daniel
/
distribution
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #1942 from sergeyfd/auth-proxy 

Support for custom authentication URL in proxying registry
master
Richard Scothern 2016-10-10 10:40:51 -07:00 committed by GitHub
parent c5b2ad51c1 81c5870c86
commit 1921dde3f1
2 changed files with 34 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
registry/proxy/proxyauth.go
View File

@ -3,11 +3,12 @@ package proxy
import ( import (
"net/http" "net/http"
"net/url" "net/url"
"strings"
"github.com/docker/distribution/context"
"github.com/docker/distribution/registry/client/auth" "github.com/docker/distribution/registry/client/auth"
) )
const tokenURL = "https://auth.docker.io/token"
const challengeHeader = "Docker-Distribution-Api-Version" const challengeHeader = "Docker-Distribution-Api-Version"
type userpass struct { type userpass struct {
@ -33,16 +34,43 @@ func (c credentials) SetRefreshToken(u *url.URL, service, token string) {
} }
// configureAuth stores credentials for challenge responses // configureAuth stores credentials for challenge responses
func configureAuth(username, password string) (auth.CredentialStore, error) { func configureAuth(username, password, remoteURL string) (auth.CredentialStore, error) {
creds := map[string]userpass{ creds := map[string]userpass{}
tokenURL: {
authURLs, err := getAuthURLs(remoteURL)
if err != nil {
return nil, err
}
for _, url := range authURLs {
context.GetLogger(context.Background()).Infof("Discovered token authentication URL: %s", url)
creds[url] = userpass{
username: username, username: username,
password: password, password: password,
}, }
} }
return credentials{creds: creds}, nil return credentials{creds: creds}, nil
} }
func getAuthURLs(remoteURL string) ([]string, error) {
authURLs := []string{}
resp, err := http.Get(remoteURL + "/v2/")
if err != nil {
return nil, err
}
defer resp.Body.Close()
for _, c := range auth.ResponseChallenges(resp) {
if strings.EqualFold(c.Scheme, "bearer") {
authURLs = append(authURLs, c.Parameters["realm"])
}
}
return authURLs, nil
}
func ping(manager auth.ChallengeManager, endpoint, versionHeader string) error { func ping(manager auth.ChallengeManager, endpoint, versionHeader string) error {
resp, err := http.Get(endpoint) resp, err := http.Get(endpoint)
if err != nil { if err != nil {

2
registry/proxy/proxyregistry.go
View File

@ -91,7 +91,7 @@ func NewRegistryPullThroughCache(ctx context.Context, registry distribution.Name
return nil, err return nil, err
} }
cs, err := configureAuth(config.Username, config.Password) cs, err := configureAuth(config.Username, config.Password, config.RemoteURL)
if err != nil { if err != nil {
return nil, err return nil, err
} }