feat: support credential function #45
Conversation
wangxiaoxuan273
requested review from
shizhMSFT,
Wwwsylvia and
TerryHowe
as code owners
Codecov Report
📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more @@ Coverage Diff @@
## main #45 +/- ##
==========================================
+ Coverage 78.32% 78.53% +0.21%
==========================================
Files 3 3
Lines 203 219 +16
==========================================
+ Hits 159 172 +13
- Misses 33 35 +2
- Partials 11 12 +1
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
credential.go
Outdated
| "oras.land/oras-go/v2/registry/remote/auth" | ||
| ) | ||
|
|
||
| func Credential(store Store) func(context.Context, string) (auth.Credential, error) { |
There was a problem hiding this comment.
Can we have some unit tests? It would be somewhat bit similar to https://github.com/oras-project/oras-go/blob/main/registry/remote/auth/client_test.go#L2220-L2239.
There was a problem hiding this comment.
Added doc comment.
There was a problem hiding this comment.
Added unit tests.
credential.go
Outdated
| if registry == "" { | ||
| return auth.EmptyCredential, nil | ||
| } | ||
| return store.Get(ctx, registry) |
There was a problem hiding this comment.
Should we support something like https://github.com/oras-project/oras/blob/main/cmd/oras/internal/option/remote.go#L222-L234? /cc @qweeah
There was a problem hiding this comment.
It MUST be included
There was a problem hiding this comment.
Added docker.io redirection.
registry.go
Outdated
| // Credential returns a Credential() function that can be used by auth.Client. | ||
| func Credential(store Store) func(context.Context, string) (auth.Credential, error) { | ||
| return func(ctx context.Context, reg string) (auth.Credential, error) { | ||
| reg = mapHostname(reg) |
There was a problem hiding this comment.
There are 3 concepts in the docker: registry name, hostname, and credential key.
Let's do some experiments.
$ docker login docker.io -u <username> -p <password>
Login Succeeded
$ cat ~/.docker/config.json
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "dummy/auth=="
}
}
}
$ rm ~/.docker/config.json
$ docker login registry-1.docker.io -u <username> -p <password>
Login Succeeded
$ cat ~/.docker/config.json
{
"auths": {
"registry-1.docker.io": {
"auth": "dummy/auth=="
}
}
}
$ rm ~/.docker/config.json
$ docker login index.docker.io -u <username> -p <password>
Login Succeeded
$ cat ~/.docker/config.json
{
"auths": {
"index.docker.io": {
"auth": "dummy/auth=="
}
}
}
$ rm ~/.docker/config.json
$ docker login https://index.docker.io/v1/ -u <username> -p <password>
Login Succeeded
$ cat ~/.docker/config.json
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "dummy/auth=="
}
}
}As you can observe,
- The registry name
docker.iomaps to hostnameregistry-1.docker.iowhere the credential key ishttps://index.docker.io/v1/ - The registry name
registry-1.docker.iomaps to hostnameregistry-1.docker.iowhere the credential key isregistry-1.docker.io.
Therefore, mapHostname() does not do correct mapping and need to be fixed.
/cc @Wwwsylvia
There was a problem hiding this comment.
This is very tricky. Thanks @shizhMSFT for the explanation.
Signed-off-by: wangxiaoxuan273 <[email protected]>
Signed-off-by: wangxiaoxuan273 <[email protected]>
Signed-off-by: wangxiaoxuan273 <[email protected]>
Signed-off-by: wangxiaoxuan273 <[email protected]>
Signed-off-by: wangxiaoxuan273 <[email protected]>
Signed-off-by: wangxiaoxuan273 <[email protected]>
Signed-off-by: wangxiaoxuan273 <[email protected]>
registry.go
Outdated
|
|
||
| // The Docker CLI expects that the 'docker.io' credential | ||
| // will be added under the key "https://index.docker.io/v1/" | ||
| func getLoginRegistry(hostname string) string { |
There was a problem hiding this comment.
How about mapCredentialKeyName? 🤔
There was a problem hiding this comment.
I changed the function name to mapStoreRegistryName
registry.go
Outdated
| if hostname == "docker.io" { | ||
| return "https://index.docker.io/v1/" | ||
| } | ||
| return hostname | ||
| } | ||
|
|
||
| // It is expected that the traffic targetting "registry-1.docker.io" | ||
| // will be redirected to "https://index.docker.io/v1/" |
There was a problem hiding this comment.
Maybe something like getAuthenticationRegistryName
There was a problem hiding this comment.
I think map might be better than get
There was a problem hiding this comment.
Or we don't need to make it a function.
There was a problem hiding this comment.
I think a function here makes the code clean. I changed the name to mapAuthenticationRegistryName.
Signed-off-by: wangxiaoxuan273 <[email protected]>
registry.go
Outdated
| } | ||
| } | ||
|
|
||
| // The Docker CLI expects that the 'docker.io' credential |
There was a problem hiding this comment.
nit: Wondering if we should move this comment inside. 🤔
There was a problem hiding this comment.
Moved them inside.
registry.go
Outdated
| } | ||
| } | ||
|
|
||
| // The Docker CLI expects that the 'docker.io' credential |
There was a problem hiding this comment.
Documentation starts with <function name> bla bla.
There was a problem hiding this comment.
Do we have any reference so that other contributors can understand?
There was a problem hiding this comment.
These are private functions and don't need documentation. I moved the comments inside the function.
There was a problem hiding this comment.
Added reference code link.
registry.go
Outdated
| return registry | ||
| } | ||
|
|
||
| // It is expected that the traffic targetting "registry-1.docker.io" |
There was a problem hiding this comment.
Documentation starts with <function name> bla bla.
There was a problem hiding this comment.
Do we have any reference so that other contributors can understand?
There was a problem hiding this comment.
These are private functions and don't need documentation. I moved the comments inside the function.
There was a problem hiding this comment.
Added reference code link.
registry.go
Outdated
|
|
||
| // It is expected that the traffic targetting "registry-1.docker.io" | ||
| // will be redirected to "https://index.docker.io/v1/" | ||
| func mapAuthenticationRegistryName(target string) string { |
There was a problem hiding this comment.
Should rename target to hostname for better readability.
Signed-off-by: wangxiaoxuan273 <[email protected]>
Signed-off-by: wangxiaoxuan273 <[email protected]>
registry.go
Outdated
| func mapStoreRegistryName(registry string) string { | ||
| // The Docker CLI expects that the 'docker.io' credential | ||
| // will be added under the key "https://index.docker.io/v1/" | ||
| // See: https://github.com/moby/moby/blob/master/registry/config.go#L25-L48 |
There was a problem hiding this comment.
Never use a branch name (e.g. master) in the link. Use tag or commit digest so that the link won't expire.
There was a problem hiding this comment.
Updated the link to: https://github.com/moby/moby/blob/v24.0.0-beta.2/registry/config.go#L25-L48
Signed-off-by: wangxiaoxuan273 <[email protected]>
Resolves #33