2020-11-13 16:09:31 -05:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
class DependencyProxy::Registry
|
2020-12-03 13:10:10 -05:00
|
|
|
AUTH_URL = 'https://auth.docker.io'
|
|
|
|
LIBRARY_URL = 'https://registry-1.docker.io/v2'
|
|
|
|
PROXY_AUTH_URL = Gitlab::Utils.append_path(Gitlab.config.gitlab.url, "jwt/auth")
|
2020-11-13 16:09:31 -05:00
|
|
|
|
|
|
|
class << self
|
|
|
|
def auth_url(image)
|
|
|
|
"#{AUTH_URL}/token?service=registry.docker.io&scope=repository:#{image_path(image)}:pull"
|
|
|
|
end
|
|
|
|
|
|
|
|
def manifest_url(image, tag)
|
|
|
|
"#{LIBRARY_URL}/#{image_path(image)}/manifests/#{tag}"
|
|
|
|
end
|
|
|
|
|
|
|
|
def blob_url(image, blob_sha)
|
|
|
|
"#{LIBRARY_URL}/#{image_path(image)}/blobs/#{blob_sha}"
|
|
|
|
end
|
|
|
|
|
2020-12-03 13:10:10 -05:00
|
|
|
def authenticate_header
|
|
|
|
"Bearer realm=\"#{PROXY_AUTH_URL}\",service=\"#{::Auth::DependencyProxyAuthenticationService::AUDIENCE}\""
|
|
|
|
end
|
|
|
|
|
2020-11-13 16:09:31 -05:00
|
|
|
private
|
|
|
|
|
|
|
|
def image_path(image)
|
|
|
|
if image.include?('/')
|
|
|
|
image
|
|
|
|
else
|
|
|
|
"library/#{image}"
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|