registry: remove v1 authentication
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn
parent
ab47fd2f72
commit
7782d04141
3 changed files with 13 additions and 71 deletions
|
|
@ -1,7 +1,6 @@
|
|||
package registry // import "github.com/docker/docker/registry"
|
||||
|
||||
import (
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strings"
|
||||
|
|
@ -12,7 +11,6 @@ import (
|
|||
"github.com/docker/distribution/registry/client/transport"
|
||||
"github.com/docker/docker/api/types"
|
||||
registrytypes "github.com/docker/docker/api/types/registry"
|
||||
"github.com/docker/docker/errdefs"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
|
@ -22,51 +20,6 @@ const (
|
|||
AuthClientID = "docker"
|
||||
)
|
||||
|
||||
// loginV1 tries to register/login to the v1 registry server.
|
||||
func loginV1(authConfig *types.AuthConfig, apiEndpoint APIEndpoint, userAgent string) (string, string, error) {
|
||||
registryEndpoint := apiEndpoint.ToV1Endpoint(userAgent, nil)
|
||||
serverAddress := registryEndpoint.String()
|
||||
|
||||
logrus.Debugf("attempting v1 login to registry endpoint %s", serverAddress)
|
||||
|
||||
if serverAddress == "" {
|
||||
return "", "", errdefs.System(errors.New("server Error: Server Address not set"))
|
||||
}
|
||||
|
||||
req, err := http.NewRequest(http.MethodGet, serverAddress+"users/", nil)
|
||||
if err != nil {
|
||||
return "", "", err
|
||||
}
|
||||
req.SetBasicAuth(authConfig.Username, authConfig.Password)
|
||||
resp, err := registryEndpoint.client.Do(req)
|
||||
if err != nil {
|
||||
// fallback when request could not be completed
|
||||
return "", "", fallbackError{
|
||||
err: err,
|
||||
}
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
body, err := ioutil.ReadAll(resp.Body)
|
||||
if err != nil {
|
||||
return "", "", errdefs.System(err)
|
||||
}
|
||||
|
||||
switch resp.StatusCode {
|
||||
case http.StatusOK:
|
||||
return "Login Succeeded", "", nil
|
||||
case http.StatusUnauthorized:
|
||||
return "", "", errdefs.Unauthorized(errors.New("Wrong login/password, please try again"))
|
||||
case http.StatusForbidden:
|
||||
// *TODO: Use registry configuration to determine what this says, if anything?
|
||||
return "", "", errdefs.Forbidden(errors.Errorf("Login: Account is not active. Please see the documentation of the registry %s for instructions how to activate it.", serverAddress))
|
||||
case http.StatusInternalServerError:
|
||||
logrus.Errorf("%s returned status code %d. Response Body :\n%s", req.URL.String(), resp.StatusCode, body)
|
||||
return "", "", errdefs.System(errors.New("Internal Server Error"))
|
||||
}
|
||||
return "", "", errdefs.System(errors.Errorf("Login: %s (Code: %d; Headers: %s)", body,
|
||||
resp.StatusCode, resp.Header))
|
||||
}
|
||||
|
||||
type loginCredentialStore struct {
|
||||
authConfig *types.AuthConfig
|
||||
}
|
||||
|
|
|
|||
|
|
@ -120,24 +120,21 @@ func (s *DefaultService) Auth(ctx context.Context, authConfig *types.AuthConfig,
|
|||
return "", "", errdefs.InvalidParameter(errors.Errorf("unable to parse server address: %v", err))
|
||||
}
|
||||
|
||||
// Lookup endpoints for authentication using "LookupPushEndpoints", which
|
||||
// excludes mirrors to prevent sending credentials of the upstream registry
|
||||
// to a mirror.
|
||||
endpoints, err := s.LookupPushEndpoints(u.Host)
|
||||
if err != nil {
|
||||
return "", "", errdefs.InvalidParameter(err)
|
||||
}
|
||||
|
||||
for _, endpoint := range endpoints {
|
||||
login := loginV2
|
||||
if endpoint.Version == APIVersion1 {
|
||||
login = loginV1
|
||||
}
|
||||
|
||||
status, token, err = login(authConfig, endpoint, userAgent)
|
||||
status, token, err = loginV2(authConfig, endpoint, userAgent)
|
||||
if err == nil {
|
||||
return
|
||||
}
|
||||
if fErr, ok := err.(fallbackError); ok {
|
||||
err = fErr.err
|
||||
logrus.Infof("Error logging in to %s endpoint, trying next endpoint: %v", endpoint.Version, err)
|
||||
logrus.WithError(fErr.err).Infof("Error logging in to endpoint, trying next endpoint")
|
||||
continue
|
||||
}
|
||||
|
||||
|
|
@ -259,6 +256,7 @@ type APIEndpoint struct {
|
|||
}
|
||||
|
||||
// ToV1Endpoint returns a V1 API endpoint based on the APIEndpoint
|
||||
// Deprecated: this function is deprecated and will be removed in a future update
|
||||
func (e APIEndpoint) ToV1Endpoint(userAgent string, metaHeaders http.Header) *V1Endpoint {
|
||||
return newV1Endpoint(*e.URL, e.TLSConfig, userAgent, metaHeaders)
|
||||
}
|
||||
|
|
@ -280,24 +278,22 @@ func (s *DefaultService) tlsConfigForMirror(mirrorURL *url.URL) (*tls.Config, er
|
|||
return s.tlsConfig(mirrorURL.Host)
|
||||
}
|
||||
|
||||
// LookupPullEndpoints creates a list of endpoints to try to pull from, in order of preference.
|
||||
// It gives preference to v2 endpoints over v1, mirrors over the actual
|
||||
// registry, and HTTPS over plain HTTP.
|
||||
// LookupPullEndpoints creates a list of v2 endpoints to try to pull from, in order of preference.
|
||||
// It gives preference to mirrors over the actual registry, and HTTPS over plain HTTP.
|
||||
func (s *DefaultService) LookupPullEndpoints(hostname string) (endpoints []APIEndpoint, err error) {
|
||||
s.mu.Lock()
|
||||
defer s.mu.Unlock()
|
||||
|
||||
return s.lookupEndpoints(hostname)
|
||||
return s.lookupV2Endpoints(hostname)
|
||||
}
|
||||
|
||||
// LookupPushEndpoints creates a list of endpoints to try to push to, in order of preference.
|
||||
// It gives preference to v2 endpoints over v1, and HTTPS over plain HTTP.
|
||||
// Mirrors are not included.
|
||||
// LookupPushEndpoints creates a list of v2 endpoints to try to push to, in order of preference.
|
||||
// It gives preference to HTTPS over plain HTTP. Mirrors are not included.
|
||||
func (s *DefaultService) LookupPushEndpoints(hostname string) (endpoints []APIEndpoint, err error) {
|
||||
s.mu.Lock()
|
||||
defer s.mu.Unlock()
|
||||
|
||||
allEndpoints, err := s.lookupEndpoints(hostname)
|
||||
allEndpoints, err := s.lookupV2Endpoints(hostname)
|
||||
if err == nil {
|
||||
for _, endpoint := range allEndpoints {
|
||||
if !endpoint.Mirror {
|
||||
|
|
@ -307,7 +303,3 @@ func (s *DefaultService) LookupPushEndpoints(hostname string) (endpoints []APIEn
|
|||
}
|
||||
return endpoints, err
|
||||
}
|
||||
|
||||
func (s *DefaultService) lookupEndpoints(hostname string) (endpoints []APIEndpoint, err error) {
|
||||
return s.lookupV2Endpoints(hostname)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,7 +10,6 @@ import (
|
|||
func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndpoint, err error) {
|
||||
tlsConfig := tlsconfig.ServerDefault()
|
||||
if hostname == DefaultNamespace || hostname == IndexHostname {
|
||||
// v2 mirrors
|
||||
for _, mirror := range s.config.Mirrors {
|
||||
if !strings.HasPrefix(mirror, "http://") && !strings.HasPrefix(mirror, "https://") {
|
||||
mirror = "https://" + mirror
|
||||
|
|
@ -25,14 +24,12 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
|
|||
}
|
||||
endpoints = append(endpoints, APIEndpoint{
|
||||
URL: mirrorURL,
|
||||
// guess mirrors are v2
|
||||
Version: APIVersion2,
|
||||
Mirror: true,
|
||||
TrimHostname: true,
|
||||
TLSConfig: mirrorTLSConfig,
|
||||
})
|
||||
}
|
||||
// v2 registry
|
||||
endpoints = append(endpoints, APIEndpoint{
|
||||
URL: DefaultV2Registry,
|
||||
Version: APIVersion2,
|
||||
|
|
|
|||
Loading…
Reference in a new issue