-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathenv.go
More file actions
101 lines (86 loc) · 2.8 KB
/
env.go
File metadata and controls
101 lines (86 loc) · 2.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
package main
import (
"errors"
"fmt"
"net/url"
"os"
"strings"
"github.com/docker/docker-credential-helpers/credentials"
)
// Env handles secrets using environment variables (read-only)
type Env struct{}
// Add is not supported and will always error.
func (*Env) Add(*credentials.Credentials) error {
return errors.New("add is not supported")
}
// Add is not supported and will always error.
func (*Env) Delete(string) error {
return errors.New("delete is not supported")
}
func (*Env) getFor(varPrefix string) (string, string, error) {
publicAccess, havePublicAccess := os.LookupEnv(varPrefix + "_PUBLIC_ACCESS_ONLY")
if havePublicAccess && publicAccess == "true" {
return "", "", nil
}
username := os.Getenv(varPrefix + "_USERNAME")
if username == "" {
return "", "", fmt.Errorf("%s_USERNAME is not set", varPrefix)
}
password := os.Getenv(varPrefix + "_PASSWORD")
if password == "" {
return "", "", fmt.Errorf("%s_PASSWORD is not set", varPrefix)
}
return username, password, nil
}
func (*Env) isThis(serverURL, serverHostname, registryDomain string) bool {
return strings.HasSuffix(serverURL, "."+registryDomain) || (serverURL == registryDomain) ||
strings.HasSuffix(serverHostname, "."+registryDomain) || (serverHostname == registryDomain)
}
func (e *Env) getForKnownRegistry(serverURL string, u *url.URL) (string, string, error) {
if e.isThis(serverURL, u.Host, "azurecr.com") {
return e.getFor("ACR")
}
if e.isThis(serverURL, u.Host, "docker.io") {
return e.getFor("DOCKER_HUB")
}
if e.isThis(serverURL, u.Host, "amazonaws.com") {
return e.getFor("ECR")
}
if e.isThis(serverURL, u.Host, "gcr.io") {
return e.getFor("GCR")
}
if e.isThis(serverURL, u.Host, "ghcr.io") {
return e.getFor("GHCR")
}
if e.isThis(serverURL, u.Host, "quay.io") {
return e.getFor("QUAY")
}
return "", "", fmt.Errorf("unsupported registry %s", serverURL)
}
// Get returns the username and secret to use for a given registry server URL.
func (e *Env) Get(serverURL string) (string, string, error) {
if serverURL == "" {
return "", "", errors.New("missing server URL")
}
parsedServerURL, err := url.Parse(serverURL)
if err != nil {
return "", "", err
}
username, password, err := e.getForKnownRegistry(serverURL, parsedServerURL)
if err == nil {
return username, password, nil
}
disableFallback := os.Getenv("ANY_REGISTRY_DISABLE")
if disableFallback == "true" {
return "", "", err
}
username, password, fallbackErr := e.getFor("ANY_REGISTRY")
if fallbackErr != nil {
return "", "", fmt.Errorf("failed to get fallback credentials for %s (set ANY_REGISTRY_DISABLE=true to disable fallback): %w", serverURL, fallbackErr)
}
return username, password, nil
}
// List is not supported and will always error.
func (*Env) List() (map[string]string, error) {
return nil, errors.New("list is not supported")
}