Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support reading credentials from docker credential store #47

Open
Tracked by #36
shizhMSFT opened this issue Dec 14, 2023 · 4 comments
Open
Tracked by #36

Support reading credentials from docker credential store #47

shizhMSFT opened this issue Dec 14, 2023 · 4 comments
Labels
enhancement New feature or request

Comments

@shizhMSFT
Copy link
Contributor

No description provided.

@tmds
Copy link

tmds commented Dec 9, 2024

The .NET SDK's built-in container tooling uses https://github.com/mthalman/docker-creds-provider to obtain credentials from these stores.

The credentials are then used by this DelegatingHandler: https://github.com/dotnet/sdk/blob/main/src/Containers/Microsoft.NET.Build.Containers/AuthHandshakeMessageHandler.cs to set appropriate headers.

@shizhMSFT what do you think about adopting a similar implementation?

@shizhMSFT
Copy link
Contributor Author

Thank @tmds for mentioning this SDK.

I took a look at https://github.com/mthalman/docker-creds-provider. It provides the functionality of reading credentials (i.e. the read path) by properly following the docker credential helper protocol. However, it does not provide any operations for write paths. In other words, we are unable to implement Login and Logout using this SDK.

@shizhMSFT
Copy link
Contributor Author

I think we can start with this SDK by wrapping it. Then replace with our own implementation when we do need the write paths.

@tmds
Copy link

tmds commented Dec 11, 2024

Also interesting in this context: the SDK implements the "insecure" option with this https://github.com/dotnet/sdk/blob/main/src/Containers/Microsoft.NET.Build.Containers/FallbackToHttpMessageHandler.cs.

https://github.com/dotnet/sdk/blob/main/src/Containers/Microsoft.NET.Build.Containers/Registry/DefaultRegistryAPI.cs is where these pieces are assembled into an HttpClient.

I see there is a HttpClientWithBasicAuth class in the OrasProject.Oras.Registry.Remote.Auth namespace.

If you are open to external contributions, I can look at implementing a "HttpClientWithRegistryAuth" based on how the SDK handles these things.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants