class Dependabot::Docker::Utils::CredentialsFinder

Constants

AWS_ECR_URL

Attributes

credentials[R]

Public Class Methods

new(credentials) click to toggle source
# File lib/dependabot/docker/utils/credentials_finder.rb, line 14
def initialize(credentials)
  @credentials = credentials
end

Public Instance Methods

credentials_for_registry(registry_hostname) click to toggle source
# File lib/dependabot/docker/utils/credentials_finder.rb, line 18
def credentials_for_registry(registry_hostname)
  registry_details =
    credentials.
    select { |cred| cred["type"] == "docker_registry" }.
    find { |cred| cred.fetch("registry") == registry_hostname }
  return unless registry_details
  return registry_details unless registry_hostname.match?(AWS_ECR_URL)

  build_aws_credentials(registry_details)
end

Private Instance Methods

build_aws_credentials(registry_details) click to toggle source
# File lib/dependabot/docker/utils/credentials_finder.rb, line 33
def build_aws_credentials(registry_details)
  # If credentials have been generated from AWS we can just return them
  return registry_details if registry_details["username"] == "AWS"

  # If we don't have credentials, we might get them from the proxy
  return registry_details if registry_details["username"].nil?

  # Otherwise, we need to use the provided Access Key ID and secret to
  # generate a temporary username and password
  aws_credentials = Aws::Credentials.new(
    registry_details["username"],
    registry_details["password"]
  )

  registry_hostname = registry_details.fetch("registry")
  region = registry_hostname.match(AWS_ECR_URL).
           named_captures.fetch("region")

  @authorization_tokens ||= {}
  @authorization_tokens[registry_hostname] ||=
    Aws::ECR::Client.new(region: region, credentials: aws_credentials).
    get_authorization_token.authorization_data.first.
    authorization_token

  username, password =
    Base64.decode64(@authorization_tokens[registry_hostname]).split(":")

  registry_details.merge("username" => username, "password" => password)
rescue Aws::Errors::MissingCredentialsError,
       Aws::ECR::Errors::UnrecognizedClientException,
       Aws::ECR::Errors::InvalidSignatureException
  raise PrivateSourceAuthenticationFailure, registry_hostname
end