| 362 | } |
| 363 | |
| 364 | func (d *Client) getDockerAuths( |
| 365 | ctx context.Context, |
| 366 | image reference.Named, |
| 367 | userRegistry *typeReg.AuthConfig, |
| 368 | p events.Publisher[Event], |
| 369 | ) (*typeReg.AuthConfig, error) { |
| 370 | imageDomain := reference.Domain(image) |
| 371 | // Try user submitted registry auth config. |
| 372 | if userRegistry != nil { |
| 373 | // TODO: remove didNotPassServerAddress when it becomes required. |
| 374 | didNotPassServerAddress := userRegistry.ServerAddress == "" |
| 375 | if didNotPassServerAddress { |
| 376 | if err := p.Publish(ctx, NewLogEvent(model.LogLevelWarning, |
| 377 | "setting registry_auth without registry_auth.serveraddress is deprecated "+ |
| 378 | "and the latter will soon be required")); err != nil { |
| 379 | return nil, err |
| 380 | } |
| 381 | } |
| 382 | |
| 383 | registryDomain := registry.ConvertToHostname(userRegistry.ServerAddress) |
| 384 | if registryDomain == imageDomain || didNotPassServerAddress { |
| 385 | return userRegistry, nil |
| 386 | } |
| 387 | if err := p.Publish(ctx, NewLogEvent(model.LogLevelWarning, fmt.Sprintf( |
| 388 | "not using expconfig registry_auth since expconf "+ |
| 389 | "registry_auth.serverAddress %s did not match the image serverAddress %s", |
| 390 | registryDomain, imageDomain, |
| 391 | ))); err != nil { |
| 392 | return nil, err |
| 393 | } |
| 394 | } |
| 395 | |
| 396 | // Try using credential stores specified in ~/.docker/config.json. |
| 397 | if store, ok := d.credentialStores[imageDomain]; ok { |
| 398 | creds, err := store.get() |
| 399 | if err != nil { |
| 400 | return nil, fmt.Errorf("unable to get credentials from helper: %w", err) |
| 401 | } |
| 402 | |
| 403 | if err := p.Publish(ctx, NewLogEvent(model.LogLevelInfo, fmt.Sprintf( |
| 404 | "domain '%s' found in 'credHelpers' config, using credentials helper", |
| 405 | imageDomain, |
| 406 | ))); err != nil { |
| 407 | return nil, err |
| 408 | } |
| 409 | |
| 410 | return &creds, nil |
| 411 | } |
| 412 | |
| 413 | // Finally try using auths section of user's ~/.docker/config.json. |
| 414 | index, err := registry.ParseSearchIndexInfo(image.String()) |
| 415 | if err != nil { |
| 416 | return nil, fmt.Errorf("error invalid docker repo name: %w", err) |
| 417 | } |
| 418 | reg := registry.ResolveAuthConfig(d.authConfigs, index) |
| 419 | if reg == (typeReg.AuthConfig{}) { |
| 420 | return ®, nil |
| 421 | } |