diff --git a/cli/command/container/create.go b/cli/command/container/create.go index c7ffcb562d..1a48c69f15 100644 --- a/cli/command/container/create.go +++ b/cli/command/container/create.go @@ -16,6 +16,7 @@ import ( "github.com/docker/distribution/reference" "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/container" + registrytypes "github.com/docker/docker/api/types/registry" "github.com/docker/docker/api/types/versions" apiclient "github.com/docker/docker/client" "github.com/docker/docker/pkg/jsonmessage" @@ -125,7 +126,7 @@ func pullImage(ctx context.Context, dockerCli command.Cli, image string, platfor } authConfig := command.ResolveAuthConfig(ctx, dockerCli, repoInfo.Index) - encodedAuth, err := command.EncodeAuthToBase64(authConfig) + encodedAuth, err := registrytypes.EncodeAuthConfig(authConfig) if err != nil { return err } diff --git a/cli/command/image/push.go b/cli/command/image/push.go index e870432f08..f60a92c33c 100644 --- a/cli/command/image/push.go +++ b/cli/command/image/push.go @@ -11,6 +11,7 @@ import ( "github.com/docker/cli/cli/streams" "github.com/docker/distribution/reference" "github.com/docker/docker/api/types" + registrytypes "github.com/docker/docker/api/types/registry" "github.com/docker/docker/pkg/jsonmessage" "github.com/docker/docker/registry" "github.com/pkg/errors" @@ -76,7 +77,7 @@ func RunPush(dockerCli command.Cli, opts pushOptions) error { // Resolve the Auth config relevant for this server authConfig := command.ResolveAuthConfig(ctx, dockerCli, repoInfo.Index) - encodedAuth, err := command.EncodeAuthToBase64(authConfig) + encodedAuth, err := registrytypes.EncodeAuthConfig(authConfig) if err != nil { return err } diff --git a/cli/command/image/trust.go b/cli/command/image/trust.go index 9e06c4604b..98c325b061 100644 --- a/cli/command/image/trust.go +++ b/cli/command/image/trust.go @@ -264,7 +264,7 @@ func getTrustedPullTargets(cli command.Cli, imgRefAndAuth trust.ImageRefAndAuth) func imagePullPrivileged(ctx context.Context, cli command.Cli, imgRefAndAuth trust.ImageRefAndAuth, opts PullOptions) error { ref := reference.FamiliarString(imgRefAndAuth.Reference()) - encodedAuth, err := command.EncodeAuthToBase64(*imgRefAndAuth.AuthConfig()) + encodedAuth, err := registrytypes.EncodeAuthConfig(*imgRefAndAuth.AuthConfig()) if err != nil { return err } diff --git a/cli/command/plugin/install.go b/cli/command/plugin/install.go index d178f19cfe..2b6d3040cf 100644 --- a/cli/command/plugin/install.go +++ b/cli/command/plugin/install.go @@ -10,6 +10,7 @@ import ( "github.com/docker/cli/cli/command/image" "github.com/docker/distribution/reference" "github.com/docker/docker/api/types" + registrytypes "github.com/docker/docker/api/types/registry" "github.com/docker/docker/pkg/jsonmessage" "github.com/docker/docker/registry" "github.com/pkg/errors" @@ -86,8 +87,7 @@ func buildPullConfig(ctx context.Context, dockerCli command.Cli, opts pluginOpti } authConfig := command.ResolveAuthConfig(ctx, dockerCli, repoInfo.Index) - - encodedAuth, err := command.EncodeAuthToBase64(authConfig) + encodedAuth, err := registrytypes.EncodeAuthConfig(authConfig) if err != nil { return types.PluginInstallOptions{}, err } diff --git a/cli/command/plugin/push.go b/cli/command/plugin/push.go index 8b9dc09ca4..bb03bcfc11 100644 --- a/cli/command/plugin/push.go +++ b/cli/command/plugin/push.go @@ -7,6 +7,7 @@ import ( "github.com/docker/cli/cli/command" "github.com/docker/cli/cli/command/image" "github.com/docker/distribution/reference" + registrytypes "github.com/docker/docker/api/types/registry" "github.com/docker/docker/pkg/jsonmessage" "github.com/docker/docker/registry" "github.com/pkg/errors" @@ -55,8 +56,7 @@ func runPush(dockerCli command.Cli, opts pushOptions) error { return err } authConfig := command.ResolveAuthConfig(ctx, dockerCli, repoInfo.Index) - - encodedAuth, err := command.EncodeAuthToBase64(authConfig) + encodedAuth, err := registrytypes.EncodeAuthConfig(authConfig) if err != nil { return err } diff --git a/cli/command/registry.go b/cli/command/registry.go index 2248f6515d..41cc951b93 100644 --- a/cli/command/registry.go +++ b/cli/command/registry.go @@ -3,8 +3,6 @@ package command import ( "bufio" "context" - "encoding/base64" - "encoding/json" "fmt" "io" "os" @@ -21,13 +19,9 @@ import ( "github.com/pkg/errors" ) -// EncodeAuthToBase64 serializes the auth configuration as JSON base64 payload +// EncodeAuthToBase64 serializes the auth configuration as JSON base64 payload. func EncodeAuthToBase64(authConfig registrytypes.AuthConfig) (string, error) { - buf, err := json.Marshal(authConfig) - if err != nil { - return "", err - } - return base64.URLEncoding.EncodeToString(buf), nil + return registrytypes.EncodeAuthConfig(authConfig) } // RegistryAuthenticationPrivilegedFunc returns a RequestPrivilegeFunc from the specified registry index info @@ -45,7 +39,7 @@ func RegistryAuthenticationPrivilegedFunc(cli Cli, index *registrytypes.IndexInf if err != nil { return "", err } - return EncodeAuthToBase64(authConfig) + return registrytypes.EncodeAuthConfig(authConfig) } } @@ -177,14 +171,19 @@ func promptWithDefault(out io.Writer, prompt string, configDefault string) { } } -// RetrieveAuthTokenFromImage retrieves an encoded auth token given a complete image +// RetrieveAuthTokenFromImage retrieves an encoded auth token given a complete +// image. The auth configuration is serialized as a base64url encoded RFC4648, +// section 5) JSON string for sending through the X-Registry-Auth header. +// +// For details on base64url encoding, see: +// - RFC4648, section 5: https://tools.ietf.org/html/rfc4648#section-5 func RetrieveAuthTokenFromImage(ctx context.Context, cli Cli, image string) (string, error) { // Retrieve encoded auth token from the image reference authConfig, err := resolveAuthConfigFromImage(ctx, cli, image) if err != nil { return "", err } - encodedAuth, err := EncodeAuthToBase64(authConfig) + encodedAuth, err := registrytypes.EncodeAuthConfig(authConfig) if err != nil { return "", err } diff --git a/cli/command/registry/search.go b/cli/command/registry/search.go index 8c27b9c207..6ba00b5236 100644 --- a/cli/command/registry/search.go +++ b/cli/command/registry/search.go @@ -8,6 +8,7 @@ import ( "github.com/docker/cli/cli/command/formatter" "github.com/docker/cli/opts" "github.com/docker/docker/api/types" + registrytypes "github.com/docker/docker/api/types/registry" "github.com/docker/docker/registry" "github.com/spf13/cobra" ) @@ -54,15 +55,13 @@ func runSearch(dockerCli command.Cli, options searchOptions) error { } ctx := context.Background() - authConfig := command.ResolveAuthConfig(ctx, dockerCli, indexInfo) - requestPrivilege := command.RegistryAuthenticationPrivilegedFunc(dockerCli, indexInfo, "search") - - encodedAuth, err := command.EncodeAuthToBase64(authConfig) + encodedAuth, err := registrytypes.EncodeAuthConfig(authConfig) if err != nil { return err } + requestPrivilege := command.RegistryAuthenticationPrivilegedFunc(dockerCli, indexInfo, "search") results, err := dockerCli.Client().ImageSearch(ctx, options.term, types.ImageSearchOptions{ RegistryAuth: encodedAuth, PrivilegeFunc: requestPrivilege, diff --git a/cli/command/trust/sign.go b/cli/command/trust/sign.go index e5d7f6b7cd..5f8f3c1014 100644 --- a/cli/command/trust/sign.go +++ b/cli/command/trust/sign.go @@ -13,6 +13,7 @@ import ( "github.com/docker/cli/cli/command/image" "github.com/docker/cli/cli/trust" "github.com/docker/docker/api/types" + registrytypes "github.com/docker/docker/api/types/registry" "github.com/pkg/errors" "github.com/spf13/cobra" "github.com/theupdateframework/notary/client" @@ -93,7 +94,7 @@ func runSignImage(cli command.Cli, options signOptions) error { fmt.Fprintf(cli.Err(), "Signing and pushing trust data for local image %s, may overwrite remote trust data\n", imageName) authConfig := command.ResolveAuthConfig(ctx, cli, imgRefAndAuth.RepoInfo().Index) - encodedAuth, err := command.EncodeAuthToBase64(authConfig) + encodedAuth, err := registrytypes.EncodeAuthConfig(authConfig) if err != nil { return err }