Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthBackend ¶
type AuthBackend func(string) (*RegistryAuthConfig, error)
An AuthBackend is a function that resolves registry credentials for a given repository. If no auth exitsts for the given repository, (nil, nil) is returned and should be skipped.
type Credential ¶
func (*Credential) Empty ¶
func (c *Credential) Empty() bool
type CredentialsFile ¶
CredentialsFile is the struct that represents the contents of the "auth.json" file that stores or references credentials that enable authentication into specific registries or even repositories.
reference: https://www.mankier.com/5/containers-auth.json alternate: https://man.archlinux.org/man/containers-auth.json.5
type EncAuth ¶
type EncAuth struct {
Auth string `json:"auth"`
}
EncAuth represents a single registry (or specific repository) and the associated base64 encoded auth token.
type ImageSpecs ¶
ImageSpecs holds each of the components of a full container image identifier, such that we can ask questions about it. There are three parts, - domain - path - tag
func (*ImageSpecs) Index ¶
func (is *ImageSpecs) Index() string
func (*ImageSpecs) Match ¶
func (is *ImageSpecs) Match(index string) bool
Match returns true if the repository belongs to the given registry index.
Given repository example.com/foo/bar, each of these index values would match, e.g. - example.com - examle.com/foo - example.com/foo/bar
Whereas other index values would not match, e.g. - other.com - example.com/baz - example.com/foo/bar/baz
type PullConfig ¶
type PullConfig struct {
Image string
RegistryConfig *RegistryAuthConfig
TLSVerify bool
CredentialsFile string
CredentialsHelper string
AuthSoftFail bool
}
PullConfig represents the necessary information needed for an image pull query.
func (*PullConfig) AuthAvailable ¶
func (pc *PullConfig) AuthAvailable() bool
AuthAvailable returns true if any of the supported authentication methods are set, indicating we should try to find credentials for the given image by checking each of the options for looking up credentials. - RegistryConfig (from task configuration) - CredentialsFile (from plugin configuration) - CredentialsHelper (from plugin configuration)
func (*PullConfig) BasicConfig ¶
func (pc *PullConfig) BasicConfig() *TaskAuthConfig
BasicConfig returns the Basic-Auth level of configuration.
For the podman driver, this is what can be supplied in the task config block.
func (*PullConfig) Log ¶
func (pc *PullConfig) Log(logger hclog.Logger)
Log the components of PullConfig in a safe way.
type RegistryAuthConfig ¶
type RegistryAuthConfig struct {
Username string `json:"username,omitempty"`
Password string `json:"password,omitempty"`
Email string `json:"email,omitempty"`
ServerAddress string `json:"serveraddress,omitempty"`
IdentityToken string `json:"identitytoken,omitempty"`
}
RegistryAuthConfig represents the actualized authentication for accessing a container registry.
Note that IdentityToken is mutually exclusive with the remaining fields.
func ResolveRegistryAuthentication ¶
func ResolveRegistryAuthentication(repository string, pullConfig *PullConfig) (*RegistryAuthConfig, error)
ResolveRegistryAuthentication will find a compatible AuthBackend for the given repository. In order, try using - auth block from task - auth from auth.json file specified by plugin config - auth from a credentials helper specified by plugin config
func (*RegistryAuthConfig) Empty ¶
func (r *RegistryAuthConfig) Empty() bool
Empty returns true if all of username, password, and identity token are unset.
func (*RegistryAuthConfig) SetHeader ¶
func (r *RegistryAuthConfig) SetHeader(headers map[string]string)
SetHeader will apply the X-Registry-Auth header (if necessary) to headers.
type TaskAuthConfig ¶
TaskAuthConfig represents the "auth" section of the config block for the podman task driver.
func (*TaskAuthConfig) IsEmpty ¶
func (c *TaskAuthConfig) IsEmpty() bool
Source Files