feat: support reading auth from docker config

User can don't put the auth in config file, just use docker/nerdctl login. Acceld will try to read registry auth from the docker config if cant't find auth in config file. Signed-off-by: Yadong Ding <[email protected]>
goharbor · Sep 25, 2023 · 6d26b94 · 6d26b94
1 parent 7dd5741
commit 6d26b94
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 8 deletions.
diff --git a/misc/config/config.estargz.yaml b/misc/config/config.estargz.yaml
@@ -18,14 +18,15 @@ provider:
     hub.harbor.com:
       # base64 encoded `<robot-name>:<robot-secret>` for robot
       # account created in harbor
-      auth: YTpiCg==
+      # auth: YTpiCg==
       # skip verifying server certs for HTTPS source registry
       insecure: false
       webhook:
         # webhook request auth header configured in harbor
         auth_header: header
     localhost:
-      auth: YWRtaW46SGFyYm9yMTIzNDU=
+      # If auth is not provided, it will attempt to read from docker config
+      # auth: YWRtaW46SGFyYm9yMTIzNDU=
   # work directory of acceld
   work_dir: /tmp
   gcpolicy:

diff --git a/misc/config/config.nydus.ref.yaml b/misc/config/config.nydus.ref.yaml
@@ -18,14 +18,15 @@ provider:
     hub.harbor.com:
       # base64 encoded `<robot-name>:<robot-secret>` for robot
       # account created in harbor
-      auth: YTpiCg==
+      # auth: YTpiCg==
       # skip verifying server certs for HTTPS source registry
       insecure: false
       webhook:
         # webhook request auth header configured in harbor
         auth_header: header
     localhost:
-      auth: YWRtaW46SGFyYm9yMTIzNDU=
+      # If auth is not provided, it will attempt to read from docker config
+      # auth: YWRtaW46SGFyYm9yMTIzNDU=
   # work directory of acceld
   work_dir: /tmp
   gcpolicy:

diff --git a/misc/config/config.nydus.yaml b/misc/config/config.nydus.yaml
@@ -18,14 +18,15 @@ provider:
     hub.harbor.com:
       # base64 encoded `<robot-name>:<robot-secret>` for robot
       # account created in harbor
-      auth: YTpiCg==
+      # auth: YTpiCg==
       # skip verifying server certs for HTTPS source registry
       insecure: false
       webhook:
         # webhook request auth header configured in harbor
         auth_header: header
     localhost:
-      auth: YWRtaW46SGFyYm9yMTIzNDU=
+      # If auth is not provided, it will attempt to read from docker config
+      # auth: YWRtaW46SGFyYm9yMTIzNDU=
   # work directory of acceld
   work_dir: /tmp
   gcpolicy:

diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -19,8 +19,10 @@ import (
 	"fmt"
 	"io/ioutil"
 	"net/url"
+	"os"
 	"strings"
 
+	"github.com/docker/cli/cli/config"
 	"github.com/goharbor/acceleration-service/pkg/remote"
 	"github.com/pkg/errors"
 	"gopkg.in/yaml.v3"
@@ -109,7 +111,18 @@ func (cfg *Config) Host(ref string) (remote.CredentialFunc, bool, error) {
 		if !ok {
 			return nil, fmt.Errorf("not found matched hostname %s in config", refURL.Host)
 		}
-
+		// try to finds auth for a given host in docker's config.json settings.
+		if len(auth.Auth) == 0 {
+			config := config.LoadDefaultConfigFile(os.Stderr)
+			authConfig, err := config.GetAuthConfig(refURL.Host)
+			if err != nil {
+				return nil, err
+			}
+			if len(authConfig.Username) == 0 || len(authConfig.Password) == 0 {
+				return nil, fmt.Errorf("no auth from docker config for host %s", refURL.Host)
+			}
+			auth.Auth = base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", authConfig.Username, authConfig.Password)))
+		}
 		return &auth, nil
 	}
 

diff --git a/script/integration/concurrent/config.yaml b/script/integration/concurrent/config.yaml
@@ -9,7 +9,8 @@ metric:
 provider:
   source:
     localhost:
-      auth: YWRtaW46SGFyYm9yMTIzNDU=
+      # If auth is not provided, it will attempt to read from docker config
+      # auth: YWRtaW46SGFyYm9yMTIzNDU=
   work_dir: /tmp
   gcpolicy:
       threshold: 10MB