bump version

CLOUD-3774 not permanently cache invalid auth header

Dockerfile

@@ -1,5 +1,7 @@
 FROM python:2.7.11-alpine
 
+RUN apk update && apk add ca-certificates
+
 ADD . /sdk
 WORKDIR sdk
 RUN python setup.py install

README.md

@@ -29,6 +29,19 @@ The authentication can be configured in the following ways:
 		export DOCKERCLOUD_USER=username
 		export DOCKERCLOUD_APIKEY=apikey
 
+## Namespace
+
+To support teams and orgs, you can specify the namespace in the following ways:
+
+* Set it in the Python code:
+
+        import dockercloud
+        dockercloud.namespace = "yourteam"
+
+* Set it in the environment variable:
+
+        export DOCKERCLOUD_NAMESPACE=yourteam
+
 ## Errors
 
 Errors in the HTTP API will be returned with status codes in the 4xx and 5xx ranges.

dockercloud/__init__.py

@@ -25,7 +25,7 @@ from dockercloud.api.utils import Utils
 from dockercloud.api.events import Events
 from dockercloud.api.nodeaz import AZ
 
-__version__ = '1.0.5'
+__version__ = '1.0.9'
 
 dockercloud_auth = os.environ.get('DOCKERCLOUD_AUTH')
 basic_auth = auth.load_from_file("~/.docker/config.json")
@@ -38,6 +38,8 @@ if os.environ.get('DOCKERCLOUD_USER') and os.environ.get('DOCKERCLOUD_APIKEY'):
 rest_host = os.environ.get("DOCKERCLOUD_REST_HOST") or 'https://cloud.docker.com/'
 stream_host = os.environ.get("DOCKERCLOUD_STREAM_HOST") or 'wss://ws.cloud.docker.com/'
 
+namespace = os.environ.get('DOCKERCLOUD_NAMESPACE')
+
 user_agent = None
 
 logging.basicConfig()

dockercloud/api/action.py

@@ -6,6 +6,7 @@ from .base import Immutable, StreamingLog
 class Action(Immutable):
     subsystem = 'audit'
     endpoint = "/action"
+    namespaced = False
 
     @classmethod
     def _pk_key(cls):

dockercloud/api/auth.py

@@ -3,12 +3,14 @@ from __future__ import absolute_import
 import base64
 import json
 import os
+import subprocess
 
 from requests.auth import HTTPBasicAuth
 
 import dockercloud
 from .http import send_request
 
+HUB_INDEX = "https://index.docker.io/v1/"
 
 def authenticate(username, password):
     verify_credential(username, password)
@@ -43,11 +45,29 @@ def load_from_file(f="~/.docker/config.json"):
     try:
         with open(os.path.expanduser(f)) as config_file:
             data = json.load(config_file)
-
+    except:
-        return data.get("auths", {}).get("https://index.docker.io/v1/", {}).get("auth", None)
-    except Exception:
         return None
 
+    creds_store = data.get("credsStore", None)
+    if creds_store:
+        try:
+            cmd = "docker-credential-" + creds_store
+            p = subprocess.Popen([cmd, 'get'], stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
+            out = p.communicate(input=HUB_INDEX)[0]
+        except:
+            raise dockercloud.AuthError('error getting credentials - err: exec: "%s": executable file not found in $PATH, out: ``' % cmd)
+
+        try:
+            credential = json.loads(out)
+            username = credential.get("Username")
+            password = credential.get("Secret")
+            return base64.b64encode("%s:%s" % (username, password))
+        except:
+            return None
+
+    else:
+        return data.get("auths", {}).get(HUB_INDEX, {}).get("auth", None)
+
 
 def get_auth_header():
     try:

dockercloud/api/base.py

@@ -22,6 +22,7 @@ class BasicObject(object):
 
 class Restful(BasicObject):
     _detail_uri = None
+    namespaced = True
 
     def __init__(self, **kwargs):
         """Simply reflect all the values in kwargs"""
@@ -58,6 +59,10 @@ class Restful(BasicObject):
         assert subsystem, "Subsystem not specified for %s" % self.__class__.__name__
         for k, v in list(dict.items()):
             setattr(self, k, v)
+        if self.namespaced and dockercloud.namespace:
+            self._detail_uri = "/".join(["api", subsystem, self._api_version, dockercloud.namespace,
+                                         endpoint.strip("/"), self.pk])
+        else:
             self._detail_uri = "/".join(["api", subsystem, self._api_version, endpoint.strip("/"), self.pk])
         self.__setchanges__([])
 
@@ -126,6 +131,9 @@ class Immutable(Restful):
         subsystem = getattr(cls, 'subsystem', None)
         assert endpoint, "Endpoint not specified for %s" % cls.__name__
         assert subsystem, "Subsystem not specified for %s" % cls.__name__
+        if cls.namespaced and dockercloud.namespace:
+            detail_uri = "/".join(["api", subsystem, cls._api_version, dockercloud.namespace, endpoint.strip("/"), pk])
+        else:
             detail_uri = "/".join(["api", subsystem, cls._api_version, endpoint.strip("/"), pk])
         json = send_request('GET', detail_uri)
         if json:
@@ -141,6 +149,9 @@ class Immutable(Restful):
         assert endpoint, "Endpoint not specified for %s" % cls.__name__
         assert subsystem, "Subsystem not specified for %s" % cls.__name__
 
+        if cls.namespaced and dockercloud.namespace:
+            detail_uri = "/".join(["api", subsystem, cls._api_version, dockercloud.namespace, endpoint.strip("/")])
+        else:
             detail_uri = "/".join(["api", subsystem, cls._api_version, endpoint.strip("/")])
         objects = []
         while True:
@@ -219,6 +230,9 @@ class Mutable(Immutable):
             # Figure out whether we should do a create or update
             if not self._detail_uri:
                 action = "POST"
+                if cls.namespaced and dockercloud.namespace:
+                    path = "/".join(["api", subsystem, self._api_version, dockercloud.namespace, endpoint.lstrip("/")])
+                else:
                     path = "/".join(["api", subsystem, self._api_version, endpoint.lstrip("/")])
             else:
                 action = "PATCH"
@@ -253,11 +267,7 @@ class Triggerable(BasicObject):
 
 class StreamingAPI(BasicObject):
     def __init__(self, url):
-        self._ws_init(url)
-
-    def _ws_init(self, url):
         self.url = url
-
         user_agent = 'python-dockercloud/%s' % dockercloud.__version__
         if dockercloud.user_agent:
             user_agent = "%s %s" % (dockercloud.user_agent, user_agent)
@@ -316,7 +326,12 @@ class StreamingLog(StreamingAPI):
         endpoint = "%s/%s/logs/?follow=%s" % (resource, uuid, str(follow).lower())
         if tail:
             endpoint = "%s&tail=%d" % (endpoint, tail)
-        url = "/".join([dockercloud.stream_host.rstrip("/"), "api", subsystem, self._api_version, endpoint.lstrip("/")])
+        if dockercloud.namespace:
+            url = "/".join([dockercloud.stream_host.rstrip("/"), "api", subsystem, self._api_version,
+                            dockercloud.namespace, endpoint.lstrip("/")])
+        else:
+            url = "/".join([dockercloud.stream_host.rstrip("/"), "api", subsystem, self._api_version,
+                            endpoint.lstrip("/")])
         super(self.__class__, self).__init__(url)
 
     @staticmethod
@@ -335,6 +350,10 @@ class StreamingLog(StreamingAPI):
 class Exec(StreamingAPI):
     def __init__(self, uuid, cmd='sh'):
         endpoint = "container/%s/exec/?command=%s" % (uuid, urllib.quote_plus(cmd))
+        if dockercloud.namespace:
+            url = "/".join([dockercloud.stream_host.rstrip("/"), "api", "app", self._api_version,
+                            dockercloud.namespace, endpoint.lstrip("/")])
+        else:
             url = "/".join([dockercloud.stream_host.rstrip("/"), "api", "app", self._api_version, endpoint.lstrip("/")])
         super(self.__class__, self).__init__(url)
 

dockercloud/api/events.py

@@ -15,9 +15,12 @@ logger = logging.getLogger("python-dockercloud")
 class Events(StreamingAPI):
     def __init__(self):
         endpoint = "events"
-        url = "/".join([dockercloud.stream_host.rstrip("/"), "api", "audit", self._api_version, endpoint.lstrip("/")])
+        if dockercloud.namespace:
-        self.invaid_auth_headers = set()
+            url = "/".join([dockercloud.stream_host.rstrip("/"), "api", "audit", self._api_version,
-        self.auth_error = ""
+                            dockercloud.namespace, endpoint.lstrip("/")])
+        else:
+            url = "/".join([dockercloud.stream_host.rstrip("/"), "api", "audit", self._api_version,
+                            endpoint.lstrip("/")])
         super(self.__class__, self).__init__(url)
 
     def _on_message(self, ws, message):
@@ -34,15 +37,16 @@ class Events(StreamingAPI):
 
     def _on_error(self, ws, e):
         if isinstance(e, websocket._exceptions.WebSocketBadStatusException) and getattr(e, "status_code") == 401:
-            self.auth_error = "Not Authorized"
+            self.auth_error = True
-            self.invaid_auth_headers.add(str(dockercloud.auth.get_auth_header()))
 
         super(self.__class__, self)._on_error(ws, e)
 
     def run_forever(self, *args, **kwargs):
         while True:
-            if str(dockercloud.auth.get_auth_header()) in self.invaid_auth_headers:
+            if self.auth_error:
-                raise AuthError(self.auth_error)
+                self.auth_error = False
+                raise AuthError("Not Authorized")
+
             ws = websocket.WebSocketApp(self.url, header=self.header,
                                         on_open=self._on_open,
                                         on_message=self._on_message,

dockercloud/api/nodeaz.py

@@ -6,6 +6,7 @@ from .base import Immutable
 class AZ(Immutable):
     subsystem = "infra"
     endpoint = "/az"
+    namespaced = False
 
     @classmethod
     def _pk_key(cls):

dockercloud/api/nodeprovider.py

@@ -6,6 +6,7 @@ from .base import Immutable
 class Provider(Immutable):
     subsystem = "infra"
     endpoint = "/provider"
+    namespaced = False
 
     @classmethod
     def _pk_key(cls):

dockercloud/api/noderegion.py

@@ -6,6 +6,7 @@ from .base import Immutable
 class Region(Immutable):
     subsystem = "infra"
     endpoint = "/region"
+    namespaced = False
 
     @classmethod
     def _pk_key(cls):

dockercloud/api/nodetype.py

@@ -6,6 +6,7 @@ from .base import Immutable
 class NodeType(Immutable):
     subsystem = "infra"
     endpoint = "/nodetype"
+    namespaced = False
 
     @classmethod
     def _pk_key(cls):