Add support for Basic Authentication
to proxyingRegistry
(#4263)
Merging despite CodeQL warnings. see this for more details, why we decided to merge: https://github.com/github/codeql/issues/16486
This commit is contained in:
commit
6a9b0cfb71
2 changed files with 22 additions and 9 deletions
|
@ -17,14 +17,23 @@ type userpass struct {
|
||||||
password string
|
password string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (u userpass) Basic(_ *url.URL) (string, string) {
|
||||||
|
return u.username, u.password
|
||||||
|
}
|
||||||
|
|
||||||
|
func (u userpass) RefreshToken(_ *url.URL, service string) string {
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
|
||||||
|
func (u userpass) SetRefreshToken(_ *url.URL, service, token string) {
|
||||||
|
}
|
||||||
|
|
||||||
type credentials struct {
|
type credentials struct {
|
||||||
creds map[string]userpass
|
creds map[string]userpass
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c credentials) Basic(u *url.URL) (string, string) {
|
func (c credentials) Basic(u *url.URL) (string, string) {
|
||||||
up := c.creds[u.String()]
|
return c.creds[u.String()].Basic(u)
|
||||||
|
|
||||||
return up.username, up.password
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c credentials) RefreshToken(u *url.URL, service string) string {
|
func (c credentials) RefreshToken(u *url.URL, service string) string {
|
||||||
|
@ -35,12 +44,12 @@ func (c credentials) SetRefreshToken(u *url.URL, service, token string) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// configureAuth stores credentials for challenge responses
|
// configureAuth stores credentials for challenge responses
|
||||||
func configureAuth(username, password, remoteURL string) (auth.CredentialStore, error) {
|
func configureAuth(username, password, remoteURL string) (auth.CredentialStore, auth.CredentialStore, error) {
|
||||||
creds := map[string]userpass{}
|
creds := map[string]userpass{}
|
||||||
|
|
||||||
authURLs, err := getAuthURLs(remoteURL)
|
authURLs, err := getAuthURLs(remoteURL)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, url := range authURLs {
|
for _, url := range authURLs {
|
||||||
|
@ -51,7 +60,7 @@ func configureAuth(username, password, remoteURL string) (auth.CredentialStore,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return credentials{creds: creds}, nil
|
return credentials{creds: creds}, userpass{username: username, password: password}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func getAuthURLs(remoteURL string) ([]string, error) {
|
func getAuthURLs(remoteURL string) ([]string, error) {
|
||||||
|
|
|
@ -8,6 +8,8 @@ import (
|
||||||
"sync"
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/distribution/reference"
|
||||||
|
|
||||||
"github.com/distribution/distribution/v3"
|
"github.com/distribution/distribution/v3"
|
||||||
"github.com/distribution/distribution/v3/configuration"
|
"github.com/distribution/distribution/v3/configuration"
|
||||||
"github.com/distribution/distribution/v3/internal/client"
|
"github.com/distribution/distribution/v3/internal/client"
|
||||||
|
@ -18,7 +20,6 @@ import (
|
||||||
"github.com/distribution/distribution/v3/registry/proxy/scheduler"
|
"github.com/distribution/distribution/v3/registry/proxy/scheduler"
|
||||||
"github.com/distribution/distribution/v3/registry/storage"
|
"github.com/distribution/distribution/v3/registry/storage"
|
||||||
"github.com/distribution/distribution/v3/registry/storage/driver"
|
"github.com/distribution/distribution/v3/registry/storage/driver"
|
||||||
"github.com/distribution/reference"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
var repositoryTTL = 24 * 7 * time.Hour
|
var repositoryTTL = 24 * 7 * time.Hour
|
||||||
|
@ -30,6 +31,7 @@ type proxyingRegistry struct {
|
||||||
ttl *time.Duration
|
ttl *time.Duration
|
||||||
remoteURL url.URL
|
remoteURL url.URL
|
||||||
authChallenger authChallenger
|
authChallenger authChallenger
|
||||||
|
basicAuth auth.CredentialStore
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewRegistryPullThroughCache creates a registry acting as a pull through cache
|
// NewRegistryPullThroughCache creates a registry acting as a pull through cache
|
||||||
|
@ -112,7 +114,7 @@ func NewRegistryPullThroughCache(ctx context.Context, registry distribution.Name
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
cs, err := configureAuth(config.Username, config.Password, config.RemoteURL)
|
cs, b, err := configureAuth(config.Username, config.Password, config.RemoteURL)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -127,6 +129,7 @@ func NewRegistryPullThroughCache(ctx context.Context, registry distribution.Name
|
||||||
cm: challenge.NewSimpleManager(),
|
cm: challenge.NewSimpleManager(),
|
||||||
cs: cs,
|
cs: cs,
|
||||||
},
|
},
|
||||||
|
basicAuth: b,
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -155,7 +158,8 @@ func (pr *proxyingRegistry) Repository(ctx context.Context, name reference.Named
|
||||||
|
|
||||||
tr := transport.NewTransport(http.DefaultTransport,
|
tr := transport.NewTransport(http.DefaultTransport,
|
||||||
auth.NewAuthorizer(c.challengeManager(),
|
auth.NewAuthorizer(c.challengeManager(),
|
||||||
auth.NewTokenHandlerWithOptions(tkopts)))
|
auth.NewTokenHandlerWithOptions(tkopts),
|
||||||
|
auth.NewBasicHandler(pr.basicAuth)))
|
||||||
|
|
||||||
localRepo, err := pr.embedded.Repository(ctx, name)
|
localRepo, err := pr.embedded.Repository(ctx, name)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
Loading…
Reference in a new issue