diff --git a/commands.go b/commands.go index 3f0785183..0a363124f 100644 --- a/commands.go +++ b/commands.go @@ -1,7 +1,6 @@ package main import ( - "log" "os" "os/signal" @@ -371,44 +370,7 @@ func makeShutdownCh() <-chan struct{} { return resultCh } -func credentialsSource(config *Config) auth.CredentialsSource { - creds := auth.NoCredentials - if len(config.Credentials) > 0 { - staticTable := map[svchost.Hostname]map[string]interface{}{} - for userHost, creds := range config.Credentials { - host, err := svchost.ForComparison(userHost) - if err != nil { - // We expect the config was already validated by the time we get - // here, so we'll just ignore invalid hostnames. - continue - } - staticTable[host] = creds - } - creds = auth.StaticCredentialsSource(staticTable) - } - - for helperType, helperConfig := range config.CredentialsHelpers { - log.Printf("[DEBUG] Searching for credentials helper named %q", helperType) - available := pluginDiscovery.FindPlugins("credentials", globalPluginDirs()) - available = available.WithName(helperType) - if available.Count() == 0 { - log.Printf("[ERROR] Unable to find credentials helper %q; ignoring", helperType) - break - } - - selected := available.Newest() - - helperSource := auth.HelperProgramCredentialsSource(selected.Path, helperConfig.Args...) - creds = auth.Credentials{ - creds, - auth.CachingCredentialsSource(helperSource), // cached because external operation may be slow/expensive - } - - // There should only be zero or one "credentials_helper" blocks. We - // assume that the config was validated earlier and so we don't check - // for extras here. - break - } - - return creds +func credentialsSource(config *Config) (auth.CredentialsSource, error) { + helperPlugins := pluginDiscovery.FindPlugins("credentials", globalPluginDirs()) + return config.CredentialsSource(helperPlugins) } diff --git a/main.go b/main.go index e75b0e460..5412a5b72 100644 --- a/main.go +++ b/main.go @@ -145,7 +145,16 @@ func wrappedMain() int { // Get any configured credentials from the config and initialize // a service discovery object. - credsSrc := credentialsSource(config) + credsSrc, err := credentialsSource(config) + if err != nil { + // Most commands don't actually need credentials, and most situations + // that would get us here would already have been reported by the config + // loading above, so we'll just log this one as an aid to debugging + // in the unlikely event that it _does_ arise. + log.Printf("[WARN] Cannot initialize remote host credentials manager: %s", err) + // credsSrc may be nil in this case, but that's okay because the disco + // object checks that and just acts as though no credentials are present. + } services := disco.NewWithCredentialsSource(credsSrc) // Initialize the backends.