mirror of
https://github.com/containers/podman.git
synced 2025-06-17 15:08:08 +08:00
dc80267b59
* Support the `X-Registry-Auth` http-request header. * The content of the header is a base64 encoded JSON payload which can either be a single auth config or a map of auth configs (user+pw or token) with the corresponding registries being the keys. Vanilla Docker, projectatomic Docker and the bindings are transparantly supported. * Add a hidden `--registries-conf` flag. Buildah exposes the same flag, mostly for testing purposes. * Do all credential parsing in the client (i.e., `cmd/podman`) pass the username and password in the backend instead of unparsed credentials. * Add a `pkg/auth` which handles most of the heavy lifting. * Go through the authentication-handling code of most commands, bindings and endpoints. Migrate them to the new code and fix issues as seen. A final evaluation and more tests is still required *after* this change. * The manifest-push endpoint is missing certain parameters and should use the ABI function instead. Adding auth-support isn't really possible without these parts working. * The container commands and endpoints (i.e., create and run) have not been changed yet. The APIs don't yet account for the authfile. * Add authentication tests to `pkg/bindings`. Fixes: #6384 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
86 lines
2.7 KiB
Go
86 lines
2.7 KiB
Go
package compat
|
|
|
|
import (
|
|
"context"
|
|
"net/http"
|
|
"os"
|
|
"strings"
|
|
|
|
"github.com/containers/libpod/libpod"
|
|
"github.com/containers/libpod/libpod/image"
|
|
"github.com/containers/libpod/pkg/api/handlers/utils"
|
|
"github.com/containers/libpod/pkg/auth"
|
|
"github.com/gorilla/schema"
|
|
"github.com/pkg/errors"
|
|
)
|
|
|
|
// PushImage is the handler for the compat http endpoint for pushing images.
|
|
func PushImage(w http.ResponseWriter, r *http.Request) {
|
|
decoder := r.Context().Value("decoder").(*schema.Decoder)
|
|
runtime := r.Context().Value("runtime").(*libpod.Runtime)
|
|
|
|
query := struct {
|
|
Tag string `schema:"tag"`
|
|
}{
|
|
// This is where you can override the golang default value for one of fields
|
|
}
|
|
|
|
if err := decoder.Decode(&query, r.URL.Query()); err != nil {
|
|
utils.Error(w, "Something went wrong.", http.StatusBadRequest, errors.Wrapf(err, "Failed to parse parameters for %s", r.URL.String()))
|
|
return
|
|
}
|
|
|
|
// Note that Docker's docs state "Image name or ID" to be in the path
|
|
// parameter but it really must be a name as Docker does not allow for
|
|
// pushing an image by ID.
|
|
imageName := strings.TrimSuffix(utils.GetName(r), "/push") // GetName returns the entire path
|
|
if query.Tag != "" {
|
|
imageName += ":" + query.Tag
|
|
}
|
|
if _, err := utils.ParseStorageReference(imageName); err != nil {
|
|
utils.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest,
|
|
errors.Wrapf(err, "image source %q is not a containers-storage-transport reference", imageName))
|
|
return
|
|
}
|
|
|
|
newImage, err := runtime.ImageRuntime().NewFromLocal(imageName)
|
|
if err != nil {
|
|
utils.ImageNotFound(w, imageName, errors.Wrapf(err, "Failed to find image %s", imageName))
|
|
return
|
|
}
|
|
|
|
authConf, authfile, err := auth.GetCredentials(r)
|
|
if err != nil {
|
|
utils.Error(w, "Something went wrong.", http.StatusBadRequest, errors.Wrapf(err, "Failed to parse %q header for %s", auth.XRegistryAuthHeader, r.URL.String()))
|
|
return
|
|
}
|
|
defer auth.RemoveAuthfile(authfile)
|
|
|
|
dockerRegistryOptions := &image.DockerRegistryOptions{DockerRegistryCreds: authConf}
|
|
if sys := runtime.SystemContext(); sys != nil {
|
|
dockerRegistryOptions.DockerCertPath = sys.DockerCertPath
|
|
dockerRegistryOptions.RegistriesConfPath = sys.SystemRegistriesConfPath
|
|
}
|
|
|
|
err = newImage.PushImageToHeuristicDestination(
|
|
context.Background(),
|
|
imageName,
|
|
"", // manifest type
|
|
authfile,
|
|
"", // digest file
|
|
"", // signature policy
|
|
os.Stderr,
|
|
false, // force compression
|
|
image.SigningOptions{},
|
|
dockerRegistryOptions,
|
|
nil, // additional tags
|
|
)
|
|
if err != nil {
|
|
utils.Error(w, "Something went wrong.", http.StatusBadRequest, errors.Wrapf(err, "Error pushing image %q", imageName))
|
|
return
|
|
}
|
|
|
|
utils.WriteResponse(w, http.StatusOK, "")
|
|
|
|
}
|