Implement authenticate & push

Author: FabianKramm

pkg/devspace/builder/docker/auth.go

@@ -0,0 +1,60 @@
+package docker
+
+import (
+	"context"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+
+	"github.com/covexo/devspace/pkg/util/log"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/registry"
+)
+
+func getOfficialServer(ctx context.Context, client client.CommonAPIClient) string {
+	// The daemon `/info` endpoint informs us of the default registry being
+	// used. This is essential in cross-platforms environment, where for
+	// example a Linux client might be interacting with a Windows daemon, hence
+	// the default registry URL might be Windows specific.
+	serverAddress := registry.IndexServer
+	if info, err := client.Info(ctx); err != nil {
+		// Only report the warning if we're in debug mode to prevent nagging during engine initialization workflows
+		fmt.Fprintf(log.GetInstance(), "Warning: failed to get default registry endpoint from daemon (%v). Using system default: %s\n", err, serverAddress)
+	} else if info.IndexServerAddress == "" {
+		fmt.Fprintf(log.GetInstance(), "Warning: Empty registry endpoint from daemon. Using system default: %s\n", serverAddress)
+	} else {
+		serverAddress = info.IndexServerAddress
+	}
+
+	return serverAddress
+}
+
+func encodeAuthToBase64(authConfig types.AuthConfig) (string, error) {
+	buf, err := json.Marshal(authConfig)
+	if err != nil {
+		return "", err
+	}
+	return base64.URLEncoding.EncodeToString(buf), nil
+}
+
+func getDefaultAuthConfig(client client.CommonAPIClient, checkCredStore bool, serverAddress string, isDefaultRegistry bool) (*types.AuthConfig, error) {
+	var authconfig types.AuthConfig
+	var err error
+
+	configfile, _ := loadDockerConfig()
+
+	if !isDefaultRegistry {
+		serverAddress = registry.ConvertToHostname(serverAddress)
+	}
+
+	if checkCredStore {
+		authconfig, err = configfile.GetAuthConfig(serverAddress)
+	} else {
+		authconfig = types.AuthConfig{}
+	}
+
+	authconfig.ServerAddress = serverAddress
+	authconfig.IdentityToken = ""
+	return &authconfig, err
+}

pkg/devspace/builder/docker/client.go

@@ -14,6 +14,8 @@ import (
 	"k8s.io/client-go/tools/clientcmd"
 )
 
+var isMinikubeVar *bool
+
 func newDockerClientFromEnvironment() (client.CommonAPIClient, error) {
 	cli, err := client.NewClientWithOpts(client.FromEnv)
 	if err != nil {

pkg/devspace/builder/docker/docker.go

@@ -2,10 +2,13 @@ package docker
 
 import (
 	"os"
+	"strings"
 
 	"context"
 
+	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/pkg/term"
+	"github.com/docker/docker/registry"
 
 	"github.com/covexo/devspace/pkg/util/log"
 	"github.com/docker/cli/cli/command/image/build"
@@ -21,16 +24,15 @@ import (
 	"github.com/docker/docker/pkg/jsonmessage"
 )
 
-var isMinikubeVar *bool
-
 // Builder holds the necessary information to build and push docker images
 type Builder struct {
 	RegistryURL string
 	ImageName   string
 	ImageTag    string
 
-	imageURL string
-	client   client.CommonAPIClient
+	imageURL   string
+	authConfig *types.AuthConfig
+	client     client.CommonAPIClient
 }
 
 // NewBuilder creates a new docker Builder instance
@@ -49,16 +51,34 @@ func NewBuilder(registryURL, imageName, imageTag string, preferMinikube bool) (*
 		}
 	}
 
+	// Check if it's the official registry or not
+	ref, err := reference.ParseNormalizedNamed(registryURL)
+	if err != nil {
+		return nil, err
+	}
+
+	repoInfo, err := registry.ParseRepositoryInfo(ref)
+	if err != nil {
+		return nil, err
+	}
+
+	imageURL := registryURL + "/" + imageName + ":" + imageTag
+	if repoInfo.Index.Official {
+		imageURL = imageName + ":" + imageTag
+	}
+
 	return &Builder{
 		RegistryURL: registryURL,
 		ImageName:   imageName,
 		ImageTag:    imageTag,
-		imageURL:    registryURL + "/" + imageName + ":" + imageTag,
+		imageURL:    imageURL,
 		client:      cli,
 	}, nil
 }
 
 // BuildImage builds a dockerimage with the docker cli
+// contextPath is the absolute path to the context path
+// dockerfilePath is the absolute path to the dockerfile WITHIN the contextPath
 func (b *Builder) BuildImage(contextPath, dockerfilePath string, options *types.ImageBuildOptions) error {
 	if options == nil {
 		options = &types.ImageBuildOptions{}
@@ -76,7 +96,7 @@ func (b *Builder) BuildImage(contextPath, dockerfilePath string, options *types.
 	}
 
 	if err := build.ValidateContextDirectory(contextDir, excludes); err != nil {
-		return errors.Errorf("error checking context: '%s'.", err)
+		return errors.Errorf("Error checking context: '%s'", err)
 	}
 
 	// And canonicalize dockerfile name to a platform-independent one
@@ -105,7 +125,7 @@ func (b *Builder) BuildImage(contextPath, dockerfilePath string, options *types.
 		AuthConfigs: authConfigs,
 	})
 	if err != nil {
-		return errors.Wrap(err, "docker build")
+		return err
 	}
 	defer response.Body.Close()
 
@@ -118,36 +138,70 @@ func (b *Builder) BuildImage(contextPath, dockerfilePath string, options *types.
 	return nil
 }
 
-// Authenticate authenticates the cli with a remote registry
-func (b *Builder) Authenticate(user, password string) error {
-	return nil
-}
+// Authenticate authenticates the client with a remote registry
+func (b *Builder) Authenticate(user, password string, checkCredentialsStore bool) error {
+	ctx := context.Background()
+	serverAddress := b.RegistryURL
+	ref, err := reference.ParseNormalizedNamed(serverAddress)
+	if err != nil {
+		return err
+	}
 
-// PushImage pushes an image to the specified registry
-func (b *Builder) PushImage() error {
-	/*if isMinikube() {
-		err := pushImageMinikube(buildtag)
+	repoInfo, err := registry.ParseRepositoryInfo(ref)
+	if err != nil {
+		return err
+	}
 
-		if err == nil {
-			return nil
-		}
+	authServer := getOfficialServer(ctx, b.client)
+	if repoInfo.Index.Official {
+		serverAddress = authServer
+	}
 
-		// Fallback to normal docker cli if minikube failed
+	authConfig, err := getDefaultAuthConfig(b.client, checkCredentialsStore, serverAddress, serverAddress == authServer)
+	if err != nil || authConfig.Username == "" || authConfig.Password == "" {
+		authConfig.Username = strings.TrimSpace(user)
+		authConfig.Password = strings.TrimSpace(password)
 	}
 
-	ctx := context.Background()
-	dockerArgs := []string{"push", buildtag}
+	response, err := b.client.RegistryLogin(ctx, *authConfig)
+	if err != nil {
+		return err
+	}
 
-	cmd := exec.CommandContext(ctx, "docker", dockerArgs...)
+	if response.IdentityToken != "" {
+		authConfig.Password = ""
+		authConfig.IdentityToken = response.IdentityToken
+	}
 
-	cmd.Stdout = log.GetInstance()
-	cmd.Stderr = log.GetInstance()
+	b.authConfig = authConfig
+	return nil
+}
 
-	err := cmd.Run()
+// PushImage pushes an image to the specified registry
+func (b *Builder) PushImage() error {
+	ctx := context.Background()
+	ref, err := reference.ParseNormalizedNamed(b.imageURL)
+	if err != nil {
+		return err
+	}
 
+	encodedAuth, err := encodeAuthToBase64(*b.authConfig)
 	if err != nil {
 		return err
-	}*/
+	}
+
+	out, err := b.client.ImagePush(ctx, reference.FamiliarString(ref), types.ImagePushOptions{
+		RegistryAuth: encodedAuth,
+	})
+	if err != nil {
+		return err
+	}
+
+	fd, _ := term.GetFdInfo(os.Stdout)
+	err = jsonmessage.DisplayJSONMessagesStream(out, log.GetInstance(), fd, false, nil)
+	if err != nil {
+		return err
+	}
 
 	return nil
 }