feat: add default auth provider, that uses the same config as the docker cli

Author: silenium-dev

examples/pull/main.go

@@ -3,12 +3,22 @@ package main
 import (
 	"context"
 	"docker-wrapper/pkg/client"
+	"docker-wrapper/pkg/client/auth"
 	"github.com/distribution/reference"
 	client2 "github.com/docker/docker/client"
+	"time"
 )
 
 func main() {
-	cli, err := client.New(client2.FromEnv)
+	authProvider, err := auth.NewDefaultProvider()
+	if err != nil {
+		panic(err)
+	}
+	cli, err := client.NewWithOpts(
+		client.WithAuthProvider(authProvider),
+		client.FromEnv,
+		client.WithDockerOpts(client2.WithTimeout(time.Second*10)),
+	)
 	if err != nil {
 		panic(err)
 	}

go.mod

@@ -13,6 +13,7 @@ require (
 require (
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/containerd/log v0.1.0 // indirect
+	github.com/cpuguy83/dockercfg v0.3.2 // indirect
 	github.com/docker/go-connections v0.5.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect

go.sum

@@ -8,6 +8,8 @@ github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG
 github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
 github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
 github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
+github.com/cpuguy83/dockercfg v0.3.2 h1:DlJTyZGBDlXqUZ2Dk2Q3xHs/FtnooJJVaad2S9GKorA=
+github.com/cpuguy83/dockercfg v0.3.2/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHfjj5/jFyUJc=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=

pkg/client/auth/default.go

@@ -0,0 +1,85 @@
+package auth
+
+import (
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"github.com/cpuguy83/dockercfg"
+	"github.com/distribution/reference"
+	"github.com/docker/docker/api/types/registry"
+	"log"
+	"os"
+)
+
+type DefaultAuthProvider struct {
+	authConfigs map[string]*registry.AuthConfig
+}
+
+func (d *DefaultAuthProvider) AuthConfig(ref reference.Named) registry.AuthConfig {
+	domain := reference.Domain(ref)
+	if ac, ok := d.authConfigs[domain]; ok {
+		log.Printf("using auth config for %s", domain)
+		return *ac
+	}
+	log.Printf("no auth config for %s", domain)
+	return registry.AuthConfig{}
+}
+
+func NewDefaultProvider() (*DefaultAuthProvider, error) {
+	authConfigs := map[string]*registry.AuthConfig{}
+
+	cfg, err := dockercfg.LoadDefaultConfig()
+	if err != nil && !errors.Is(err, os.ErrNotExist) {
+		log.Printf("failed to load docker config: %v", err)
+		return nil, err
+	} else if errors.Is(err, os.ErrNotExist) {
+		log.Printf("docker config not found, using empty config")
+		return &DefaultAuthProvider{authConfigs}, nil
+	}
+
+	for k, v := range cfg.AuthConfigs {
+		ac := &registry.AuthConfig{
+			Username:      v.Username,
+			Password:      v.Password,
+			Email:         v.Email,
+			Auth:          v.Auth,
+			IdentityToken: v.IdentityToken,
+			RegistryToken: v.RegistryToken,
+			ServerAddress: v.ServerAddress,
+		}
+		if ac.Username == "" && ac.Password == "" {
+			err := getCredentials(k, &cfg, ac)
+			if err != nil {
+				log.Printf("failed to get credentials for registry %s: %v", k, err)
+				continue
+			}
+		}
+		if ac.Auth == "" {
+			ac.Auth = base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", ac.Username, ac.Password)))
+		}
+		authConfigs[k] = ac
+	}
+
+	for k := range cfg.CredentialHelpers {
+		err := getCredentials(k, &cfg, authConfigs[k])
+		if err != nil {
+			log.Printf("failed to get credentials for registry %s: %v", k, err)
+		}
+	}
+	return &DefaultAuthProvider{authConfigs}, nil
+}
+
+func getCredentials(registryHost string, cfg *dockercfg.Config, ac *registry.AuthConfig) error {
+	u, p, err := cfg.GetRegistryCredentials(registryHost)
+	if err != nil {
+		return err
+	}
+	if u == "" {
+		ac.IdentityToken = p
+	} else {
+		ac.Username = u
+		ac.Password = p
+	}
+
+	return nil
+}

pkg/client/client.go

@@ -4,6 +4,7 @@ import (
 	"github.com/distribution/reference"
 	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/client"
+	"slices"
 )
 
 type AuthProvider interface {
@@ -12,19 +13,47 @@ type AuthProvider interface {
 
 type Client struct {
 	*client.Client
+	dockerOpts   []client.Opt
 	authProvider AuthProvider
 }
 
-func New(opts ...client.Opt) (*Client, error) {
-	cli, err := client.NewClientWithOpts(opts...)
+type Opt func(*Client) error
+
+func NewWithOpts(opts ...Opt) (*Client, error) {
+	c := &Client{}
+	for _, opt := range opts {
+		err := opt(c)
+		if err != nil {
+			return nil, err
+		}
+	}
+	cli, err := client.NewClientWithOpts(c.dockerOpts...)
 	if err != nil {
 		return nil, err
 	}
-	return &Client{
-		Client: cli,
-	}, nil
+	c.Client = cli
+	return c, nil
 }
 
 func (c *Client) Close() error {
 	return c.Client.Close()
 }
+
+func WithAuthProvider(authProvider AuthProvider) Opt {
+	return func(c *Client) error {
+		c.authProvider = authProvider
+		return nil
+	}
+}
+
+func WithDockerOpts(opts ...client.Opt) Opt {
+	return func(c *Client) error {
+		c.dockerOpts = slices.Concat(c.dockerOpts, opts)
+		return nil
+	}
+}
+
+func FromEnv(c *Client) error {
+	c.dockerOpts = append(c.dockerOpts, client.FromEnv)
+	return nil
+}