-
Notifications
You must be signed in to change notification settings - Fork 242
/
resolver.go
112 lines (96 loc) · 2.62 KB
/
resolver.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
package containerdregistry
import (
"crypto/tls"
"crypto/x509"
"net"
"net/http"
"time"
"github.com/containerd/containerd/remotes"
"github.com/containerd/containerd/remotes/docker"
"github.com/docker/cli/cli/config"
"github.com/docker/cli/cli/config/configfile"
"github.com/docker/cli/cli/config/credentials"
"github.com/docker/docker/registry"
)
func NewResolver(configDir string, insecure bool, roots *x509.CertPool) (remotes.Resolver, error) {
transport := &http.Transport{
Proxy: http.ProxyFromEnvironment,
DialContext: (&net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
}).DialContext,
MaxIdleConns: 10,
IdleConnTimeout: 30 * time.Second,
TLSHandshakeTimeout: 10 * time.Second,
ExpectContinueTimeout: 5 * time.Second,
TLSClientConfig: &tls.Config{
InsecureSkipVerify: false,
RootCAs: roots,
},
}
if insecure {
transport.TLSClientConfig = &tls.Config{
InsecureSkipVerify: insecure,
}
}
headers := http.Header{}
headers.Set("User-Agent", "opm/alpha")
client := &http.Client{Transport: transport}
cfg, err := loadConfig(configDir)
if err != nil {
return nil, err
}
regopts := []docker.RegistryOpt{
docker.WithAuthorizer(docker.NewDockerAuthorizer(
docker.WithAuthClient(client),
docker.WithAuthHeader(headers),
docker.WithAuthCreds(credential(cfg)),
)),
docker.WithClient(client),
}
if insecure {
regopts = append(regopts, docker.WithPlainHTTP(docker.MatchAllHosts))
}
opts := docker.ResolverOptions{
Hosts: docker.ConfigureDefaultRegistries(regopts...),
Headers: headers,
}
return docker.NewResolver(opts), nil
}
func credential(cfg *configfile.ConfigFile) func(string) (string, string, error) {
return func(hostname string) (string, string, error) {
hostname = resolveHostname(hostname)
auth, err := cfg.GetAuthConfig(hostname)
if err != nil {
return "", "", err
}
if auth.IdentityToken != "" {
return "", auth.IdentityToken, nil
}
if auth.Username == "" && auth.Password == "" {
return "", "", nil
}
return auth.Username, auth.Password, nil
}
}
func loadConfig(dir string) (*configfile.ConfigFile, error) {
if dir == "" {
dir = config.Dir()
}
cfg, err := config.Load(dir)
if err != nil {
return nil, err
}
if !cfg.ContainsAuth() {
cfg.CredentialsStore = credentials.DetectDefaultStore(cfg.CredentialsStore)
}
return cfg, nil
}
// resolveHostname resolves Docker specific hostnames
func resolveHostname(hostname string) string {
switch hostname {
case registry.IndexHostname, registry.IndexName, registry.DefaultV2Registry.Host:
return registry.IndexServer
}
return hostname
}