Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type ACL ¶ added in v0.9.0
type ACL struct {
// Allow holds the list of allowed paths for a user.
// If none match, the user is forbidden.
Allow []string
// Deny holds the list of denied paths for a user.
// If any match, the user is forbidden.
Deny []string
}
ACL determines what endpoints an authenticated user can accesse Both Allow and Deny hold a list of regular expressions that are matched against an HTTP request formatted as a string:
METHOD URL_PATH
For example:
GET /v2/foo/bar
type AuthConfig ¶
type AuthConfig struct {
// Username and Password hold the basic auth credentials.
// If UseTokenServer is true, these apply to the token server
// rather than to the registry itself.
Username string `json:"username"`
Password string `json:"password"`
// BearerToken holds a bearer token to use as auth.
// If UseTokenServer is true, this applies to the token server
// rather than to the registry itself.
BearerToken string `json:"bearerToken"`
// UseTokenServer starts a token server and directs client
// requests to acquire auth tokens from that server.
UseTokenServer bool `json:"useTokenServer"`
// ACL holds the ACL for an authenticated client.
// If it's nil, the user is allowed full access.
// Note: there's only one ACL because we only
// support a single authenticated user.
ACL *ACL `json:"acl,omitempty"`
// Use401InsteadOf403 causes the server to send a 401
// response even when the credentials are present and correct.
Use401InsteadOf403 bool `json:"always401"`
}
AuthConfig specifies authorization requirements for the server.
type Registry ¶
type Registry struct {
// contains filtered or unexported fields
}
func New ¶
New starts a registry instance that serves modules found inside fsys. It serves the OCI registry protocol. If prefix is non-empty, all module paths will be prefixed by that, separated by a slash (/).
Each module should be inside a directory named path_vers, where slashes in path have been replaced with underscores and should contain a cue.mod/module.cue file holding the module info.
If there's a file named auth.json in the root directory, it will cause access to the server to be gated by the specified authorization. See the AuthConfig type for details.
The Registry should be closed after use.
func NewServer ¶ added in v0.9.0
func NewServer(r ociregistry.Interface, auth *AuthConfig) (*Registry, error)
NewServer is like New except that instead of uploading the contents of a filesystem, it just serves the contents of the given registry guarded by the given auth configuration. If auth is nil, no authentication will be required.
Source Files