search

optiopay / klar

Integration of Clair and Docker Registry
MIT License
506 stars 138 forks source link

Use existing registry token #18

Closed hashmap closed 6 years ago

hashmap commented 7 years ago

Currently Klar relies on docker registry login and password provided as env vars to generate an auth token. As result klar may be used without docker client. However in some cases usage of existing token may be desirable. For example integration with Google Container Registry is much simpler in that case.

Initially a user generates a toke using docker login command and potentially vendor-specific tools (aws, gcloud cli tools). This command creates the file $HOME/.docker/config.json:

{
    "auths": {
        "https://index.docker.io/v2/": {
            "auth": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx="
        },
        "https://registry.example.com/v2/": {
            "auth": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx="
        }
    }
}

If login and password are not provided Klar should parse this file and use existing token. In case if file does not exist or the token is not found the process must terminate with an error.

hashmap commented 6 years ago

Thanks to @jaumann we have core functionality implemented, perhaps it makes sense to add parsing of $HOME/.docker/config.json if no username/tokens were specified and the file exists.