containerd/pull: Use authorization
- containerd/pull: Use authorization - containerd/auth: Check if registry hostname matches Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
This commit is contained in:
Paweł Gronowski
Sebastiaan van Stijn
parent
7e8df0e2c9
commit
d4579a983e
|
|
@ -41,6 +41,9 @@ func (i *ImageService) PullImage(ctx context.Context, image, tagOrDigest string,
|
|||
}
|
||||
}
|
||||
|
||||
resolver := newResolverFromAuthConfig(authConfig)
|
||||
opts = append(opts, containerd.WithResolver(resolver))
|
||||
|
||||
_, err = i.client.Pull(ctx, ref.String(), opts...)
|
||||
return err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,35 @@
|
|||
package containerd
|
||||
|
||||
import (
|
||||
"github.com/containerd/containerd/remotes"
|
||||
"github.com/containerd/containerd/remotes/docker"
|
||||
registrytypes "github.com/docker/docker/api/types/registry"
|
||||
"github.com/docker/docker/registry"
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
func newResolverFromAuthConfig(authConfig *registrytypes.AuthConfig) remotes.Resolver {
|
||||
opts := []docker.RegistryOpt{}
|
||||
if authConfig != nil {
|
||||
cfgHost := registry.ConvertToHostname(authConfig.ServerAddress)
|
||||
if cfgHost == registry.IndexHostname {
|
||||
cfgHost = registry.DefaultRegistryHost
|
||||
}
|
||||
authorizer := docker.NewDockerAuthorizer(docker.WithAuthCreds(func(host string) (string, string, error) {
|
||||
if cfgHost != host {
|
||||
logrus.WithField("host", host).WithField("cfgHost", cfgHost).Warn("Host doesn't match")
|
||||
return "", "", nil
|
||||
}
|
||||
if authConfig.IdentityToken != "" {
|
||||
return "", authConfig.IdentityToken, nil
|
||||
}
|
||||
return authConfig.Username, authConfig.Password, nil
|
||||
}))
|
||||
|
||||
opts = append(opts, docker.WithAuthorizer(authorizer))
|
||||
}
|
||||
|
||||
return docker.NewResolver(docker.ResolverOptions{
|
||||
Hosts: docker.ConfigureDefaultRegistries(opts...),
|
||||
})
|
||||
}
|
||||
Loading…
Reference in New Issue