forked from TrueCloudLab/distribution
Extend authChallenger interface to remove type cast.
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
This commit is contained in:
parent
7d16fee7a4
commit
18fd1c0702
3 changed files with 39 additions and 23 deletions
|
@ -25,7 +25,7 @@ func (c credentials) Basic(u *url.URL) (string, string) {
|
||||||
return up.username, up.password
|
return up.username, up.password
|
||||||
}
|
}
|
||||||
|
|
||||||
// ConfigureAuth stores credentials for challenge responses
|
// configureAuth stores credentials for challenge responses
|
||||||
func configureAuth(username, password string) (auth.CredentialStore, error) {
|
func configureAuth(username, password string) (auth.CredentialStore, error) {
|
||||||
creds := map[string]userpass{
|
creds := map[string]userpass{
|
||||||
tokenURL: {
|
tokenURL: {
|
||||||
|
|
|
@ -11,6 +11,7 @@ import (
|
||||||
"github.com/docker/distribution/manifest"
|
"github.com/docker/distribution/manifest"
|
||||||
"github.com/docker/distribution/manifest/schema1"
|
"github.com/docker/distribution/manifest/schema1"
|
||||||
"github.com/docker/distribution/reference"
|
"github.com/docker/distribution/reference"
|
||||||
|
"github.com/docker/distribution/registry/client/auth"
|
||||||
"github.com/docker/distribution/registry/proxy/scheduler"
|
"github.com/docker/distribution/registry/proxy/scheduler"
|
||||||
"github.com/docker/distribution/registry/storage"
|
"github.com/docker/distribution/registry/storage"
|
||||||
"github.com/docker/distribution/registry/storage/cache/memory"
|
"github.com/docker/distribution/registry/storage/cache/memory"
|
||||||
|
@ -71,11 +72,19 @@ type mockChallenger struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Called for remote operations only
|
// Called for remote operations only
|
||||||
func (mc *mockChallenger) tryEstablishChallenges(context.Context) error {
|
func (m *mockChallenger) tryEstablishChallenges(context.Context) error {
|
||||||
mc.Lock()
|
m.Lock()
|
||||||
defer mc.Unlock()
|
defer m.Unlock()
|
||||||
|
|
||||||
mc.count++
|
m.count++
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *mockChallenger) credentialStore() auth.CredentialStore {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *mockChallenger) challengeManager() auth.ChallengeManager {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -102,8 +102,8 @@ func NewRegistryPullThroughCache(ctx context.Context, registry distribution.Name
|
||||||
remoteURL: config.RemoteURL,
|
remoteURL: config.RemoteURL,
|
||||||
authChallenger: &remoteAuthChallenger{
|
authChallenger: &remoteAuthChallenger{
|
||||||
remoteURL: config.RemoteURL,
|
remoteURL: config.RemoteURL,
|
||||||
challengeManager: auth.NewSimpleChallengeManager(),
|
cm: auth.NewSimpleChallengeManager(),
|
||||||
credentialStore: cs,
|
cs: cs,
|
||||||
},
|
},
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
@ -117,13 +117,10 @@ func (pr *proxyingRegistry) Repositories(ctx context.Context, repos []string, la
|
||||||
}
|
}
|
||||||
|
|
||||||
func (pr *proxyingRegistry) Repository(ctx context.Context, name reference.Named) (distribution.Repository, error) {
|
func (pr *proxyingRegistry) Repository(ctx context.Context, name reference.Named) (distribution.Repository, error) {
|
||||||
hcm, ok := pr.authChallenger.(*remoteAuthChallenger)
|
c := pr.authChallenger
|
||||||
if !ok {
|
|
||||||
return nil, fmt.Errorf("unexpected challenge manager type %T", pr.authChallenger)
|
|
||||||
}
|
|
||||||
|
|
||||||
tr := transport.NewTransport(http.DefaultTransport,
|
tr := transport.NewTransport(http.DefaultTransport,
|
||||||
auth.NewAuthorizer(hcm.challengeManager, auth.NewTokenHandler(http.DefaultTransport, hcm.credentialStore, name.Name(), "pull")))
|
auth.NewAuthorizer(c.challengeManager(), auth.NewTokenHandler(http.DefaultTransport, c.credentialStore(), name.Name(), "pull")))
|
||||||
|
|
||||||
localRepo, err := pr.embedded.Repository(ctx, name)
|
localRepo, err := pr.embedded.Repository(ctx, name)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -172,22 +169,32 @@ func (pr *proxyingRegistry) Repository(ctx context.Context, name reference.Named
|
||||||
// authChallenger encapsulates a request to the upstream to establish credential challenges
|
// authChallenger encapsulates a request to the upstream to establish credential challenges
|
||||||
type authChallenger interface {
|
type authChallenger interface {
|
||||||
tryEstablishChallenges(context.Context) error
|
tryEstablishChallenges(context.Context) error
|
||||||
|
challengeManager() auth.ChallengeManager
|
||||||
|
credentialStore() auth.CredentialStore
|
||||||
}
|
}
|
||||||
|
|
||||||
type remoteAuthChallenger struct {
|
type remoteAuthChallenger struct {
|
||||||
remoteURL string
|
remoteURL string
|
||||||
sync.Mutex
|
sync.Mutex
|
||||||
challengeManager auth.ChallengeManager
|
cm auth.ChallengeManager
|
||||||
credentialStore auth.CredentialStore
|
cs auth.CredentialStore
|
||||||
}
|
}
|
||||||
|
|
||||||
// tryEstablishChallenges will attempt to get a challenge types for the upstream if none currently exist
|
func (r *remoteAuthChallenger) credentialStore() auth.CredentialStore {
|
||||||
func (hcm *remoteAuthChallenger) tryEstablishChallenges(ctx context.Context) error {
|
return r.cs
|
||||||
hcm.Lock()
|
}
|
||||||
defer hcm.Unlock()
|
|
||||||
|
|
||||||
remoteURL := hcm.remoteURL + "/v2/"
|
func (r *remoteAuthChallenger) challengeManager() auth.ChallengeManager {
|
||||||
challenges, err := hcm.challengeManager.GetChallenges(remoteURL)
|
return r.cm
|
||||||
|
}
|
||||||
|
|
||||||
|
// tryEstablishChallenges will attempt to get a challenge type for the upstream if none currently exist
|
||||||
|
func (r *remoteAuthChallenger) tryEstablishChallenges(ctx context.Context) error {
|
||||||
|
r.Lock()
|
||||||
|
defer r.Unlock()
|
||||||
|
|
||||||
|
remoteURL := r.remoteURL + "/v2/"
|
||||||
|
challenges, err := r.cm.GetChallenges(remoteURL)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -197,11 +204,11 @@ func (hcm *remoteAuthChallenger) tryEstablishChallenges(ctx context.Context) err
|
||||||
}
|
}
|
||||||
|
|
||||||
// establish challenge type with upstream
|
// establish challenge type with upstream
|
||||||
if err := ping(hcm.challengeManager, remoteURL, challengeHeader); err != nil {
|
if err := ping(r.cm, remoteURL, challengeHeader); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
context.GetLogger(ctx).Infof("Challenge established with upstream : %s %s", remoteURL, hcm.challengeManager)
|
context.GetLogger(ctx).Infof("Challenge established with upstream : %s %s", remoteURL, r.cm)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue