package gcp

import "github.com/vdemeester/k8s-pkg-credentialprovider/gcp"

Package gcp contains implementations of DockerConfigProvider for Google Cloud Platform.

Index ¶

• Constants
• type ContainerRegistryProvider
• func (g *ContainerRegistryProvider) Enabled() bool
• func (g *ContainerRegistryProvider) Provide(image string) credentialprovider.DockerConfig
• type DockerConfigKeyProvider
• func (g *DockerConfigKeyProvider) Provide(image string) credentialprovider.DockerConfig
• type DockerConfigURLKeyProvider
• func (g *DockerConfigURLKeyProvider) Provide(image string) credentialprovider.DockerConfig
• type MetadataProvider
• func (g *MetadataProvider) Enabled() bool

Constants ¶

const (

	// DockerConfigKey is the URL of the dockercfg metadata key used by DockerConfigKeyProvider.
	DockerConfigKey = metadataAttributes + "google-dockercfg"
	// DockerConfigURLKey is the URL of the dockercfg metadata key used by DockerConfigURLKeyProvider.
	DockerConfigURLKey = metadataAttributes + "google-dockercfg-url"

	// StorageScopePrefix is the prefix checked by ContainerRegistryProvider.Enabled.
	StorageScopePrefix = "https://www.googleapis.com/auth/devstorage"
)

Types ¶

type ContainerRegistryProvider ¶

type ContainerRegistryProvider struct {
	MetadataProvider
}

ContainerRegistryProvider is a DockerConfigProvider that provides a dockercfg with:

Username: "_token"
Password: "{access token from metadata}"

func (*ContainerRegistryProvider) Enabled ¶

func (g *ContainerRegistryProvider) Enabled() bool

Enabled implements a special metadata-based check, which verifies the storage scope is available on the GCE VM. If running on a GCE VM, check if 'default' service account exists. If it does not exist, assume that registry is not enabled. If default service account exists, check if relevant scopes exist in the default service account. The metadata service can become temporarily inaccesible. Hence all requests to the metadata service will be retried until the metadata server returns a `200`. It is expected that "http://metadata.google.internal./computeMetadata/v1/instance/service-accounts/" will return a `200` and "http://metadata.google.internal./computeMetadata/v1/instance/service-accounts/default/scopes" will also return `200`. More information on metadata service can be found here - https://cloud.google.com/compute/docs/storing-retrieving-metadata

func (*ContainerRegistryProvider) Provide ¶

func (g *ContainerRegistryProvider) Provide(image string) credentialprovider.DockerConfig

Provide implements DockerConfigProvider

type DockerConfigKeyProvider ¶

type DockerConfigKeyProvider struct {
	MetadataProvider
}

DockerConfigKeyProvider is a DockerConfigProvider that reads its configuration from a specific Google Compute Engine metadata key: 'google-dockercfg'.

func (*DockerConfigKeyProvider) Provide ¶

func (g *DockerConfigKeyProvider) Provide(image string) credentialprovider.DockerConfig

Provide implements DockerConfigProvider

type DockerConfigURLKeyProvider ¶

type DockerConfigURLKeyProvider struct {
	MetadataProvider
}

DockerConfigURLKeyProvider is a DockerConfigProvider that reads its configuration from a URL read from a specific Google Compute Engine metadata key: 'google-dockercfg-url'.

func (*DockerConfigURLKeyProvider) Provide ¶

func (g *DockerConfigURLKeyProvider) Provide(image string) credentialprovider.DockerConfig

Provide implements DockerConfigProvider

type MetadataProvider ¶

type MetadataProvider struct {
	Client *http.Client
}

MetadataProvider is a DockerConfigProvider that reads its configuration from Google Compute Engine metadata.

func (*MetadataProvider) Enabled ¶

func (g *MetadataProvider) Enabled() bool

Enabled implements DockerConfigProvider for all of the Google implementations.

Source Files ¶

doc.go metadata.go