bump version

Merge pull request #19 from docker/not_permanently_cache_invalid_auth_header
CLOUD-3774 not permanently cache invalid auth header
2016-12-01 13:51:32 -08:00 · 2016-12-01 13:49:00 -08:00 · 2016-11-30 10:22:18 -08:00 · 2016-08-05 12:40:37 +02:00 · 2016-08-05 12:40:19 +02:00 · 2016-08-05 12:06:22 +02:00
6 changed files with 32 additions and 14 deletions
--- a/2
+++ b/2
@ -1,5 +1,7 @@
 FROM python:2.7.11-alpine

+RUN apk update && apk add ca-certificates
+
 ADD . /sdk
 WORKDIR sdk
 RUN python setup.py install
--- a/dockercloud/init.py
+++ b/dockercloud/init.py
@ -25,7 +25,7 @@ from dockercloud.api.utils import Utils
 from dockercloud.api.events import Events
 from dockercloud.api.nodeaz import AZ

-__version__ = '1.0.6'
+__version__ = '1.0.9'

 dockercloud_auth = os.environ.get('DOCKERCLOUD_AUTH')
 basic_auth = auth.load_from_file("~/.docker/config.json")
--- a/dockercloud/api/action.py
+++ b/dockercloud/api/action.py
@ -6,6 +6,7 @@ from .base import Immutable, StreamingLog
 class Action(Immutable):
    subsystem = 'audit'
    endpoint = "/action"
+    namespaced = False

    @classmethod
    def _pk_key(cls):
--- a/dockercloud/api/auth.py
+++ b/dockercloud/api/auth.py
@ -3,12 +3,14 @@ from __future__ import absolute_import
 import base64
 import json
 import os
+import subprocess

 from requests.auth import HTTPBasicAuth

 import dockercloud
 from .http import send_request

+HUB_INDEX = "https://index.docker.io/v1/"

 def authenticate(username, password):
    verify_credential(username, password)
@ -43,11 +45,29 @@ def load_from_file(f="~/.docker/config.json"):
    try:
        with open(os.path.expanduser(f)) as config_file:
            data = json.load(config_file)
-
-        return data.get("auths", {}).get("https://index.docker.io/v1/", {}).get("auth", None)
-    except Exception:
+    except:
        return None

+    creds_store = data.get("credsStore", None)
+    if creds_store:
+        try:
+            cmd = "docker-credential-" + creds_store
+            p = subprocess.Popen([cmd, 'get'], stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
+            out = p.communicate(input=HUB_INDEX)[0]
+        except:
+            raise dockercloud.AuthError('error getting credentials - err: exec: "%s": executable file not found in $PATH, out: ``' % cmd)
+
+        try:
+            credential = json.loads(out)
+            username = credential.get("Username")
+            password = credential.get("Secret")
+            return base64.b64encode("%s:%s" % (username, password))
+        except:
+            return None
+
+    else:
+        return data.get("auths", {}).get(HUB_INDEX, {}).get("auth", None)
+

 def get_auth_header():
    try:
--- a/dockercloud/api/base.py
+++ b/dockercloud/api/base.py
@ -267,11 +267,7 @@ class Triggerable(BasicObject):

 class StreamingAPI(BasicObject):
    def __init__(self, url):
-        self._ws_init(url)
-
-    def _ws_init(self, url):
        self.url = url
-
        user_agent = 'python-dockercloud/%s' % dockercloud.__version__
        if dockercloud.user_agent:
            user_agent = "%s %s" % (dockercloud.user_agent, user_agent)
--- a/dockercloud/api/events.py
+++ b/dockercloud/api/events.py
@ -21,8 +21,6 @@ class Events(StreamingAPI):
        else:
            url = "/".join([dockercloud.stream_host.rstrip("/"), "api", "audit", self._api_version,
                            endpoint.lstrip("/")])
-        self.invaid_auth_headers = set()
-        self.auth_error = ""
        super(self.__class__, self).__init__(url)

    def _on_message(self, ws, message):
@ -39,15 +37,16 @@ class Events(StreamingAPI):

    def _on_error(self, ws, e):
        if isinstance(e, websocket._exceptions.WebSocketBadStatusException) and getattr(e, "status_code") == 401:
-            self.auth_error = "Not Authorized"
-            self.invaid_auth_headers.add(str(dockercloud.auth.get_auth_header()))
+            self.auth_error = True

        super(self.__class__, self)._on_error(ws, e)

    def run_forever(self, *args, **kwargs):
        while True:
-            if str(dockercloud.auth.get_auth_header()) in self.invaid_auth_headers:
-                raise AuthError(self.auth_error)
+            if self.auth_error:
+                self.auth_error = False
+                raise AuthError("Not Authorized")
+
            ws = websocket.WebSocketApp(self.url, header=self.header,
                                        on_open=self._on_open,
                                        on_message=self._on_message,
Author	SHA1	Message	Date
tifayuki	e9658aae73	bump version	2016-12-01 13:51:32 -08:00
Feng Honglin	9ffe81583c	Merge pull request #19 from docker/not_permanently_cache_invalid_auth_header CLOUD-3774 not permanently cache invalid auth header	2016-12-01 13:49:00 -08:00
tifayuki	f78ac3a399	not permanently cache invalid auth header	2016-11-30 10:22:18 -08:00
tifayuki	4325c7c68b	Merge branch 'staging'	2016-08-05 12:40:37 +02:00
tifayuki	06988c332b	bump ver	2016-08-05 12:40:19 +02:00
Feng Honglin	6bc702818e	Merge pull request #15 from docker/credential-helpers CLOUD-2557 Credential helpers	2016-08-05 12:06:22 +02:00
tifayuki	bc67aa43cb	add support for credential-helpers	2016-08-05 12:00:30 +02:00
tifayuki	f5c85f96f1	fix test	2016-08-04 15:42:11 +02:00
Feng Honglin	56c80648a8	Merge pull request #13 from docker/staging v1.0.7	2016-06-17 18:38:13 +02:00
Feng Honglin	2fed5ba8ea	Merge pull request #12 from docker/UnnamespaceAction TUT-1219 Unnamespace action endpoints	2016-06-17 18:36:58 +02:00
tifayuki	afe9a7dad5	bump version	2016-06-17 18:01:53 +02:00
tifayuki	9f484a8a59	remove namespace from action endpoints	2016-06-17 17:58:30 +02:00