API Endpoints for docker/docker-credential-helpers

The github.com/docker/docker-credential-helpers codebase primarily consists of multiple credential helpers, each designed to interact with different credential storage systems. The routing mechanism can generally be understood by examining how each helper is implemented in Go. Below are the main components where routing functionality can be assessed.

Credential Helpers

Each credential helper implements an interface that defines how Docker interacts with the credential store. The main route that Docker uses to invoke credential helpers is through the standard commands provided by the helpers.

Example Code Implementation

1. Helper Interface Definition:

   The credential helper interfaces are defined in store.go. Each implementation needs to adhere to the CredentialStore interface, which defines the primary methods Docker will call, such as Get, Store, and Delete.

   type CredentialStore interface {
   Get(key string) (Credential, error)
   Store(credential Credential) error
   Delete(key string) error
   }
   

2. For AWS Credentials:

   An implementation for AWS credentials might look like this in the aws_credential_helper.go file:

   type AWSCredentialHelper struct {
   // fields for AWS configuration
   }
   
   func (a *AWSCredentialHelper) Get(key string) (Credential, error) {
   // logic to retrieve AWS credentials
   }
   func (a *AWSCredentialHelper) Store(credential Credential) error {
   // logic to store AWS credentials
   }
   func (a *AWSCredentialHelper) Delete(key string) error {
   // logic to delete AWS credentials
   }
   

3. Calling the Helpers:

   The calling mechanism is generally centralized in the command functions. For example, the handler for a specific credential helper might be invoked in main.go.

   func main() {
   cmd := os.Args[1]
   
   switch cmd {
   case "get":
   handleGet()
   case "store":
   handleStore()
   case "delete":
   handleDelete()
   default:
   log.Fatalf("Unknown command: %s", cmd)
   }
   }
   

4. Handling Commands:

   Below is an illustrative example of how the handleGet function might be defined to route the appropriate call to the credential store:

   func handleGet() {
   key := os.Args[2]
   store := getCredentialStore() // Initializes the appropriate helper
   cred, err := store.Get(key)
   
   if err != nil {
   log.Fatalf("Failed to get credential: %v", err)
   }
   // Output retrieved credential
   }
   

Build and Execution

The entire codebase is structured around building these credential helpers as executables. The project can be built using Go’s standard build mechanism, and it uses a Makefile to streamline various tasks.

To build the entire project, execute:

make all

Supported Credential Stores

• OSX Keychain: Implemented using the osxkeychain.go file.
• Secret Service API: Implemented through the secretservice.go file.
• Windows Credentials: Handled in wincred.go.

Each implementation will provide its own routing logic but will all conform to the same interface defined earlier.

Example for Windows Credentials

In wincred.go, the method implementations could look like:

func (w *WindowsCredentialHelper) Get(key string) (Credential, error) {
// Logic to fetch credentials using Windows Credential Manager
}

Conclusion

The routing in the docker/docker-credential-helpers codebase revolves around the CredentialStore interface and the specific implementations for various credential storage backends. The initialization and invocation of helper methods are achieved through command-line arguments processed in main.go, directing the control flow to the appropriate function based on user input.

For further reference on the project and its implementation details, the source information can be found in the respective Go files under the GitHub repository at github.com/docker/docker-credential-helpers.