containerd/pull: Use authorization
- containerd/pull: Use authorization - containerd/auth: Check if registry hostname matches Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
This commit is contained in:
parent
7e8df0e2c9
commit
d4579a983e
|
@ -41,6 +41,9 @@ func (i *ImageService) PullImage(ctx context.Context, image, tagOrDigest string,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resolver := newResolverFromAuthConfig(authConfig)
|
||||||
|
opts = append(opts, containerd.WithResolver(resolver))
|
||||||
|
|
||||||
_, err = i.client.Pull(ctx, ref.String(), opts...)
|
_, err = i.client.Pull(ctx, ref.String(), opts...)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,35 @@
|
||||||
|
package containerd
|
||||||
|
|
||||||
|
import (
|
||||||
|
"github.com/containerd/containerd/remotes"
|
||||||
|
"github.com/containerd/containerd/remotes/docker"
|
||||||
|
registrytypes "github.com/docker/docker/api/types/registry"
|
||||||
|
"github.com/docker/docker/registry"
|
||||||
|
"github.com/sirupsen/logrus"
|
||||||
|
)
|
||||||
|
|
||||||
|
func newResolverFromAuthConfig(authConfig *registrytypes.AuthConfig) remotes.Resolver {
|
||||||
|
opts := []docker.RegistryOpt{}
|
||||||
|
if authConfig != nil {
|
||||||
|
cfgHost := registry.ConvertToHostname(authConfig.ServerAddress)
|
||||||
|
if cfgHost == registry.IndexHostname {
|
||||||
|
cfgHost = registry.DefaultRegistryHost
|
||||||
|
}
|
||||||
|
authorizer := docker.NewDockerAuthorizer(docker.WithAuthCreds(func(host string) (string, string, error) {
|
||||||
|
if cfgHost != host {
|
||||||
|
logrus.WithField("host", host).WithField("cfgHost", cfgHost).Warn("Host doesn't match")
|
||||||
|
return "", "", nil
|
||||||
|
}
|
||||||
|
if authConfig.IdentityToken != "" {
|
||||||
|
return "", authConfig.IdentityToken, nil
|
||||||
|
}
|
||||||
|
return authConfig.Username, authConfig.Password, nil
|
||||||
|
}))
|
||||||
|
|
||||||
|
opts = append(opts, docker.WithAuthorizer(authorizer))
|
||||||
|
}
|
||||||
|
|
||||||
|
return docker.NewResolver(docker.ResolverOptions{
|
||||||
|
Hosts: docker.ConfigureDefaultRegistries(opts...),
|
||||||
|
})
|
||||||
|
}
|
Loading…
Reference in New Issue