Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug 2012163: Supporting mirror authentication during pull through #297

Merged
merged 2 commits into from Oct 21, 2021
Merged

Bug 2012163: Supporting mirror authentication during pull through #297

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c9e595d
Bump openshift/library-go
dmage Oct 18, 2021
2f8ca7d
Using a CredentialStoreFactory
ricardomaraschini Jun 17, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion go.mod
View file
Open in desktop
Expand Up @@ -34,7 +34,7 @@ require (
github.com/opencontainers/runc v1.0.0-rc5.0.20180920170208-00dc70017d22 // indirect
github.com/openshift/api v0.0.0-20210527122704-efd9d5958e01
github.com/openshift/client-go v0.0.0-20210521082421-73d9475a9142
github.com/openshift/library-go v0.0.0-20210609150209-1c980926414c
github.com/openshift/library-go v0.0.0-20211008141542-50376ae9a25f
github.com/pborman/uuid v1.2.0
github.com/prometheus/client_golang v1.7.1
github.com/sirupsen/logrus v1.7.0
Expand Down
7 changes: 2 additions & 5 deletions go.sum
View file
Open in desktop
Expand Up @@ -464,10 +464,8 @@ github.com/openshift/client-go v0.0.0-20210521082421-73d9475a9142 h1:ZHRIMCFIJN1
github.com/openshift/client-go v0.0.0-20210521082421-73d9475a9142/go.mod h1:fjS8r9mqDVsPb5td3NehsNOAWa4uiFkYEfVZioQ2gH0=
github.com/openshift/docker-distribution v0.0.0-20210209103229-0526a4ae41e1 h1:As5NnhGhvIBITSkd+jxPtdX23R+PVY7lUQSBeRaaxH0=
github.com/openshift/docker-distribution v0.0.0-20210209103229-0526a4ae41e1/go.mod h1:XmfFzbwryblvZ29NebonirM7RBuNEO7+yVCOapaouAk=
github.com/openshift/library-go v0.0.0-20210603104821-259346e2fd4c h1:kFaHpg4Dnu64KTiRifC4rBleCdABiu4JBY6j5wZgmaw=
github.com/openshift/library-go v0.0.0-20210603104821-259346e2fd4c/go.mod h1:87ZYjEncF0YNUKNzncb8Fiw8yFNevpIWZW83C/etzpw=
github.com/openshift/library-go v0.0.0-20210609150209-1c980926414c h1:1U/zY54WyRyEsVoAHf6yLDgSHf5famdKnIBulyGOLGU=
github.com/openshift/library-go v0.0.0-20210609150209-1c980926414c/go.mod h1:C5DDOSPucn3EVA0T05fODKtAweTObMBrTYm/G3uUBI8=
github.com/openshift/library-go v0.0.0-20211008141542-50376ae9a25f h1:oD9x3b88CftfAAF23K5B0qtX8bIJMh/V/YSTFPhO8lc=
github.com/openshift/library-go v0.0.0-20211008141542-50376ae9a25f/go.mod h1:C5DDOSPucn3EVA0T05fODKtAweTObMBrTYm/G3uUBI8=
github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
github.com/pborman/uuid v1.2.0 h1:J7Q5mO4ysT1dv8hyrUGHb9+ooztCXu1D8MY8DZYsu3g=
github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
Expand Down Expand Up @@ -956,7 +954,6 @@ rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.7/go.mod h1:PHgbrJT7lCHcxMU+mDHEm+nx46H4zuuHZkDP6icnhu0=
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.15/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
sigs.k8s.io/controller-tools v0.2.8/go.mod h1:9VKHPszmf2DHz/QmHkcfZoewO6BL7pPs9uAiBVsaJSE=
sigs.k8s.io/kube-storage-version-migrator v0.0.3/go.mod h1:mXfSLkx9xbJHQsgNDDUZK/iQTs2tMbx/hsJlWe6Fthw=
sigs.k8s.io/kube-storage-version-migrator v0.0.4/go.mod h1:mXfSLkx9xbJHQsgNDDUZK/iQTs2tMbx/hsJlWe6Fthw=
sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI=
sigs.k8s.io/structured-merge-diff v1.0.1-0.20191108220359-b1b620dd3f06 h1:zD2IemQ4LmOcAumeiyDWXKUI2SO0NYDe3H6QGvPOVgU=
Expand Down
31 changes: 31 additions & 0 deletions pkg/dockerregistry/server/credentialsfactory.go
View file
Open in desktop
@@ -0,0 +1,31 @@
package server

import (
"github.com/docker/distribution/registry/client/auth"
dockerregistry "github.com/docker/docker/registry"
"github.com/openshift/library-go/pkg/image/registryclient"

"github.com/openshift/image-registry/pkg/kubernetes-common/credentialprovider"
)

// credentialStoreFactory is an entity capable of providing docker registry authentication based
// in an image path (such as quay.io/fedora/fedora).
type credentialStoreFactory struct {
keyring credentialprovider.DockerKeyring
}

// CredentialStoreFor returns authentication info for accessing "image". Returns only one
// authentication.
func (c *credentialStoreFactory) CredentialStoreFor(image string) auth.CredentialStore {
var nocreds auth.CredentialStore = registryclient.NoCredentials
if c.keyring == nil {
return nocreds
}

auths, _ := c.keyring.Lookup(image)
if len(auths) == 0 {
return nocreds
}

return dockerregistry.NewStaticCredentialStore(&auths[0].AuthConfig)
}
13 changes: 5 additions & 8 deletions pkg/dockerregistry/server/util.go
View file
Open in desktop
Expand Up @@ -8,8 +8,6 @@ import (
"github.com/docker/distribution"
dcontext "github.com/docker/distribution/context"
"github.com/docker/distribution/manifest/schema2"
"github.com/docker/distribution/registry/client/auth"
dockerregistry "github.com/docker/docker/registry"
"github.com/opencontainers/go-digest"

corev1 "k8s.io/api/core/v1"
Expand Down Expand Up @@ -73,19 +71,18 @@ func getImportContext(ctx context.Context, ref *imageapi.DockerImageReference, s
return nil, err
}

var cred auth.CredentialStore = registryclient.NoCredentials
if auths, _ := keyring.Lookup(ref.String()); len(auths) > 0 {
cred = dockerregistry.NewStaticCredentialStore(&auths[0].AuthConfig)
}

var retriever registryclient.RepositoryRetriever
retriever = registryclient.NewContext(
secureTransport, insecureTransport,
).WithRequestModifiers(
requesttrace.New(ctx, req),
).WithAlternateBlobSourceStrategy(
NewSimpleLookupICSPStrategy(icsp),
).WithCredentials(cred)
).WithCredentialsFactory(
&credentialStoreFactory{
keyring: keyring,
},
)

retriever = m.RepositoryRetriever(retriever)
return retriever, nil
Expand Down
3 changes: 2 additions & 1 deletion pkg/dockerregistry/server/util_test.go
View file
Open in desktop
Expand Up @@ -163,7 +163,8 @@ func Test_getImportContext(t *testing.T) {
return
}

user, pass := regctx.Credentials.Basic(nil)
auth := regctx.CredentialsFactory.CredentialStoreFor(tt.ref.String())
user, pass := auth.Basic(nil)
if user != tt.user || pass != tt.pass {
t.Errorf("expected %q/%q, received %q,%q", tt.user, tt.pass, user, pass)
}
Expand Down
49 changes: 33 additions & 16 deletions vendor/github.com/openshift/library-go/pkg/image/registryclient/client.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion vendor/modules.txt
View file
Open in desktop
Expand Up @@ -289,7 +289,7 @@ github.com/openshift/client-go/route/clientset/versioned/typed/route/v1
github.com/openshift/client-go/user/clientset/versioned
github.com/openshift/client-go/user/clientset/versioned/scheme
github.com/openshift/client-go/user/clientset/versioned/typed/user/v1
# github.com/openshift/library-go v0.0.0-20210609150209-1c980926414c
# github.com/openshift/library-go v0.0.0-20211008141542-50376ae9a25f
github.com/openshift/library-go/pkg/crypto
github.com/openshift/library-go/pkg/image/internal/digest
github.com/openshift/library-go/pkg/image/internal/reference
Expand Down