forked from TrueCloudLab/distribution
Support for custom authentication URL in proxying registry
Signed-off-by: Serge Dubrouski <sergeyfd@gmail.com>
This commit is contained in:
parent
cd27f179f2
commit
81c5870c86
2 changed files with 34 additions and 6 deletions
|
@ -3,11 +3,12 @@ package proxy
|
||||||
import (
|
import (
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"github.com/docker/distribution/context"
|
||||||
"github.com/docker/distribution/registry/client/auth"
|
"github.com/docker/distribution/registry/client/auth"
|
||||||
)
|
)
|
||||||
|
|
||||||
const tokenURL = "https://auth.docker.io/token"
|
|
||||||
const challengeHeader = "Docker-Distribution-Api-Version"
|
const challengeHeader = "Docker-Distribution-Api-Version"
|
||||||
|
|
||||||
type userpass struct {
|
type userpass struct {
|
||||||
|
@ -33,16 +34,43 @@ func (c credentials) SetRefreshToken(u *url.URL, service, token string) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// configureAuth stores credentials for challenge responses
|
// configureAuth stores credentials for challenge responses
|
||||||
func configureAuth(username, password string) (auth.CredentialStore, error) {
|
func configureAuth(username, password, remoteURL string) (auth.CredentialStore, error) {
|
||||||
creds := map[string]userpass{
|
creds := map[string]userpass{}
|
||||||
tokenURL: {
|
|
||||||
|
authURLs, err := getAuthURLs(remoteURL)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, url := range authURLs {
|
||||||
|
context.GetLogger(context.Background()).Infof("Discovered token authentication URL: %s", url)
|
||||||
|
creds[url] = userpass{
|
||||||
username: username,
|
username: username,
|
||||||
password: password,
|
password: password,
|
||||||
},
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return credentials{creds: creds}, nil
|
return credentials{creds: creds}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func getAuthURLs(remoteURL string) ([]string, error) {
|
||||||
|
authURLs := []string{}
|
||||||
|
|
||||||
|
resp, err := http.Get(remoteURL + "/v2/")
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
|
|
||||||
|
for _, c := range auth.ResponseChallenges(resp) {
|
||||||
|
if strings.EqualFold(c.Scheme, "bearer") {
|
||||||
|
authURLs = append(authURLs, c.Parameters["realm"])
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return authURLs, nil
|
||||||
|
}
|
||||||
|
|
||||||
func ping(manager auth.ChallengeManager, endpoint, versionHeader string) error {
|
func ping(manager auth.ChallengeManager, endpoint, versionHeader string) error {
|
||||||
resp, err := http.Get(endpoint)
|
resp, err := http.Get(endpoint)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -91,7 +91,7 @@ func NewRegistryPullThroughCache(ctx context.Context, registry distribution.Name
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
cs, err := configureAuth(config.Username, config.Password)
|
cs, err := configureAuth(config.Username, config.Password, config.RemoteURL)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue