diff --git a/api/server/middleware/cors.go b/api/server/middleware/cors.go index 54374690e6..79bed14564 100644 --- a/api/server/middleware/cors.go +++ b/api/server/middleware/cors.go @@ -4,6 +4,7 @@ import ( "context" "net/http" + "github.com/docker/docker/api/types/registry" "github.com/sirupsen/logrus" ) @@ -30,7 +31,7 @@ func (c CORSMiddleware) WrapHandler(handler func(ctx context.Context, w http.Res logrus.Debugf("CORS header is enabled and set to: %s", corsHeaders) w.Header().Add("Access-Control-Allow-Origin", corsHeaders) - w.Header().Add("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, X-Registry-Auth") + w.Header().Add("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, "+registry.AuthHeader) w.Header().Add("Access-Control-Allow-Methods", "HEAD, GET, POST, DELETE, PUT, OPTIONS") return handler(ctx, w, r, vars) } diff --git a/api/server/router/distribution/distribution_routes.go b/api/server/router/distribution/distribution_routes.go index 86b93d3c62..48107d1456 100644 --- a/api/server/router/distribution/distribution_routes.go +++ b/api/server/router/distribution/distribution_routes.go @@ -13,7 +13,7 @@ import ( "github.com/docker/distribution/reference" "github.com/docker/docker/api/server/httputils" "github.com/docker/docker/api/types" - registrytypes "github.com/docker/docker/api/types/registry" + "github.com/docker/docker/api/types/registry" "github.com/docker/docker/errdefs" v1 "github.com/opencontainers/image-spec/specs-go/v1" "github.com/pkg/errors" @@ -28,8 +28,8 @@ func (s *distributionRouter) getDistributionInfo(ctx context.Context, w http.Res var ( config = &types.AuthConfig{} - authEncoded = r.Header.Get("X-Registry-Auth") - distributionInspect registrytypes.DistributionInspect + authEncoded = r.Header.Get(registry.AuthHeader) + distributionInspect registry.DistributionInspect ) if authEncoded != "" { diff --git a/api/server/router/image/image_routes.go b/api/server/router/image/image_routes.go index b186e61ade..1184102cd8 100644 --- a/api/server/router/image/image_routes.go +++ b/api/server/router/image/image_routes.go @@ -14,6 +14,7 @@ import ( "github.com/docker/docker/api/server/httputils" "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/filters" + "github.com/docker/docker/api/types/registry" "github.com/docker/docker/api/types/versions" "github.com/docker/docker/errdefs" "github.com/docker/docker/image" @@ -63,7 +64,7 @@ func (s *imageRouter) postImagesCreate(ctx context.Context, w http.ResponseWrite } } - authEncoded := r.Header.Get("X-Registry-Auth") + authEncoded := r.Header.Get(registry.AuthHeader) authConfig := &types.AuthConfig{} if authEncoded != "" { authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded)) @@ -100,7 +101,7 @@ func (s *imageRouter) postImagesPush(ctx context.Context, w http.ResponseWriter, } authConfig := &types.AuthConfig{} - authEncoded := r.Header.Get("X-Registry-Auth") + authEncoded := r.Header.Get(registry.AuthHeader) if authEncoded != "" { // the new format is to handle the authConfig as a header authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded)) @@ -360,7 +361,7 @@ func (s *imageRouter) getImagesSearch(ctx context.Context, w http.ResponseWriter } var ( config *types.AuthConfig - authEncoded = r.Header.Get("X-Registry-Auth") + authEncoded = r.Header.Get(registry.AuthHeader) headers = map[string][]string{} ) diff --git a/api/server/router/plugin/plugin_routes.go b/api/server/router/plugin/plugin_routes.go index c82996679d..175a0f7537 100644 --- a/api/server/router/plugin/plugin_routes.go +++ b/api/server/router/plugin/plugin_routes.go @@ -27,7 +27,7 @@ func parseHeaders(headers http.Header) (map[string][]string, *types.AuthConfig) } // Get X-Registry-Auth - authEncoded := headers.Get("X-Registry-Auth") + authEncoded := headers.Get(registry.AuthHeader) authConfig := &types.AuthConfig{} if authEncoded != "" { authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded)) diff --git a/api/server/router/swarm/cluster_routes.go b/api/server/router/swarm/cluster_routes.go index 05c10082a1..293e4f1421 100644 --- a/api/server/router/swarm/cluster_routes.go +++ b/api/server/router/swarm/cluster_routes.go @@ -10,6 +10,7 @@ import ( basictypes "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/backend" "github.com/docker/docker/api/types/filters" + "github.com/docker/docker/api/types/registry" types "github.com/docker/docker/api/types/swarm" "github.com/docker/docker/api/types/versions" "github.com/docker/docker/errdefs" @@ -207,7 +208,7 @@ func (sr *swarmRouter) createService(ctx context.Context, w http.ResponseWriter, } // Get returns "" if the header does not exist - encodedAuth := r.Header.Get("X-Registry-Auth") + encodedAuth := r.Header.Get(registry.AuthHeader) queryRegistry := false if v := httputils.VersionFromContext(ctx); v != "" { if versions.LessThan(v, "1.30") { @@ -240,7 +241,7 @@ func (sr *swarmRouter) updateService(ctx context.Context, w http.ResponseWriter, var flags basictypes.ServiceUpdateOptions // Get returns "" if the header does not exist - flags.EncodedRegistryAuth = r.Header.Get("X-Registry-Auth") + flags.EncodedRegistryAuth = r.Header.Get(registry.AuthHeader) flags.RegistryAuthFrom = r.URL.Query().Get("registryAuthFrom") flags.Rollback = r.URL.Query().Get("rollback") queryRegistry := false diff --git a/api/types/registry/authconfig.go b/api/types/registry/authconfig.go new file mode 100644 index 0000000000..d61cefb20e --- /dev/null +++ b/api/types/registry/authconfig.go @@ -0,0 +1,5 @@ +package registry // import "github.com/docker/docker/api/types/registry" + +// AuthHeader is the name of the header used to send encoded registry +// authorization credentials for registry operations (push/pull). +const AuthHeader = "X-Registry-Auth" diff --git a/client/distribution_inspect.go b/client/distribution_inspect.go index 7f36c99a01..efab066d3b 100644 --- a/client/distribution_inspect.go +++ b/client/distribution_inspect.go @@ -5,13 +5,13 @@ import ( "encoding/json" "net/url" - registrytypes "github.com/docker/docker/api/types/registry" + "github.com/docker/docker/api/types/registry" ) // DistributionInspect returns the image digest with the full manifest. -func (cli *Client) DistributionInspect(ctx context.Context, image, encodedRegistryAuth string) (registrytypes.DistributionInspect, error) { +func (cli *Client) DistributionInspect(ctx context.Context, image, encodedRegistryAuth string) (registry.DistributionInspect, error) { // Contact the registry to retrieve digest and platform information - var distributionInspect registrytypes.DistributionInspect + var distributionInspect registry.DistributionInspect if image == "" { return distributionInspect, objectNotFoundError{object: "distribution", id: image} } @@ -23,7 +23,7 @@ func (cli *Client) DistributionInspect(ctx context.Context, image, encodedRegist if encodedRegistryAuth != "" { headers = map[string][]string{ - "X-Registry-Auth": {encodedRegistryAuth}, + registry.AuthHeader: {encodedRegistryAuth}, } } diff --git a/client/image_create.go b/client/image_create.go index b1c0227775..6a9b708f7d 100644 --- a/client/image_create.go +++ b/client/image_create.go @@ -8,6 +8,7 @@ import ( "github.com/docker/distribution/reference" "github.com/docker/docker/api/types" + "github.com/docker/docker/api/types/registry" ) // ImageCreate creates a new image based on the parent options. @@ -32,6 +33,6 @@ func (cli *Client) ImageCreate(ctx context.Context, parentReference string, opti } func (cli *Client) tryImageCreate(ctx context.Context, query url.Values, registryAuth string) (serverResponse, error) { - headers := map[string][]string{"X-Registry-Auth": {registryAuth}} + headers := map[string][]string{registry.AuthHeader: {registryAuth}} return cli.post(ctx, "/images/create", query, nil, headers) } diff --git a/client/image_create_test.go b/client/image_create_test.go index 3095cbc05b..c2871d4d1a 100644 --- a/client/image_create_test.go +++ b/client/image_create_test.go @@ -10,6 +10,7 @@ import ( "testing" "github.com/docker/docker/api/types" + "github.com/docker/docker/api/types/registry" "github.com/docker/docker/errdefs" ) @@ -34,9 +35,9 @@ func TestImageCreate(t *testing.T) { if !strings.HasPrefix(r.URL.Path, expectedURL) { return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, r.URL) } - registryAuth := r.Header.Get("X-Registry-Auth") + registryAuth := r.Header.Get(registry.AuthHeader) if registryAuth != expectedRegistryAuth { - return nil, fmt.Errorf("X-Registry-Auth header not properly set in the request. Expected '%s', got %s", expectedRegistryAuth, registryAuth) + return nil, fmt.Errorf("%s header not properly set in the request. Expected '%s', got %s", registry.AuthHeader, expectedRegistryAuth, registryAuth) } query := r.URL.Query() diff --git a/client/image_pull_test.go b/client/image_pull_test.go index 92793e1e39..ebb9d9a4ad 100644 --- a/client/image_pull_test.go +++ b/client/image_pull_test.go @@ -10,6 +10,7 @@ import ( "testing" "github.com/docker/docker/api/types" + "github.com/docker/docker/api/types/registry" "github.com/docker/docker/errdefs" ) @@ -83,7 +84,7 @@ func TestImagePullWithPrivilegedFuncNoError(t *testing.T) { if !strings.HasPrefix(req.URL.Path, expectedURL) { return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL) } - auth := req.Header.Get("X-Registry-Auth") + auth := req.Header.Get(registry.AuthHeader) if auth == "NotValid" { return &http.Response{ StatusCode: http.StatusUnauthorized, diff --git a/client/image_push.go b/client/image_push.go index 845580d4a4..dd1b8f3471 100644 --- a/client/image_push.go +++ b/client/image_push.go @@ -8,6 +8,7 @@ import ( "github.com/docker/distribution/reference" "github.com/docker/docker/api/types" + "github.com/docker/docker/api/types/registry" "github.com/docker/docker/errdefs" ) @@ -49,6 +50,6 @@ func (cli *Client) ImagePush(ctx context.Context, image string, options types.Im } func (cli *Client) tryImagePush(ctx context.Context, imageID string, query url.Values, registryAuth string) (serverResponse, error) { - headers := map[string][]string{"X-Registry-Auth": {registryAuth}} + headers := map[string][]string{registry.AuthHeader: {registryAuth}} return cli.post(ctx, "/images/"+imageID+"/push", query, nil, headers) } diff --git a/client/image_push_test.go b/client/image_push_test.go index 9b161717ca..bd4b0b2fe3 100644 --- a/client/image_push_test.go +++ b/client/image_push_test.go @@ -10,6 +10,7 @@ import ( "testing" "github.com/docker/docker/api/types" + "github.com/docker/docker/api/types/registry" "github.com/docker/docker/errdefs" ) @@ -88,7 +89,7 @@ func TestImagePushWithPrivilegedFuncNoError(t *testing.T) { if !strings.HasPrefix(req.URL.Path, expectedURL) { return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL) } - auth := req.Header.Get("X-Registry-Auth") + auth := req.Header.Get(registry.AuthHeader) if auth == "NotValid" { return &http.Response{ StatusCode: http.StatusUnauthorized, diff --git a/client/image_search.go b/client/image_search.go index e69fa37225..5f0c49ed30 100644 --- a/client/image_search.go +++ b/client/image_search.go @@ -48,6 +48,6 @@ func (cli *Client) ImageSearch(ctx context.Context, term string, options types.I } func (cli *Client) tryImageSearch(ctx context.Context, query url.Values, registryAuth string) (serverResponse, error) { - headers := map[string][]string{"X-Registry-Auth": {registryAuth}} + headers := map[string][]string{registry.AuthHeader: {registryAuth}} return cli.get(ctx, "/images/search", query, headers) } diff --git a/client/image_search_test.go b/client/image_search_test.go index ced6deeb2b..ef1923b806 100644 --- a/client/image_search_test.go +++ b/client/image_search_test.go @@ -73,7 +73,7 @@ func TestImageSearchWithPrivilegedFuncNoError(t *testing.T) { if !strings.HasPrefix(req.URL.Path, expectedURL) { return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL) } - auth := req.Header.Get("X-Registry-Auth") + auth := req.Header.Get(registry.AuthHeader) if auth == "NotValid" { return &http.Response{ StatusCode: http.StatusUnauthorized, diff --git a/client/plugin_install.go b/client/plugin_install.go index 012afe61ca..c8284c5d87 100644 --- a/client/plugin_install.go +++ b/client/plugin_install.go @@ -8,6 +8,7 @@ import ( "github.com/docker/distribution/reference" "github.com/docker/docker/api/types" + "github.com/docker/docker/api/types/registry" "github.com/docker/docker/errdefs" "github.com/pkg/errors" ) @@ -67,12 +68,12 @@ func (cli *Client) PluginInstall(ctx context.Context, name string, options types } func (cli *Client) tryPluginPrivileges(ctx context.Context, query url.Values, registryAuth string) (serverResponse, error) { - headers := map[string][]string{"X-Registry-Auth": {registryAuth}} + headers := map[string][]string{registry.AuthHeader: {registryAuth}} return cli.get(ctx, "/plugins/privileges", query, headers) } func (cli *Client) tryPluginPull(ctx context.Context, query url.Values, privileges types.PluginPrivileges, registryAuth string) (serverResponse, error) { - headers := map[string][]string{"X-Registry-Auth": {registryAuth}} + headers := map[string][]string{registry.AuthHeader: {registryAuth}} return cli.post(ctx, "/plugins/pull", query, privileges, headers) } diff --git a/client/plugin_push.go b/client/plugin_push.go index d20bfe8447..18f9754c4c 100644 --- a/client/plugin_push.go +++ b/client/plugin_push.go @@ -3,11 +3,13 @@ package client // import "github.com/docker/docker/client" import ( "context" "io" + + "github.com/docker/docker/api/types/registry" ) // PluginPush pushes a plugin to a registry func (cli *Client) PluginPush(ctx context.Context, name string, registryAuth string) (io.ReadCloser, error) { - headers := map[string][]string{"X-Registry-Auth": {registryAuth}} + headers := map[string][]string{registry.AuthHeader: {registryAuth}} resp, err := cli.post(ctx, "/plugins/"+name+"/push", nil, nil, headers) if err != nil { return nil, err diff --git a/client/plugin_push_test.go b/client/plugin_push_test.go index 4b5a0e2e30..721bd72512 100644 --- a/client/plugin_push_test.go +++ b/client/plugin_push_test.go @@ -9,6 +9,7 @@ import ( "strings" "testing" + "github.com/docker/docker/api/types/registry" "github.com/docker/docker/errdefs" ) @@ -34,9 +35,9 @@ func TestPluginPush(t *testing.T) { if req.Method != http.MethodPost { return nil, fmt.Errorf("expected POST method, got %s", req.Method) } - auth := req.Header.Get("X-Registry-Auth") + auth := req.Header.Get(registry.AuthHeader) if auth != "authtoken" { - return nil, fmt.Errorf("Invalid auth header : expected 'authtoken', got %s", auth) + return nil, fmt.Errorf("invalid auth header : expected 'authtoken', got %s", auth) } return &http.Response{ StatusCode: http.StatusOK, diff --git a/client/plugin_upgrade.go b/client/plugin_upgrade.go index 115cea945b..995d1fd2ca 100644 --- a/client/plugin_upgrade.go +++ b/client/plugin_upgrade.go @@ -7,6 +7,7 @@ import ( "github.com/docker/distribution/reference" "github.com/docker/docker/api/types" + "github.com/docker/docker/api/types/registry" "github.com/pkg/errors" ) @@ -34,6 +35,6 @@ func (cli *Client) PluginUpgrade(ctx context.Context, name string, options types } func (cli *Client) tryPluginUpgrade(ctx context.Context, query url.Values, privileges types.PluginPrivileges, name, registryAuth string) (serverResponse, error) { - headers := map[string][]string{"X-Registry-Auth": {registryAuth}} + headers := map[string][]string{registry.AuthHeader: {registryAuth}} return cli.post(ctx, "/plugins/"+name+"/upgrade", query, privileges, headers) } diff --git a/client/service_create.go b/client/service_create.go index 23024d0f8f..b6065b8eef 100644 --- a/client/service_create.go +++ b/client/service_create.go @@ -8,6 +8,7 @@ import ( "github.com/docker/distribution/reference" "github.com/docker/docker/api/types" + "github.com/docker/docker/api/types/registry" "github.com/docker/docker/api/types/swarm" "github.com/opencontainers/go-digest" "github.com/pkg/errors" @@ -21,7 +22,7 @@ func (cli *Client) ServiceCreate(ctx context.Context, service swarm.ServiceSpec, } if options.EncodedRegistryAuth != "" { - headers["X-Registry-Auth"] = []string{options.EncodedRegistryAuth} + headers[registry.AuthHeader] = []string{options.EncodedRegistryAuth} } // Make sure containerSpec is not nil when no runtime is set or the runtime is set to container diff --git a/client/service_update.go b/client/service_update.go index 8014b86258..ff8cded8be 100644 --- a/client/service_update.go +++ b/client/service_update.go @@ -6,6 +6,7 @@ import ( "net/url" "github.com/docker/docker/api/types" + "github.com/docker/docker/api/types/registry" "github.com/docker/docker/api/types/swarm" ) @@ -23,7 +24,7 @@ func (cli *Client) ServiceUpdate(ctx context.Context, serviceID string, version } if options.EncodedRegistryAuth != "" { - headers["X-Registry-Auth"] = []string{options.EncodedRegistryAuth} + headers[registry.AuthHeader] = []string{options.EncodedRegistryAuth} } if options.RegistryAuthFrom != "" {