Add support for Basic Authentication
to proxyingRegistry
(#4263)
Merging despite CodeQL warnings. see this for more details, why we decided to merge: https://github.com/github/codeql/issues/16486
This commit is contained in:
commit
6a9b0cfb71
2 changed files with 22 additions and 9 deletions
|
@ -17,14 +17,23 @@ type userpass struct {
|
|||
password string
|
||||
}
|
||||
|
||||
func (u userpass) Basic(_ *url.URL) (string, string) {
|
||||
return u.username, u.password
|
||||
}
|
||||
|
||||
func (u userpass) RefreshToken(_ *url.URL, service string) string {
|
||||
return ""
|
||||
}
|
||||
|
||||
func (u userpass) SetRefreshToken(_ *url.URL, service, token string) {
|
||||
}
|
||||
|
||||
type credentials struct {
|
||||
creds map[string]userpass
|
||||
}
|
||||
|
||||
func (c credentials) Basic(u *url.URL) (string, string) {
|
||||
up := c.creds[u.String()]
|
||||
|
||||
return up.username, up.password
|
||||
return c.creds[u.String()].Basic(u)
|
||||
}
|
||||
|
||||
func (c credentials) RefreshToken(u *url.URL, service string) string {
|
||||
|
@ -35,12 +44,12 @@ func (c credentials) SetRefreshToken(u *url.URL, service, token string) {
|
|||
}
|
||||
|
||||
// configureAuth stores credentials for challenge responses
|
||||
func configureAuth(username, password, remoteURL string) (auth.CredentialStore, error) {
|
||||
func configureAuth(username, password, remoteURL string) (auth.CredentialStore, auth.CredentialStore, error) {
|
||||
creds := map[string]userpass{}
|
||||
|
||||
authURLs, err := getAuthURLs(remoteURL)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
for _, url := range authURLs {
|
||||
|
@ -51,7 +60,7 @@ func configureAuth(username, password, remoteURL string) (auth.CredentialStore,
|
|||
}
|
||||
}
|
||||
|
||||
return credentials{creds: creds}, nil
|
||||
return credentials{creds: creds}, userpass{username: username, password: password}, nil
|
||||
}
|
||||
|
||||
func getAuthURLs(remoteURL string) ([]string, error) {
|
||||
|
|
|
@ -8,6 +8,8 @@ import (
|
|||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/distribution/reference"
|
||||
|
||||
"github.com/distribution/distribution/v3"
|
||||
"github.com/distribution/distribution/v3/configuration"
|
||||
"github.com/distribution/distribution/v3/internal/client"
|
||||
|
@ -18,7 +20,6 @@ import (
|
|||
"github.com/distribution/distribution/v3/registry/proxy/scheduler"
|
||||
"github.com/distribution/distribution/v3/registry/storage"
|
||||
"github.com/distribution/distribution/v3/registry/storage/driver"
|
||||
"github.com/distribution/reference"
|
||||
)
|
||||
|
||||
var repositoryTTL = 24 * 7 * time.Hour
|
||||
|
@ -30,6 +31,7 @@ type proxyingRegistry struct {
|
|||
ttl *time.Duration
|
||||
remoteURL url.URL
|
||||
authChallenger authChallenger
|
||||
basicAuth auth.CredentialStore
|
||||
}
|
||||
|
||||
// NewRegistryPullThroughCache creates a registry acting as a pull through cache
|
||||
|
@ -112,7 +114,7 @@ func NewRegistryPullThroughCache(ctx context.Context, registry distribution.Name
|
|||
}
|
||||
}
|
||||
|
||||
cs, err := configureAuth(config.Username, config.Password, config.RemoteURL)
|
||||
cs, b, err := configureAuth(config.Username, config.Password, config.RemoteURL)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -127,6 +129,7 @@ func NewRegistryPullThroughCache(ctx context.Context, registry distribution.Name
|
|||
cm: challenge.NewSimpleManager(),
|
||||
cs: cs,
|
||||
},
|
||||
basicAuth: b,
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
@ -155,7 +158,8 @@ func (pr *proxyingRegistry) Repository(ctx context.Context, name reference.Named
|
|||
|
||||
tr := transport.NewTransport(http.DefaultTransport,
|
||||
auth.NewAuthorizer(c.challengeManager(),
|
||||
auth.NewTokenHandlerWithOptions(tkopts)))
|
||||
auth.NewTokenHandlerWithOptions(tkopts),
|
||||
auth.NewBasicHandler(pr.basicAuth)))
|
||||
|
||||
localRepo, err := pr.embedded.Repository(ctx, name)
|
||||
if err != nil {
|
||||
|
|
Loading…
Reference in a new issue