opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-08-16 20:53:13 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
podman/pkg/bindings/manifests/manifests.go
Valentin Rothberg dc80267b59 compat handlers: add X-Registry-Auth header support 
* Support the `X-Registry-Auth` http-request header.

 * The content of the header is a base64 encoded JSON payload which can
   either be a single auth config or a map of auth configs (user+pw or
   token) with the corresponding registries being the keys.  Vanilla
   Docker, projectatomic Docker and the bindings are transparantly
   supported.

 * Add a hidden `--registries-conf` flag.  Buildah exposes the same
   flag, mostly for testing purposes.

 * Do all credential parsing in the client (i.e., `cmd/podman`) pass
   the username and password in the backend instead of unparsed
   credentials.

 * Add a `pkg/auth` which handles most of the heavy lifting.

 * Go through the authentication-handling code of most commands, bindings
   and endpoints.  Migrate them to the new code and fix issues as seen.
   A final evaluation and more tests is still required *after* this
   change.

 * The manifest-push endpoint is missing certain parameters and should
   use the ABI function instead.  Adding auth-support isn't really
   possible without these parts working.

 * The container commands and endpoints (i.e., create and run) have not
   been changed yet.  The APIs don't yet account for the authfile.

 * Add authentication tests to `pkg/bindings`.

Fixes: #6384
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2020-05-29 15:39:37 +02:00

149 lines
4.4 KiB
Go
Raw Blame History

package manifests
import (
"context"
"errors"
"net/http"
"net/url"
"strconv"
"strings"
"github.com/containers/image/v5/manifest"
"github.com/containers/libpod/libpod/image"
"github.com/containers/libpod/pkg/api/handlers"
"github.com/containers/libpod/pkg/bindings"
jsoniter "github.com/json-iterator/go"
)
// Create creates a manifest for the given name. Optional images to be associated with
// the new manifest can also be specified. The all boolean specifies to add all entries
// of a list if the name provided is a manifest list. The ID of the new manifest list
// is returned as a string.
func Create(ctx context.Context, names, images []string, all *bool) (string, error) {
var idr handlers.IDResponse
conn, err := bindings.GetClient(ctx)
if err != nil {
return "", err
}
if len(names) < 1 {
return "", errors.New("creating a manifest requires at least one name argument")
}
params := url.Values{}
if all != nil {
params.Set("all", strconv.FormatBool(*all))
}
for _, name := range names {
params.Add("name", name)
}
for _, i := range images {
params.Add("image", i)
}
response, err := conn.DoRequest(nil, http.MethodPost, "/manifests/create", params, nil)
if err != nil {
return "", err
}
return idr.ID, response.Process(&idr)
}
// Inspect returns a manifest list for a given name.
func Inspect(ctx context.Context, name string) (*manifest.Schema2List, error) {
var list manifest.Schema2List
conn, err := bindings.GetClient(ctx)
if err != nil {
return nil, err
}
response, err := conn.DoRequest(nil, http.MethodGet, "/manifests/%s/json", nil, nil, name)
if err != nil {
return nil, err
}
return &list, response.Process(&list)
}
// Add adds a manifest to a given manifest list. Additional options for the manifest
// can also be specified. The ID of the new manifest list is returned as a string
func Add(ctx context.Context, name string, options image.ManifestAddOpts) (string, error) {
var idr handlers.IDResponse
conn, err := bindings.GetClient(ctx)
if err != nil {
return "", err
}
optionsString, err := jsoniter.MarshalToString(options)
if err != nil {
return "", err
}
stringReader := strings.NewReader(optionsString)
response, err := conn.DoRequest(stringReader, http.MethodPost, "/manifests/%s/add", nil, nil, name)
if err != nil {
return "", err
}
return idr.ID, response.Process(&idr)
}
// Remove deletes a manifest entry from a manifest list. Both name and the digest to be
// removed are mandatory inputs. The ID of the new manifest list is returned as a string.
func Remove(ctx context.Context, name, digest string) (string, error) {
var idr handlers.IDResponse
conn, err := bindings.GetClient(ctx)
if err != nil {
return "", err
}
params := url.Values{}
params.Set("digest", digest)
response, err := conn.DoRequest(nil, http.MethodDelete, "/manifests/%s", params, nil, name)
if err != nil {
return "", err
}
return idr.ID, response.Process(&idr)
}
// Push takes a manifest list and pushes to a destination. If the destination is not specified,
// the name will be used instead. If the optional all boolean is specified, all images specified
// in the list will be pushed as well.
func Push(ctx context.Context, name string, destination *string, all *bool) (string, error) {
var (
idr handlers.IDResponse
)
dest := name
conn, err := bindings.GetClient(ctx)
if err != nil {
return "", err
}
params := url.Values{}
params.Set("image", name)
if destination != nil {
dest = *destination
}
params.Set("destination", dest)
if all != nil {
params.Set("all", strconv.FormatBool(*all))
}
_, err = conn.DoRequest(nil, http.MethodPost, "/manifests/%s/push", params, nil, name)
if err != nil {
return "", err
}
return idr.ID, err
}
// There is NO annotate endpoint. this binding could never work
// Annotate updates the image configuration of a given manifest list
//func Annotate(ctx context.Context, name, digest string, options image.ManifestAnnotateOpts) (string, error) {
// var idr handlers.IDResponse
// conn, err := bindings.GetClient(ctx)
// if err != nil {
// return "", err
// }
// params := url.Values{}
// params.Set("digest", digest)
// optionsString, err := jsoniter.MarshalToString(options)
// if err != nil {
// return "", err
// }
// stringReader := strings.NewReader(optionsString)
// response, err := conn.DoRequest(stringReader, http.MethodPost, "/manifests/%s/annotate", params, name)
// if err != nil {
// return "", err
// }
// return idr.ID, response.Process(&idr)
//}
Reference in New Issue View Git Blame Copy Permalink