could be found
*
* @throws MojoFailureException
*/
private AuthConfig createStandardAuthConfig(boolean isPush, Map authConfigMap, Settings settings, String user, String registry) throws MojoExecutionException {
AuthConfig ret;
// Check first for specific configuration based on direction (pull or push), then for a default value
for (LookupMode lookupMode : new LookupMode[] { getLookupMode(isPush), LookupMode.DEFAULT, LookupMode.REGISTRY }) {
// System properties docker.username and docker.password always take precedence
ret = getAuthConfigFromSystemProperties(lookupMode);
if (ret != null) {
log.debug("AuthConfig: credentials from system properties");
return ret;
}
// Check for openshift authentication either from the plugin config or from system props
if (lookupMode != LookupMode.REGISTRY) {
ret = getAuthConfigFromOpenShiftConfig(lookupMode, authConfigMap);
if (ret != null) {
log.debug("AuthConfig: OpenShift credentials");
return ret;
}
}
// Get configuration from global plugin config
ret = getAuthConfigFromPluginConfiguration(lookupMode, authConfigMap);
if (ret != null) {
log.debug("AuthConfig: credentials from plugin config");
return ret;
}
}
// ===================================================================
// These are lookups based on registry only, so the direction (push or pull) doesn't matter:
// Now lets lookup the registry & user from ~/.m2/setting.xml
ret = getAuthConfigFromSettings(settings, user, registry);
if (ret != null) {
log.debug("AuthConfig: credentials from ~/.m2/setting.xml");
return ret;
}
// check EC2 instance role if registry is ECR
if (EcrExtendedAuth.isAwsRegistry(registry)) {
ret = getAuthConfigViaAwsSdk();
if (ret != null) {
log.debug("AuthConfig: AWS credentials from AWS SDK");
return ret;
}
ret = getAuthConfigFromAwsEnvironmentVariables();
if (ret != null) {
log.debug("AuthConfig: AWS credentials from ENV variables");
return ret;
}
try {
ret = getAuthConfigFromEC2InstanceRole();
} catch (ConnectTimeoutException ex) {
log.debug("Connection timeout while retrieving instance meta-data, likely not an EC2 instance (%s)", ex.getMessage());
} catch (IOException ex) {
// don't make that an error since it may fail if not run on an EC2 instance
log.warn("Error while retrieving EC2 instance credentials: %s", ex.getMessage());
}
if (ret != null) {
log.debug("AuthConfig: credentials from EC2 instance role");
return ret;
}
try {
ret = getAuthConfigFromTaskRole();
} catch (ConnectTimeoutException ex) {
log.debug("Connection timeout while retrieving ECS meta-data, likely not an ECS instance (%s)", ex.getMessage());
} catch (IOException ex) {
log.warn("Error while retrieving ECS Task role credentials: %s", ex.getMessage());
}
if (ret != null) {
log.debug("AuthConfig: credentials from ECS Task role");
return ret;
}
}
// No authentication found
return null;
}
use of io.fabric8.maven.docker.access.AuthConfig in project docker-maven-plugin by fabric8io.
the class AwsSigner4RequestTest method includesAuthTokenAsAwsSecurityToken.
@Test
public void includesAuthTokenAsAwsSecurityToken() {
HttpUriRequest request = RequestUtil.newGet("https://someService.us-east-1.amazonaws.com/");
request.setHeader("host", request.getURI().getHost());
String awsSecurityToken = "securityToken";
AuthConfig credentials = new AuthConfig("awsAccessKeyId", "awsSecretAccessKey", null, awsSecurityToken);
AwsSigner4 signer = new AwsSigner4("us-east-1", "someService");
signer.sign(request, credentials, new Date());
Assert.assertEquals(request.getFirstHeader("X-Amz-Security-Token").getValue(), awsSecurityToken);
}
Aggregations