forked from TrueCloudLab/distribution
94935f39bc
with a new `proxy` section in the configuration file. Create a new registry type which delegates storage to a proxyBlobStore and proxyManifestStore. These stores will pull through data if not present locally. proxyBlobStore takes care not to write duplicate data to disk. Add a scheduler to cleanup expired content. The scheduler runs as a background goroutine. When a blob or manifest is pulled through from the remote registry, an entry is added to the scheduler with a TTL. When the TTL expires the scheduler calls a pre-specified function to remove the fetched resource. Add token authentication to the registry middleware. Get a token at startup and preload the credential store with the username and password supplied in the config file. Allow resumable digest functionality to be disabled at runtime and disable it when the registry is a pull through cache. Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
54 lines
1 KiB
Go
54 lines
1 KiB
Go
package proxy
|
|
|
|
import (
|
|
"net/http"
|
|
"net/url"
|
|
|
|
"github.com/docker/distribution/registry/client/auth"
|
|
)
|
|
|
|
const tokenURL = "https://auth.docker.io/token"
|
|
|
|
type userpass struct {
|
|
username string
|
|
password string
|
|
}
|
|
|
|
type credentials struct {
|
|
creds map[string]userpass
|
|
}
|
|
|
|
func (c credentials) Basic(u *url.URL) (string, string) {
|
|
up := c.creds[u.String()]
|
|
|
|
return up.username, up.password
|
|
}
|
|
|
|
// ConfigureAuth authorizes with the upstream registry
|
|
func ConfigureAuth(remoteURL, username, password string, cm auth.ChallengeManager) (auth.CredentialStore, error) {
|
|
if err := ping(cm, remoteURL+"/v2/", "Docker-Distribution-Api-Version"); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
creds := map[string]userpass{
|
|
tokenURL: {
|
|
username: username,
|
|
password: password,
|
|
},
|
|
}
|
|
return credentials{creds: creds}, nil
|
|
}
|
|
|
|
func ping(manager auth.ChallengeManager, endpoint, versionHeader string) error {
|
|
resp, err := http.Get(endpoint)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
if err := manager.AddResponse(resp); err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|