Merge pull request #2188 from docker/c6374-credhelpers

Modernize auth management

Author: shin-

docker/api/build.py

@@ -288,46 +288,29 @@ def _set_auth_headers(self, headers):
         # file one more time in case anything showed up in there.
         if not self._auth_configs:
             log.debug("No auth config in memory - loading from filesystem")
-            self._auth_configs = auth.load_config()
+            self._auth_configs = auth.load_config(
+                credsore_env=self.credsore_env
+            )
 
         # Send the full auth configuration (if any exists), since the build
         # could use any (or all) of the registries.
         if self._auth_configs:
-            auth_cfgs = self._auth_configs
-            auth_data = {}
-            if auth_cfgs.get('credsStore'):
-                # Using a credentials store, we need to retrieve the
-                # credentials for each registry listed in the config.json file
-                # Matches CLI behavior: https://github.com/docker/docker/blob/
-                # 67b85f9d26f1b0b2b240f2d794748fac0f45243c/cliconfig/
-                # credentials/native_store.go#L68-L83
-                for registry in auth_cfgs.get('auths', {}).keys():
-                    auth_data[registry] = auth.resolve_authconfig(
-                        auth_cfgs, registry,
-                        credstore_env=self.credstore_env,
-                    )
-            else:
-                for registry in auth_cfgs.get('credHelpers', {}).keys():
-                    auth_data[registry] = auth.resolve_authconfig(
-                        auth_cfgs, registry,
-                        credstore_env=self.credstore_env
-                    )
-                for registry, creds in auth_cfgs.get('auths', {}).items():
-                    if registry not in auth_data:
-                        auth_data[registry] = creds
-                # See https://github.com/docker/docker-py/issues/1683
-                if auth.INDEX_NAME in auth_data:
-                    auth_data[auth.INDEX_URL] = auth_data[auth.INDEX_NAME]
+            auth_data = self._auth_configs.get_all_credentials()
+
+            # See https://github.com/docker/docker-py/issues/1683
+            if auth.INDEX_URL not in auth_data and auth.INDEX_URL in auth_data:
+                auth_data[auth.INDEX_URL] = auth_data.get(auth.INDEX_NAME, {})
 
             log.debug(
                 'Sending auth config ({0})'.format(
                     ', '.join(repr(k) for k in auth_data.keys())
                 )
             )
 
-            headers['X-Registry-Config'] = auth.encode_header(
-                auth_data
-            )
+            if auth_data:
+                headers['X-Registry-Config'] = auth.encode_header(
+                    auth_data
+                )
         else:
             log.debug('No auth config found')
 

docker/api/client.py

@@ -115,7 +115,7 @@ def __init__(self, base_url=None, version=None,
 
         self._general_configs = config.load_general_config()
         self._auth_configs = auth.load_config(
-            config_dict=self._general_configs
+            config_dict=self._general_configs, credstore_env=credstore_env,
         )
         self.credstore_env = credstore_env
 
@@ -480,4 +480,6 @@ def reload_config(self, dockercfg_path=None):
         Returns:
             None
         """
-        self._auth_configs = auth.load_config(dockercfg_path)
+        self._auth_configs = auth.load_config(
+            dockercfg_path, credstore_env=self.credstore_env
+        )

docker/api/daemon.py

@@ -124,13 +124,15 @@ def login(self, username, password=None, email=None, registry=None,
         # If dockercfg_path is passed check to see if the config file exists,
         # if so load that config.
         if dockercfg_path and os.path.exists(dockercfg_path):
-            self._auth_configs = auth.load_config(dockercfg_path)
+            self._auth_configs = auth.load_config(
+                dockercfg_path, credstore_env=self.credstore_env
+            )
         elif not self._auth_configs:
-            self._auth_configs = auth.load_config()
+            self._auth_configs = auth.load_config(
+                credstore_env=self.credstore_env
+            )
 
-        authcfg = auth.resolve_authconfig(
-            self._auth_configs, registry, credstore_env=self.credstore_env,
-        )
+        authcfg = self._auth_configs.resolve_authconfig(registry)
         # If we found an existing auth config for this registry and username
         # combination, we can return it immediately unless reauth is requested.
         if authcfg and authcfg.get('username', None) == username \
@@ -146,9 +148,7 @@ def login(self, username, password=None, email=None, registry=None,
 
         response = self._post_json(self._url('/auth'), data=req_data)
         if response.status_code == 200:
-            if 'auths' not in self._auth_configs:
-                self._auth_configs['auths'] = {}
-            self._auth_configs['auths'][registry or auth.INDEX_NAME] = req_data
+            self._auth_configs.add_auth(registry or auth.INDEX_NAME, req_data)
         return self._result(response, json=True)
 
     def ping(self):