%dZddlmZddlmZddlmZddlZddlZddlZddlZddl Z ddl Z ddl Z ddl Z ddl mZddlZddlmZddlZGdd ej&ej(eZGd d eZGd d eZGddeZdZGddeZdZGddeZGddej&ej(eZgdZdZ dZ!GddeZ"e"Z#y)zBThis package exposes credentials for talking to a Docker registry.)absolute_import)division)print_functionN) docker_name)clientc4eZdZdZej dZy)ProviderzHInterface for providing User Credentials for use with a Docker Registry.cy)z>Produces a value suitable for use in the Authorization header.Nselfs 9lib/third_party/containerregistry/client/docker_creds_.pyGetz Provider.Get(N)__name__ __module__ __qualname____doc__abcabstractmethodrr rrr r $s!PIIrr ceZdZdZdZy) Anonymousz$Implementation for anonymous access.cy)z#Implement anonymous authentication.r r s rrz Anonymous.Get1s rN)rrrrrr rrrr.s ,rrcJeZdZdZdZeejdZdZ y)SchemeProviderz=Implementation for providing a challenge response credential.c||_yN)_scheme)r schemes r__init__zSchemeProvider.__init__9s DLrcy)z=Returns the authentication payload to follow the auth scheme.Nr r s rsuffixzSchemeProvider.suffix=rrc8|jd|jS)zCGets the credential in a form suitable for an Authorization header. )r r$r s rrzSchemeProvider.GetCs||T[[ 11rN) rrrrr"propertyrrr$rr rrrr6s3E H H2rrcReZdZdZfdZedZedZedZxZ S)Basicz=Implementation for providing a username/password-based creds.cHtt| d||_||_y)Nr))superr)r" _username _password)r usernamepassword __class__s rr"zBasic.__init__Ks  %(DNDNrc|jSr)r,r s rr.zBasic.usernameP >>rc|jSr)r-r s rr/zBasic.passwordTr2rc|jjd}|jjd}tj|dz|zj dS)Nutf8:)r.encoder/base64 b64encodedecode)r ups rr$z Basic.suffixXsN V$A V$A   AHqL ) 0 0 88r) rrrrr"r'r.r/r$ __classcell__r0s@rr)r)HsGE      9 9rr)_tokenc2eZdZdZfdZedZxZS)OAuth2zGBase class for turning OAuth2Credentials into suitable GCR credentials.cRtt| td||_||_y)zConstructor. Args: creds: the credentials from which to retrieve access tokens. transport: the http transport to use for token exchanges. does not matterN)r+rAr" _USERNAME_creds _transport)r creds transportr0s rr"zOAuth2.__init__es% &$ ,=>DKDOrc|jj|j}|jj|jjS)N)http)rEget_access_tokenrF access_token)r unused_ats rr/zOAuth2.passwordqsC ,,$//,BI ;; ' 'T__ ' = J JJr)rrrrr"r'r/r=r>s@rrArAbs!O    K  KrrAz(credentials not found in native keychainc(eZdZdZfdZdZxZS)Helperz;This provider wraps a particularly named credential helper.c^tt| dd||_|j|_y)zConstructor. Args: name: the name of the helper, as it appears in the Docker config. registry: the registry for which we're invoking the helper. rCN)r+rOr"_nameregistry _registry)r namerRr0s rr"zHelper.__init__s, &$ !24EFDJ&&DNrcpdj|j}tjd| t j |dgtj tj tj}|jd|jzjd d }|jt k(r-tjd t#j%S|j&d k7r%td |j|j&|fzt)j*|j-d}tjd t/|d|dj%S#t$r1}|jtjk(rtd|zd}~wwxYw)Nzdocker-credential-{name})rTz)Invoking %r to obtain Docker credentials.get)stdoutstdinstderrzexecutable not found: zhttps://zutf-8)inputrz6Credentials not found, falling back to anonymous auth.z4Error fetching credential for %s, exit status: %d %sz)Successfully obtained Docker credentials.UsernameSecret)formatrQlogginginfo subprocessPopenPIPESTDOUTOSErrorerrnoENOENT Exception communicaterSr7strip_MAGIC_NOT_FOUND_MESSAGErr returncodejsonloadsr:r))r bin_namer<erWblobs rrz Helper.Getsl *00djj0AH LL@F ||~11 llKL [__ ||q Mzz1<<89 :: ::fmmG, -D LL<= j!4> 2 6 6 88)  ELL 08;<<  sAE;; F5,F00F5)rrrrr"rr=r>s@rrOrOsC '!9rrOc4eZdZdZej dZy)Keychainz;Interface for resolving an image reference to a credential.cy)zResolves the appropriate credential for the given registry. Args: name: the registry for which we need a credential. Returns: a Provider suitable for use with registry operations. Nr )r rTs rResolvezKeychain.ResolverrN)rrrrrrrtr rrrrrrsCrrr)z%sz https://%sz http://%szhttps://%s/v1/z http://%s/v1/zhttps://%s/v2/z http://%s/v2/ctjdk(rtjjdStjj dS)Nntz %USERPROFILE%~)osrTpath expandvars expanduserr rr_GetUserHomeDirr|s9WW_ 77  o .. 77  c ""rctjjdtjjdStjj t dS)N DOCKER_CONFIGz.docker)rxenvironrVryjoinr|r rr_GetConfigDirectoryrsBZZ^^O$0 ::>>/ ** 77<<)9 55rc"eZdZdZdZdZdZy)_DefaultKeychainz9This implements the default docker credential resolution.c d|_d|_y)Nz config.json) _config_dir _config_filer s rr"z_DefaultKeychain.__init__sD&Drctjj|stdj |||_y)NzNAttempting to override docker configuration directory to invalid directory: {})rxryisdirrgr]r)r config_dirs rsetCustomConfigDirz#_DefaultKeychain.setCustomConfigDirs: 77== $ 228&2D FF!Drchtjdt|d}|j5tj j |j|j}n2tj j t|j} tj|dd5}tj|j}dddj!di}t"D]1}||j$z|vst'|||j$z|cSd|vrt'|d|S|j!di}t"D]}||j$z|vs|||j$z}d|vrJt)j*|dj-d} | j/d d \} } t1| | cSd |vrd |vrt1|d |d cSt3d tj4|ztS#1swY>xYw#t$r tcYSwxYw)Nz,Loading Docker credentials for repository %rrr5)encoding credHelpers credsStoreauthsauth:r.r/z6Unsupported entry in "auth" section of Docker config: )r^r_strrrxryrrrioopenrlrmreadIOErrorrrV_FORMATSrRrOr8 b64decoder:splitr)rgdumps) r rT config_filereadercfg cred_storeformrentrydecodedr.r/s rrtz_DefaultKeychain.Resolves LL?TKK #GGLL!1!143D3DEkGGLL!4!68I8IJk 77;v 6&jj' 7+J   +j !56== s C %t ,, GGGR E   &dT]]*+ U?$$U6]3::6B'&}}S!4 (Hx* * 5 Z5%8uZ(% *;< <Fjj ! ! ;E 7 6  [s*H.$HHHHH10H1N)rrrrr"rrtr rrrrsA&",rr)$r __future__rrrrr8rerrlr^rxr`containerregistry.clientrhttplib2 oauth2clientrsixwith_metaclassABCMetaobjectr rrr)rDrArjrOrrrr|rrDefaultKeychainr rrrsI&%  0/ I!s!!#++v6I2X2$9N9.  KUK>F/9U/9d !s!!#++v6 " #6>x>D#$r