-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Expand file tree
/
Copy pathendpoint.go
More file actions
140 lines (123 loc) · 3.98 KB
/
endpoint.go
File metadata and controls
140 lines (123 loc) · 3.98 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
package registryclient
import (
"context"
"net"
"net/http"
"net/url"
"time"
"github.com/distribution/reference"
"github.com/docker/cli/internal/registry"
"github.com/docker/distribution/registry/client/auth"
"github.com/docker/distribution/registry/client/transport"
registrytypes "github.com/docker/docker/api/types/registry"
"github.com/pkg/errors"
)
type repositoryEndpoint struct {
repoName reference.Named
indexInfo *registrytypes.IndexInfo
endpoint registry.APIEndpoint
actions []string
}
// Name returns the repository name
func (r repositoryEndpoint) Name() string {
return reference.Path(r.repoName)
}
// BaseURL returns the endpoint url
func (r repositoryEndpoint) BaseURL() string {
return r.endpoint.URL.String()
}
func newDefaultRepositoryEndpoint(ref reference.Named, insecure bool) (repositoryEndpoint, error) {
repoName := reference.TrimNamed(ref)
indexInfo := registry.NewIndexInfo(ref)
endpoint, err := getDefaultEndpoint(ref, !indexInfo.Secure)
if err != nil {
return repositoryEndpoint{}, err
}
if insecure {
endpoint.TLSConfig.InsecureSkipVerify = true
}
return repositoryEndpoint{
repoName: repoName,
indexInfo: indexInfo,
endpoint: endpoint,
}, nil
}
func getDefaultEndpoint(repoName reference.Named, insecure bool) (registry.APIEndpoint, error) {
registryService, err := registry.NewService(registry.ServiceOptions{})
if err != nil {
return registry.APIEndpoint{}, err
}
endpoints, err := registryService.Endpoints(context.TODO(), reference.Domain(repoName))
if err != nil {
return registry.APIEndpoint{}, err
}
// Default to the highest priority endpoint to return
endpoint := endpoints[0]
if insecure {
for _, ep := range endpoints {
if ep.URL.Scheme == "http" {
endpoint = ep
}
}
}
return endpoint, nil
}
// getHTTPTransport builds a transport for use in communicating with a registry
func getHTTPTransport(authConfig registrytypes.AuthConfig, endpoint registry.APIEndpoint, repoName, userAgent string, actions []string) (http.RoundTripper, error) {
// get the http transport, this will be used in a client to upload manifest
base := &http.Transport{
Proxy: http.ProxyFromEnvironment,
Dial: (&net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
}).Dial,
TLSHandshakeTimeout: 10 * time.Second,
TLSClientConfig: endpoint.TLSConfig,
DisableKeepAlives: true,
}
modifiers := registry.Headers(userAgent, http.Header{})
authTransport := transport.NewTransport(base, modifiers...)
challengeManager, err := registry.PingV2Registry(endpoint.URL, authTransport)
if err != nil {
return nil, errors.Wrap(err, "error pinging v2 registry")
}
if authConfig.RegistryToken != "" {
passThruTokenHandler := &existingTokenHandler{token: authConfig.RegistryToken}
modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, passThruTokenHandler))
} else {
if len(actions) == 0 {
actions = []string{"pull"}
}
creds := &staticCredentialStore{authConfig: &authConfig}
tokenHandler := auth.NewTokenHandler(authTransport, creds, repoName, actions...)
basicHandler := auth.NewBasicHandler(creds)
modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, tokenHandler, basicHandler))
}
return transport.NewTransport(base, modifiers...), nil
}
type existingTokenHandler struct {
token string
}
func (th *existingTokenHandler) AuthorizeRequest(req *http.Request, _ map[string]string) error {
req.Header.Set("Authorization", "Bearer "+th.token)
return nil
}
func (*existingTokenHandler) Scheme() string {
return "bearer"
}
type staticCredentialStore struct {
authConfig *registrytypes.AuthConfig
}
func (scs staticCredentialStore) Basic(*url.URL) (string, string) {
if scs.authConfig == nil {
return "", ""
}
return scs.authConfig.Username, scs.authConfig.Password
}
func (scs staticCredentialStore) RefreshToken(*url.URL, string) string {
if scs.authConfig == nil {
return ""
}
return scs.authConfig.IdentityToken
}
func (staticCredentialStore) SetRefreshToken(*url.URL, string, string) {}