Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configure registry auth token or take it from ~/.dockercfg #147

Closed
asssaf opened this issue Apr 15, 2015 · 9 comments
Closed

Configure registry auth token or take it from ~/.dockercfg #147

asssaf opened this issue Apr 15, 2015 · 9 comments
Assignees
@rhuss
Labels
feature prio1
Milestone
0.13.7

Comments

@asssaf
Copy link

asssaf commented Apr 15, 2015

Would it be possible to get the auth token and send it with the X-Registry-Auth header instead of using plain username/password authentication?

As the docker host and cert path this should be configurable in maven or by default pick the default location from the filesystem (~/.dockercfg in this case)
@jgangemi
Copy link
Collaborator

this would be a good enhancement but i think we should wait to see how this moby/moby#12009 shakes out before we do anything w/ it given we will have to decide if we want to be backwards compatible.

@rhuss
Copy link
Collaborator

rhuss commented May 18, 2015

I think, that's also a good idea. One could add it to the lookup chain for the credentials, that we already have:

  • given as user/password as configuration or system properties
  • in a <server> section in ~/.m2/settings.xml
  • and now: in ~/.dockercfg
  • no user/password

@rhuss rhuss added this to the 0.12.0 milestone May 18, 2015
@rhuss rhuss added the feature label May 18, 2015
@rhuss rhuss modified the milestones: 0.12.1, 0.12.0 Jun 14, 2015
@rhuss rhuss modified the milestones: 0.12.1, 0.13.1 Jul 3, 2015
@kuhnroyal
Copy link
Contributor

docker now stores this in newer versions in ~/.docker/config.json

@rhuss rhuss modified the milestones: 0.13.1, 0.13.3 Jul 24, 2015
@rhuss
Copy link
Collaborator

rhuss commented Aug 3, 2015

A similar fallback should happen when pushing to a OpenShift registry, where oc login creates tokens to be used a docker passwords. See also here

@rhuss
Copy link
Collaborator

rhuss commented Aug 3, 2015

Would be also cool to check for the timestap of the configuration files examined to decided which one to check first.

@rhuss
Copy link
Collaborator

rhuss commented Sep 25, 2015

Currently the plugin is using the auth also for pulling images when doing a build, and does this by extracting the username from the image to pull. This is obviously completely bogus, so we should change this to completely ignore the authentication for pulling. All at least ignore the usual configurations (system props, settings.xml) for authentication and only examine the docker config or openshift config.

See also fabric8io/fabric8-devops#46

@rhuss
Copy link
Collaborator

rhuss commented Sep 26, 2015

Here's where the auth configuration is used for pulling (and where it extracts the username for the pull); https://github.com/rhuss/docker-maven-plugin/blob/d7a4ca8a90f0bddaaf71581a8642913c9b0ae19b/src/main/java/org/jolokia/docker/maven/AbstractDockerMojo.java#L386

An option could be also to include a global variable like noPullAuthentication for authenticaton.

@rhuss rhuss added the prio1 label Sep 26, 2015
rhuss added a commit that referenced this issue Oct 6, 2015
@rhuss
Don't use image username for auto pull
939d32f 
If a default login for the registry is configured for authentication this will be used, regardless of the image's username. If no default login is registered, no authentication is used.

This affects only pulling. For push, the default user is extracted from the image name (but can be overwritten with options and config).

This also will fix fabric8io/fabric8-devops#46

Relates to #147
@oli99sc oli99sc mentioned this issue Oct 7, 2015
Closed
@rhuss rhuss modified the milestones: 0.13.3, 0.13.7 Oct 13, 2015
@rhuss rhuss mentioned this issue Dec 1, 2015
Closed
@rhuss rhuss self-assigned this Dec 3, 2015
@rhuss
Copy link
Collaborator

rhuss commented Dec 7, 2015

Implemented lookup of credentials within ~/.docker/config.json as a fallback. Will be available in 0.13.7

For the fined grained authentication with pull vs. push and the Kubernetes support in ~/.kube/config I will open dedicated issues.

rhuss added a commit that referenced this issue Dec 7, 2015
@rhuss
#147: Lookup in ~/.docker/config.json for registry credentials.
9e65c75
This was referenced Dec 7, 2015
Closed
Closed
@rhuss
Copy link
Collaborator

rhuss commented Dec 8, 2015

Follup issues created, so that this can be closed now.

@rhuss rhuss closed this as completed Dec 8, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rhuss rhuss

Labels
feature prio1
Projects
None yet
Milestone
0.13.7
Development

No branches or pull requests
4 participants
@rhuss @asssaf @kuhnroyal @jgangemi