distribution/registry/proxy/proxyauth.go

package proxy

import (
	"net/http"
	"net/url"
	"strings"

	"github.com/docker/distribution/context"
	"github.com/docker/distribution/registry/client/auth"
	"github.com/docker/distribution/registry/client/auth/challenge"
)

const challengeHeader = "Docker-Distribution-Api-Version"

type userpass struct {
	username string
	password string
}

type credentials struct {
	creds map[string]userpass
}

func (c credentials) Basic(u *url.URL) (string, string) {
	up := c.creds[u.String()]

	return up.username, up.password
}

func (c credentials) RefreshToken(u *url.URL, service string) string {
	return ""
}

func (c credentials) SetRefreshToken(u *url.URL, service, token string) {
}

// configureAuth stores credentials for challenge responses
func configureAuth(username, password, remoteURL string) (auth.CredentialStore, error) {
	creds := map[string]userpass{}

	authURLs, err := getAuthURLs(remoteURL)
	if err != nil {
		return nil, err
	}

	for _, url := range authURLs {
		context.GetLogger(context.Background()).Infof("Discovered token authentication URL: %s", url)
		creds[url] = userpass{
			username: username,
			password: password,
		}
	}

	return credentials{creds: creds}, nil
}

func getAuthURLs(remoteURL string) ([]string, error) {
	authURLs := []string{}

	resp, err := http.Get(remoteURL + "/v2/")
	if err != nil {
		return nil, err
	}
	defer resp.Body.Close()

	for _, c := range challenge.ResponseChallenges(resp) {
		if strings.EqualFold(c.Scheme, "bearer") {
			authURLs = append(authURLs, c.Parameters["realm"])
		}
	}

	return authURLs, nil
}

func ping(manager challenge.Manager, endpoint, versionHeader string) error {
	resp, err := http.Get(endpoint)
	if err != nil {
		return err
	}
	defer resp.Body.Close()

	return manager.AddResponse(resp)
}
Add pull through cache functionality to the Registry which can be configured with a new `proxy` section in the configuration file. Create a new registry type which delegates storage to a proxyBlobStore and proxyManifestStore. These stores will pull through data if not present locally. proxyBlobStore takes care not to write duplicate data to disk. Add a scheduler to cleanup expired content. The scheduler runs as a background goroutine. When a blob or manifest is pulled through from the remote registry, an entry is added to the scheduler with a TTL. When the TTL expires the scheduler calls a pre-specified function to remove the fetched resource. Add token authentication to the registry middleware. Get a token at startup and preload the credential store with the username and password supplied in the config file. Allow resumable digest functionality to be disabled at runtime and disable it when the registry is a pull through cache. Signed-off-by: Richard Scothern <richard.scothern@gmail.com> 2015-07-29 18:12:01 +00:00			`package proxy`

			`import (`
			`"net/http"`
			`"net/url"`
Support for custom authentication URL in proxying registry Signed-off-by: Serge Dubrouski <sergeyfd@gmail.com> 2016-09-01 23:46:51 +00:00			`"strings"`
Add pull through cache functionality to the Registry which can be configured with a new `proxy` section in the configuration file. Create a new registry type which delegates storage to a proxyBlobStore and proxyManifestStore. These stores will pull through data if not present locally. proxyBlobStore takes care not to write duplicate data to disk. Add a scheduler to cleanup expired content. The scheduler runs as a background goroutine. When a blob or manifest is pulled through from the remote registry, an entry is added to the scheduler with a TTL. When the TTL expires the scheduler calls a pre-specified function to remove the fetched resource. Add token authentication to the registry middleware. Get a token at startup and preload the credential store with the username and password supplied in the config file. Allow resumable digest functionality to be disabled at runtime and disable it when the registry is a pull through cache. Signed-off-by: Richard Scothern <richard.scothern@gmail.com> 2015-07-29 18:12:01 +00:00
Support for custom authentication URL in proxying registry Signed-off-by: Serge Dubrouski <sergeyfd@gmail.com> 2016-09-01 23:46:51 +00:00			`"github.com/docker/distribution/context"`
Add pull through cache functionality to the Registry which can be configured with a new `proxy` section in the configuration file. Create a new registry type which delegates storage to a proxyBlobStore and proxyManifestStore. These stores will pull through data if not present locally. proxyBlobStore takes care not to write duplicate data to disk. Add a scheduler to cleanup expired content. The scheduler runs as a background goroutine. When a blob or manifest is pulled through from the remote registry, an entry is added to the scheduler with a TTL. When the TTL expires the scheduler calls a pre-specified function to remove the fetched resource. Add token authentication to the registry middleware. Get a token at startup and preload the credential store with the username and password supplied in the config file. Allow resumable digest functionality to be disabled at runtime and disable it when the registry is a pull through cache. Signed-off-by: Richard Scothern <richard.scothern@gmail.com> 2015-07-29 18:12:01 +00:00			`"github.com/docker/distribution/registry/client/auth"`
Refactor authorization challenges to its own package Split challenges into its own package. Avoids possible import cycle with challenges from client. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2016-11-08 01:13:56 +00:00			`"github.com/docker/distribution/registry/client/auth/challenge"`
Add pull through cache functionality to the Registry which can be configured with a new `proxy` section in the configuration file. Create a new registry type which delegates storage to a proxyBlobStore and proxyManifestStore. These stores will pull through data if not present locally. proxyBlobStore takes care not to write duplicate data to disk. Add a scheduler to cleanup expired content. The scheduler runs as a background goroutine. When a blob or manifest is pulled through from the remote registry, an entry is added to the scheduler with a TTL. When the TTL expires the scheduler calls a pre-specified function to remove the fetched resource. Add token authentication to the registry middleware. Get a token at startup and preload the credential store with the username and password supplied in the config file. Allow resumable digest functionality to be disabled at runtime and disable it when the registry is a pull through cache. Signed-off-by: Richard Scothern <richard.scothern@gmail.com> 2015-07-29 18:12:01 +00:00			`)`

To avoid any network use unless necessary, delay establishing authorization challenges with the upstream until any proxied data is found not to be local. Implement auth challenges behind an interface and add to unit tests. Also, remove a non-sensical unit test. Signed-off-by: Richard Scothern <richard.scothern@docker.com> 2016-02-11 02:07:28 +00:00			`const challengeHeader = "Docker-Distribution-Api-Version"`
Add pull through cache functionality to the Registry which can be configured with a new `proxy` section in the configuration file. Create a new registry type which delegates storage to a proxyBlobStore and proxyManifestStore. These stores will pull through data if not present locally. proxyBlobStore takes care not to write duplicate data to disk. Add a scheduler to cleanup expired content. The scheduler runs as a background goroutine. When a blob or manifest is pulled through from the remote registry, an entry is added to the scheduler with a TTL. When the TTL expires the scheduler calls a pre-specified function to remove the fetched resource. Add token authentication to the registry middleware. Get a token at startup and preload the credential store with the username and password supplied in the config file. Allow resumable digest functionality to be disabled at runtime and disable it when the registry is a pull through cache. Signed-off-by: Richard Scothern <richard.scothern@gmail.com> 2015-07-29 18:12:01 +00:00
			`type userpass struct {`
			`username string`
			`password string`
			`}`

			`type credentials struct {`
			`creds map[string]userpass`
			`}`

			`func (c credentials) Basic(u *url.URL) (string, string) {`
			`up := c.creds[u.String()]`

			`return up.username, up.password`
			`}`

Fetch token by credentials and refresh token Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2016-03-04 08:34:17 +00:00			`func (c credentials) RefreshToken(u *url.URL, service string) string {`
			`return ""`
			`}`

			`func (c credentials) SetRefreshToken(u *url.URL, service, token string) {`
			`}`

Extend authChallenger interface to remove type cast. Signed-off-by: Richard Scothern <richard.scothern@gmail.com> 2016-02-17 18:42:34 +00:00			`// configureAuth stores credentials for challenge responses`
Support for custom authentication URL in proxying registry Signed-off-by: Serge Dubrouski <sergeyfd@gmail.com> 2016-09-01 23:46:51 +00:00			`func configureAuth(username, password, remoteURL string) (auth.CredentialStore, error) {`
			`creds := map[string]userpass{}`

			`authURLs, err := getAuthURLs(remoteURL)`
			`if err != nil {`
			`return nil, err`
			`}`

			`for _, url := range authURLs {`
			`context.GetLogger(context.Background()).Infof("Discovered token authentication URL: %s", url)`
			`creds[url] = userpass{`
Add pull through cache functionality to the Registry which can be configured with a new `proxy` section in the configuration file. Create a new registry type which delegates storage to a proxyBlobStore and proxyManifestStore. These stores will pull through data if not present locally. proxyBlobStore takes care not to write duplicate data to disk. Add a scheduler to cleanup expired content. The scheduler runs as a background goroutine. When a blob or manifest is pulled through from the remote registry, an entry is added to the scheduler with a TTL. When the TTL expires the scheduler calls a pre-specified function to remove the fetched resource. Add token authentication to the registry middleware. Get a token at startup and preload the credential store with the username and password supplied in the config file. Allow resumable digest functionality to be disabled at runtime and disable it when the registry is a pull through cache. Signed-off-by: Richard Scothern <richard.scothern@gmail.com> 2015-07-29 18:12:01 +00:00			`username: username,`
			`password: password,`
Support for custom authentication URL in proxying registry Signed-off-by: Serge Dubrouski <sergeyfd@gmail.com> 2016-09-01 23:46:51 +00:00			`}`
Add pull through cache functionality to the Registry which can be configured with a new `proxy` section in the configuration file. Create a new registry type which delegates storage to a proxyBlobStore and proxyManifestStore. These stores will pull through data if not present locally. proxyBlobStore takes care not to write duplicate data to disk. Add a scheduler to cleanup expired content. The scheduler runs as a background goroutine. When a blob or manifest is pulled through from the remote registry, an entry is added to the scheduler with a TTL. When the TTL expires the scheduler calls a pre-specified function to remove the fetched resource. Add token authentication to the registry middleware. Get a token at startup and preload the credential store with the username and password supplied in the config file. Allow resumable digest functionality to be disabled at runtime and disable it when the registry is a pull through cache. Signed-off-by: Richard Scothern <richard.scothern@gmail.com> 2015-07-29 18:12:01 +00:00			`}`
Support for custom authentication URL in proxying registry Signed-off-by: Serge Dubrouski <sergeyfd@gmail.com> 2016-09-01 23:46:51 +00:00
Add pull through cache functionality to the Registry which can be configured with a new `proxy` section in the configuration file. Create a new registry type which delegates storage to a proxyBlobStore and proxyManifestStore. These stores will pull through data if not present locally. proxyBlobStore takes care not to write duplicate data to disk. Add a scheduler to cleanup expired content. The scheduler runs as a background goroutine. When a blob or manifest is pulled through from the remote registry, an entry is added to the scheduler with a TTL. When the TTL expires the scheduler calls a pre-specified function to remove the fetched resource. Add token authentication to the registry middleware. Get a token at startup and preload the credential store with the username and password supplied in the config file. Allow resumable digest functionality to be disabled at runtime and disable it when the registry is a pull through cache. Signed-off-by: Richard Scothern <richard.scothern@gmail.com> 2015-07-29 18:12:01 +00:00			`return credentials{creds: creds}, nil`
			`}`

Support for custom authentication URL in proxying registry Signed-off-by: Serge Dubrouski <sergeyfd@gmail.com> 2016-09-01 23:46:51 +00:00			`func getAuthURLs(remoteURL string) ([]string, error) {`
			`authURLs := []string{}`

			`resp, err := http.Get(remoteURL + "/v2/")`
			`if err != nil {`
			`return nil, err`
			`}`
			`defer resp.Body.Close()`

Refactor authorization challenges to its own package Split challenges into its own package. Avoids possible import cycle with challenges from client. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2016-11-08 01:13:56 +00:00			`for _, c := range challenge.ResponseChallenges(resp) {`
Support for custom authentication URL in proxying registry Signed-off-by: Serge Dubrouski <sergeyfd@gmail.com> 2016-09-01 23:46:51 +00:00			`if strings.EqualFold(c.Scheme, "bearer") {`
			`authURLs = append(authURLs, c.Parameters["realm"])`
			`}`
			`}`

			`return authURLs, nil`
			`}`

Refactor authorization challenges to its own package Split challenges into its own package. Avoids possible import cycle with challenges from client. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2016-11-08 01:13:56 +00:00			`func ping(manager challenge.Manager, endpoint, versionHeader string) error {`
Add pull through cache functionality to the Registry which can be configured with a new `proxy` section in the configuration file. Create a new registry type which delegates storage to a proxyBlobStore and proxyManifestStore. These stores will pull through data if not present locally. proxyBlobStore takes care not to write duplicate data to disk. Add a scheduler to cleanup expired content. The scheduler runs as a background goroutine. When a blob or manifest is pulled through from the remote registry, an entry is added to the scheduler with a TTL. When the TTL expires the scheduler calls a pre-specified function to remove the fetched resource. Add token authentication to the registry middleware. Get a token at startup and preload the credential store with the username and password supplied in the config file. Allow resumable digest functionality to be disabled at runtime and disable it when the registry is a pull through cache. Signed-off-by: Richard Scothern <richard.scothern@gmail.com> 2015-07-29 18:12:01 +00:00			`resp, err := http.Get(endpoint)`
			`if err != nil {`
			`return err`
			`}`
			`defer resp.Body.Close()`

registry: feed the linter by removing redundant err check Signed-off-by: Stephen J Day <stephen.day@docker.com> 2017-09-29 20:27:49 +00:00			`return manager.AddResponse(resp)`
Add pull through cache functionality to the Registry which can be configured with a new `proxy` section in the configuration file. Create a new registry type which delegates storage to a proxyBlobStore and proxyManifestStore. These stores will pull through data if not present locally. proxyBlobStore takes care not to write duplicate data to disk. Add a scheduler to cleanup expired content. The scheduler runs as a background goroutine. When a blob or manifest is pulled through from the remote registry, an entry is added to the scheduler with a TTL. When the TTL expires the scheduler calls a pre-specified function to remove the fetched resource. Add token authentication to the registry middleware. Get a token at startup and preload the credential store with the username and password supplied in the config file. Allow resumable digest functionality to be disabled at runtime and disable it when the registry is a pull through cache. Signed-off-by: Richard Scothern <richard.scothern@gmail.com> 2015-07-29 18:12:01 +00:00			`}`