mirror of https://github.com/helm/helm
Add support for CredentialProvider that can be used to specify credentials that should be used for a registry
parent
4b4d58c8ac
commit
0f8b3f7767
@ -0,0 +1,81 @@
|
||||
/*
|
||||
Copyright 2015 The Kubernetes Authors All rights reserved.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package registry
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
|
||||
"github.com/ghodss/yaml"
|
||||
"github.com/kubernetes/deployment-manager/common"
|
||||
|
||||
/*
|
||||
"net/url"
|
||||
"regexp"
|
||||
"strings"
|
||||
"sync"
|
||||
*/)
|
||||
|
||||
// CredentialProvider provides credentials for registries.
|
||||
type FilebasedCredentialProvider struct {
|
||||
// Actual backing store
|
||||
backingCredentialProvider common.CredentialProvider
|
||||
}
|
||||
|
||||
type NamedRegistryCredential struct {
|
||||
Name string `json:"name,omitempty"`
|
||||
common.RegistryCredential
|
||||
}
|
||||
|
||||
func NewFilebasedCredentialProvider(filename string) (common.CredentialProvider, error) {
|
||||
icp := NewInmemCredentialProvider()
|
||||
c, err := readCredentialsFile(filename)
|
||||
if err != nil {
|
||||
return &FilebasedCredentialProvider{}, err
|
||||
}
|
||||
for _, nc := range c {
|
||||
log.Printf("Adding credential %s", nc.Name)
|
||||
icp.SetCredential(nc.Name, &nc.RegistryCredential)
|
||||
}
|
||||
|
||||
return &FilebasedCredentialProvider{icp}, nil
|
||||
}
|
||||
|
||||
func readCredentialsFile(filename string) ([]NamedRegistryCredential, error) {
|
||||
bytes, err := ioutil.ReadFile(filename)
|
||||
if err != nil {
|
||||
return []NamedRegistryCredential{}, err
|
||||
}
|
||||
return parseCredentials(bytes)
|
||||
}
|
||||
|
||||
func parseCredentials(bytes []byte) ([]NamedRegistryCredential, error) {
|
||||
r := []NamedRegistryCredential{}
|
||||
if err := yaml.Unmarshal(bytes, &r); err != nil {
|
||||
return []NamedRegistryCredential{}, fmt.Errorf("cannot unmarshal credentials file (%#v)", err)
|
||||
}
|
||||
return r, nil
|
||||
}
|
||||
|
||||
func (fcp *FilebasedCredentialProvider) GetCredential(name string) (*common.RegistryCredential, error) {
|
||||
return fcp.backingCredentialProvider.GetCredential(name)
|
||||
}
|
||||
|
||||
func (fcp *FilebasedCredentialProvider) SetCredential(name string, credential *common.RegistryCredential) error {
|
||||
return fmt.Errorf("SetCredential operation not supported with FilebasedCredentialProvider")
|
||||
}
|
@ -0,0 +1,60 @@
|
||||
/*
|
||||
Copyright 2015 The Kubernetes Authors All rights reserved.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package registry
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/kubernetes/deployment-manager/common"
|
||||
)
|
||||
|
||||
var filename = "./test/test_credentials_file.yaml"
|
||||
|
||||
type filebasedTestCase struct {
|
||||
name string
|
||||
exp *common.RegistryCredential
|
||||
expErr error
|
||||
}
|
||||
|
||||
func TestNotExistFilebased(t *testing.T) {
|
||||
cp, err := NewFilebasedCredentialProvider(filename)
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to create a new FilebasedCredentialProvider %s : %v", filename, err)
|
||||
}
|
||||
tc := &testCase{"nonexistent", nil, createMissingError("nonexistent")}
|
||||
testGetCredential(t, cp, tc)
|
||||
}
|
||||
|
||||
func TestGetApiTokenFilebased(t *testing.T) {
|
||||
cp, err := NewFilebasedCredentialProvider(filename)
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to create a new FilebasedCredentialProvider %s : %v", filename, err)
|
||||
}
|
||||
tc := &testCase{"test1", &common.RegistryCredential{APIToken: "token"}, nil}
|
||||
testGetCredential(t, cp, tc)
|
||||
}
|
||||
|
||||
func TestSetAndGetBasicAuthFilebased(t *testing.T) {
|
||||
cp, err := NewFilebasedCredentialProvider(filename)
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to create a new FilebasedCredentialProvider %s : %v", filename, err)
|
||||
}
|
||||
tc := &testCase{"test2",
|
||||
&common.RegistryCredential{
|
||||
BasicAuth: common.BasicAuthCredential{"user", "password"}}, nil}
|
||||
testGetCredential(t, cp, tc)
|
||||
}
|
@ -0,0 +1,43 @@
|
||||
/*
|
||||
Copyright 2015 The Kubernetes Authors All rights reserved.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package registry
|
||||
|
||||
import (
|
||||
"github.com/kubernetes/deployment-manager/common"
|
||||
|
||||
"fmt"
|
||||
)
|
||||
|
||||
type InmemCredentialProvider struct {
|
||||
credentials map[string]*common.RegistryCredential
|
||||
}
|
||||
|
||||
func NewInmemCredentialProvider() common.CredentialProvider {
|
||||
return &InmemCredentialProvider{credentials: make(map[string]*common.RegistryCredential)}
|
||||
}
|
||||
|
||||
func (fcp *InmemCredentialProvider) GetCredential(name string) (*common.RegistryCredential, error) {
|
||||
if val, ok := fcp.credentials[name]; ok {
|
||||
return val, nil
|
||||
}
|
||||
return nil, fmt.Errorf("no such credential : %s", name)
|
||||
}
|
||||
|
||||
func (fcp *InmemCredentialProvider) SetCredential(name string, credential *common.RegistryCredential) error {
|
||||
fcp.credentials[name] = &common.RegistryCredential{credential.APIToken, credential.BasicAuth}
|
||||
return nil
|
||||
}
|
@ -0,0 +1,73 @@
|
||||
/*
|
||||
Copyright 2015 The Kubernetes Authors All rights reserved.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package registry
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"reflect"
|
||||
"testing"
|
||||
|
||||
"github.com/kubernetes/deployment-manager/common"
|
||||
)
|
||||
|
||||
type testCase struct {
|
||||
name string
|
||||
exp *common.RegistryCredential
|
||||
expErr error
|
||||
}
|
||||
|
||||
func createMissingError(name string) error {
|
||||
return fmt.Errorf("no such credential : %s", name)
|
||||
}
|
||||
|
||||
func testGetCredential(t *testing.T, cp common.CredentialProvider, tc *testCase) {
|
||||
actual, actualErr := cp.GetCredential(tc.name)
|
||||
if !reflect.DeepEqual(actual, tc.exp) {
|
||||
t.Fatalf("failed on: %s : expected %#v but got %#v", tc.name, tc.exp, actual)
|
||||
}
|
||||
if !reflect.DeepEqual(actualErr, tc.expErr) {
|
||||
t.Fatalf("failed on: %s : expected error %#v but got %#v", tc.name, tc.expErr, actualErr)
|
||||
}
|
||||
}
|
||||
|
||||
func verifySetAndGetCredential(t *testing.T, cp common.CredentialProvider, tc *testCase) {
|
||||
err := cp.SetCredential(tc.name, tc.exp)
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to SetCredential on %s : %v", tc.name, err)
|
||||
}
|
||||
testGetCredential(t, cp, tc)
|
||||
}
|
||||
|
||||
func TestNotExist(t *testing.T) {
|
||||
cp := NewInmemCredentialProvider()
|
||||
tc := &testCase{"nonexistent", nil, createMissingError("nonexistent")}
|
||||
testGetCredential(t, cp, tc)
|
||||
}
|
||||
|
||||
func TestSetAndGetApiToken(t *testing.T) {
|
||||
cp := NewInmemCredentialProvider()
|
||||
tc := &testCase{"testcredential", &common.RegistryCredential{APIToken: "some token here"}, nil}
|
||||
verifySetAndGetCredential(t, cp, tc)
|
||||
}
|
||||
|
||||
func TestSetAndGetBasicAuth(t *testing.T) {
|
||||
cp := NewInmemCredentialProvider()
|
||||
tc := &testCase{"testcredential",
|
||||
&common.RegistryCredential{
|
||||
BasicAuth: common.BasicAuthCredential{"user", "pass"}}, nil}
|
||||
verifySetAndGetCredential(t, cp, tc)
|
||||
}
|
@ -0,0 +1,6 @@
|
||||
- name: test1
|
||||
apitoken: token
|
||||
- name: test2
|
||||
basicauth:
|
||||
username: user
|
||||
password: password
|
Loading…
Reference in new issue