client

package
v0.0.0-...-4899715 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 22, 2024 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RegisterAuthDriver

func RegisterAuthDriver(name string, factory func() AuthDriver)

RegisterAuthDriver registers an AuthDriver. Call this from func init() of the package defining the AuthDriver.

Types

type AuthChallenge

type AuthChallenge struct {
	Realm   string
	Service string
	Scope   string
}

AuthChallenge contains the parsed contents of a Www-Authenticate header returned by a registry.

func ParseAuthChallenge

func ParseAuthChallenge(hdr http.Header) (AuthChallenge, error)

ParseAuthChallenge parses the auth challenge from the response headers of an unauthenticated request to a registry API.

func (AuthChallenge) GetToken

func (c AuthChallenge) GetToken(ctx context.Context, userName, password string) (string, error)

GetToken obtains a token that satisfies this challenge.

type AuthDriver

type AuthDriver interface {
	// MatchesEnvironment checks the process's environment variables to see if
	// they contain credentials for this authentication method. This is how we
	// decide which AuthDriver to use.
	MatchesEnvironment() bool

	// Connect sets up a connection to a Keppel server, using the credentials from
	// the process's environment variables.
	Connect(context.Context) error

	// CurrentAuthTenantID returns the ID of the auth tenant where the client is
	// authenticated.
	CurrentAuthTenantID() string
	// ServerHost returns the server's hostname. May be of the form "host:port".
	// May panic when called before Connect().
	ServerHost() string
	// ServerScheme returns "http" or "https" to indicate whether the server
	// exposes an encrypted or unencrypted API.
	ServerScheme() string
	// SendHTTPRequest sends a HTTP request to the Keppel API. The implementation
	// will fill in the correct server hostname and add any required auth headers.
	// May panic when called before Connect().
	SendHTTPRequest(req *http.Request) (*http.Response, error)

	// CredentialsForRegistryAPI returns a pair of username and password that can
	// be used on the Registry API of the same Keppel instance to obtain
	// equivalent access.
	CredentialsForRegistryAPI() (userName, password string)
}

AuthDriver is the client-side counterpart of keppel.AuthDriver. It implements support for talking to the Keppel API using the corresponding server-side authentication driver.

func NewAuthDriver

func NewAuthDriver(ctx context.Context) (AuthDriver, error)

NewAuthDriver selects the correct AuthDriver and executes its Connect() method.

type DownloadManifestOpts

type DownloadManifestOpts struct {
	DoNotCountTowardsLastPulled bool
	ExtraHeaders                http.Header
}

DownloadManifestOpts appears in func DownloadManifest.

type RepoClient

type RepoClient struct {
	Scheme   string // either "http" or "https"
	Host     string // either a plain hostname or a host:port like "example.org:443"
	RepoName string

	// credentials (only needed for non-public repos)
	UserName string
	Password string
	// contains filtered or unexported fields
}

RepoClient contains methods for interacting with a repository on a registry server.

func (*RepoClient) DownloadBlob

func (c *RepoClient) DownloadBlob(ctx context.Context, blobDigest digest.Digest) (contents io.ReadCloser, sizeBytes uint64, returnErr error)

DownloadBlob fetches a blob's contents from this repository. If an error is returned, it's usually a *keppel.RegistryV2Error.

func (*RepoClient) DownloadManifest

func (c *RepoClient) DownloadManifest(ctx context.Context, reference models.ManifestReference, opts *DownloadManifestOpts) (contents []byte, mediaType string, returnErr error)

DownloadManifest fetches a manifest from this repository. If an error is returned, it's usually a *keppel.RegistryV2Error.

func (*RepoClient) SetToken

func (c *RepoClient) SetToken(token string)

SetToken can be used in tests to inject a pre-computed token and bypass the username/password requirement.

func (*RepoClient) UploadManifest

func (c *RepoClient) UploadManifest(ctx context.Context, contents []byte, mediaType, tagName string) (digest.Digest, error)

UploadManifest uploads a manifest. If `tagName` is not empty, this tag name is used, otherwise the manifest is uploaded to its canonical digest. On success, the manifest's digest is returned.

func (*RepoClient) UploadMonolithicBlob

func (c *RepoClient) UploadMonolithicBlob(ctx context.Context, contents []byte) (digest.Digest, error)

UploadMonolithicBlob performs a monolithic blob upload. On success, the blob's digest is returned.

func (*RepoClient) ValidateBlobContents

func (c *RepoClient) ValidateBlobContents(ctx context.Context, blobDigest digest.Digest, session *ValidationSession) error

ValidateBlobContents fetches the given blob from the repo and verifies that the contents produce the correct digest.

func (*RepoClient) ValidateManifest

func (c *RepoClient) ValidateManifest(ctx context.Context, reference models.ManifestReference, session *ValidationSession, platformFilter models.PlatformFilter) error

ValidateManifest fetches the given manifest from the repo and verifies that it parses correctly. It also validates all references manifests and blobs recursively.

type ValidationLogger

type ValidationLogger interface {
	LogManifest(reference models.ManifestReference, level int, validationResult error, resultFromCache bool)
	LogBlob(d digest.Digest, level int, validationResult error, resultFromCache bool)
}

ValidationLogger can be passed to ValidateManifest, primarily to allow the caller to log the progress of the validation operation.

type ValidationSession

type ValidationSession struct {
	Logger ValidationLogger
	// contains filtered or unexported fields
}

ValidationSession holds state and caches intermediate results over the course of several ValidateManifest() and ValidateBlobContents() calls. The cache optimizes the validation of submanifests and blobs that are referenced multiple times. The session instance should only be used for as long as the caller wishes to cache validation results.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL