Documentation
¶
Index ¶
- Constants
- Variables
- func ParseURLForNextLink(nextLink string) (next, last string, err error)
- type APIError
- type AccessToken
- type ApiResponse
- type Certs
- type ClientToken
- type FetchUsers
- type ImageTags
- type ManifestSchemaV2
- type Registry
- func (r *Registry) APIVersionCheck(ctx context.Context) error
- func (r *Registry) Catalog(ctx context.Context, n, last string) (Repositories, error)
- func (r *Registry) DeleteTag(ctx context.Context, repoName, digest string) error
- func (r *Registry) GetBlob(ctx context.Context, name, digest string) (blob []byte, err error)
- func (r *Registry) ListingImageTags(ctx context.Context, repoName, n, last string) (ImageTags, error)
- func (r *Registry) Login(user store.User) (string, error)
- func (r *Registry) Manifest(ctx context.Context, repoName, tag string) (ManifestSchemaV2, error)
- func (r *Registry) ParseAuthenticateHeaderRequest(headerValue string) (authRequest TokenRequest, err error)
- func (r *Registry) Token(authRequest TokenRequest) (string, error)
- func (r *Registry) UpdateHtpasswd(usersFn FetchUsers) error
- type Repositories
- type Settings
- type TokenOption
- type TokenRequest
- type UsersFn
Constants ¶
const ( // Basic allow access using auth basic credentials Basic authType = iota // SelfToken define this service as main auth/authz server for docker registry host SelfToken )
Variables ¶
var ( // ErrNoMorePages used for cursor pagination state of registry entries ErrNoMorePages = errors.New("no more pages") )
Functions ¶
func ParseURLForNextLink ¶
ParseURLForNextLink check pagination cursor for next
Types ¶
type APIError ¶
type APIError struct {
Code string `json:"code"`
Message string `json:"message"`
Detail interface{} `json:"detail"`
}
APIError contain detail in their relevant sections, are reported as part of 4xx responses, in a json response body.
type AccessToken ¶
type AccessToken struct {
Certs
// contains filtered or unexported fields
}
AccessToken is a token instance using for authorization in registryal
func NewRegistryToken ¶
func NewRegistryToken(opts ...TokenOption) (*AccessToken, error)
NewRegistryToken will construct new tokenRegistry instance with required options and allow re-define default option for token generator
type ApiResponse ¶
type ApiResponse struct {
Total int64 `json:"total"`
Data interface{} `json:"data"`
}
type Certs ¶
type Certs struct {
RootPath string
KeyPath string
PublicKeyPath string
CARootPath string
FQDNs []string
IP string
}
Certs will define a path to certs either for loading private, public and CARoot files or path to save ones when createCerts call. createCerts doesn't overwrite existed files in a path, user should delete them before method call.
type ClientToken ¶
type ClientToken struct {
// An opaque Bearer token that clients should supply to subsequent requests in the Authorization header.
Token string `json:"token"`
// For compatibility with OAuth 2.0, we will also accept AccessToken under the name access_token.
// At least one of these fields must be specified, but both may also appear (for compatibility with older clients).
// When both are specified, they should be equivalent; if they differ the client's choice is undefined.
AccessToken string `json:"access_token"`
}
ClientToken is Bearer AccessToken representing authorized access for a client
type FetchUsers ¶
FetchUsers interface allows get users list from store engine in registry instance
type ImageTags ¶
type ImageTags struct {
Name string `json:"name"`
Tags []string `json:"tags"`
NextLink string // if catalog list request with pagination response will contain next page link
}
ImageTags a tags items list
type ManifestSchemaV2 ¶
type ManifestSchemaV2 struct {
SchemaVersion int `json:"schemaVersion"`
MediaType string `json:"mediaType"`
ConfigDescriptor schema2Descriptor `json:"config"`
LayersDescriptors []schema2Descriptor `json:"layers"`
// additional fields which not include in schema specification and need for this service only
TotalSize int64 `json:"total_size"` // total compressed size of image data
ContentDigest string `json:"content_digest"` // a main content digest using for delete image from registry
}
ManifestSchemaV2 is V2 format schema for docker image manifest file which contain information about docker image, such as layers, size, and digest https://docs.docker.com/registry/spec/manifest-v2-2/#image-manifest-field-descriptions
type Registry ¶
type Registry struct {
// contains filtered or unexported fields
}
Registry is main instance for manipulation access of self-hosted docker registry
func NewRegistry ¶
NewRegistry is main constructor for create registry access API instance
func (*Registry) APIVersionCheck ¶
APIVersionCheck a minimal endpoint, mounted at /v2/ will provide version support information based on its response statuses. more details by link https://docs.docker.com/registry/spec/api/#api-version-check
func (*Registry) Catalog ¶
Catalog return list a set of available repositories in the local registry cluster.
func (*Registry) DeleteTag ¶
DeleteTag will delete the manifest identified by name and reference. Note that a manifest can only be deleted by digest. A digest can be fetched from manifest get response header 'docker-content-digest'
func (*Registry) GetBlob ¶
GetBlob retrieve the blob from the registry identified by digest. A HEAD request can also be issued to this endpoint to obtain resource information without receiving all data.
func (*Registry) ListingImageTags ¶
func (r *Registry) ListingImageTags(ctx context.Context, repoName, n, last string) (ImageTags, error)
ListingImageTags retrieve information about tags.
func (*Registry) Login ¶
Login implement authorization to remote registry instance with token request
func (*Registry) Manifest ¶
Manifest do fetch the manifest identified by 'name' and 'reference' where 'reference' can be a tag or digest.
func (*Registry) ParseAuthenticateHeaderRequest ¶
func (r *Registry) ParseAuthenticateHeaderRequest(headerValue string) (authRequest TokenRequest, err error)
ParseAuthenticateHeaderRequest will parse 'Www-Authenticate' header for extract token authorization data. Header value should be like this: Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="repository:samalba/my-app:pull,push" Input parameter 'access' contain data of access to resource for a user. Method has public access for use in tests where registry mock interface use it.
func (*Registry) Token ¶
func (r *Registry) Token(authRequest TokenRequest) (string, error)
Token create jwt token with claims for send as response to docker registry service This method should call after credentials check at a high level api
func (*Registry) UpdateHtpasswd ¶
func (r *Registry) UpdateHtpasswd(usersFn FetchUsers) error
UpdateHtpasswd update user access list every time when user add/update/delete
type Repositories ¶
type Repositories struct {
List []string `json:"repositories"`
NextLink string `json:"next"` // if catalog list request with pagination response will contain next page link
}
Repositories a repository items list
type Settings ¶
type Settings struct {
// Host is a fqdn of docker registry host
// also it's value appends Subject Alternative Name for requested IP and Domain to certificate
Host string
// Port which registry accept requests
Port uint
// define authenticate type for access to docker registry api
AuthType authType
// use with basic auth only for dynamic update .htpasswd file
HtpasswdPath string
// The name of the service which hosts the resource.
Service string
// The name of the token issuer which hosts the resource.
Issuer string
// Override default token expiration time (in seconds), default 60 seconds
TokenTTL int64
// CertificatesPaths define a path to private, public keys and CA certificate.
// If CertificatesPaths has all fields are empty, AccessToken will create keys by default, with default path.
// If CertificatesPaths has all fields are empty, but certificates files exist AccessToken try to load existed keys and CA file.
CertificatesPaths Certs
// HttpsCert used when a https access cert and a token cert is differs. In this case HTTPSCert will add to trusted CA pool
HTTPSCert string
// InsecureRequest define option secure for make a https request to docker registry host, false by default
InsecureRequest bool
// contains filtered or unexported fields
}
Settings main configuration options for communicate with registry instance
type TokenOption ¶
type TokenOption func(option *AccessToken)
TokenOption defines options which pass to token
func TokenExpiration ¶
func TokenExpiration(expirationTime int64) TokenOption
TokenExpiration option define custom token expiration time
func TokenIssuer ¶
func TokenIssuer(issuer string) TokenOption
TokenIssuer option define token issuer, typically the fqdn of the authorization server
type TokenRequest ¶
type TokenRequest struct {
// Bind to 'sub' token header
// The subject of the token; the name or id of the client which requested it.
// This should be empty (`""`) if the client did not authenticate.
Account string
// Bind to token 'aud' header. The intended audience of the token; the name or id of the service which will verify
// the token to authorize the client/subject.
Service string
// The subject of the token; the name or id of the client which requested it.
// This should be empty (`""`) if the client did not authenticate.
Type string
// The name of the resource of the given type hosted by the service.
Name string
// An array of strings which give the actions authorized on this resource.
Actions []string
// Custom TTL for a new token
ExpireTime int64
}
TokenRequest is the authorization request data from registry when client auth call for detailed description go to https://docs.docker.com/registry/spec/auth/jwt/
type UsersFn ¶
type UsersFn func(ctx context.Context, filter engine.QueryFilter, withPassword bool) (users engine.ListResponse, err error)
UsersFn uses in adapter for bind FindUsers func in store engine with registry instance
Source Files