dagger/solver/registryauth.go

package solver

import (
	"context"
	"net/url"
	"strings"
	"sync"

	bkauth "github.com/moby/buildkit/session/auth"
	"google.golang.org/grpc"
	"google.golang.org/grpc/codes"
	"google.golang.org/grpc/status"
)

// RegistryAuthProvider is a buildkit provider for registry authentication
// Adapted from: https://github.com/moby/buildkit/blob/master/session/auth/authprovider/authprovider.go
type RegistryAuthProvider struct {
	credentials map[string]*bkauth.CredentialsResponse
	m           sync.RWMutex
}

func NewRegistryAuthProvider() *RegistryAuthProvider {
	return &RegistryAuthProvider{
		credentials: map[string]*bkauth.CredentialsResponse{},
	}
}

func (a *RegistryAuthProvider) AddCredentials(target, username, secret string) {
	a.m.Lock()
	defer a.m.Unlock()

	a.credentials[target] = &bkauth.CredentialsResponse{
		Username: username,
		Secret:   secret,
	}
}

func (a *RegistryAuthProvider) Register(server *grpc.Server) {
	bkauth.RegisterAuthServer(server, a)
}

func (a *RegistryAuthProvider) Credentials(ctx context.Context, req *bkauth.CredentialsRequest) (*bkauth.CredentialsResponse, error) {
	reqURL, err := parseAuthHost(req.Host)
	if err != nil {
		return nil, err
	}

	a.m.RLock()
	defer a.m.RUnlock()

	for authHost, auth := range a.credentials {
		u, err := parseAuthHost(authHost)
		if err != nil {
			return nil, err
		}

		if u.Host == reqURL.Host {
			return auth, nil
		}
	}

	return &bkauth.CredentialsResponse{}, nil
}

func parseAuthHost(host string) (*url.URL, error) {
	if host == "registry-1.docker.io" {
		host = "https://index.docker.io/v1/"
	}

	if !strings.HasPrefix(host, "http://") && !strings.HasPrefix(host, "https://") {
		host = "https://" + host
	}
	return url.Parse(host)
}

func (a *RegistryAuthProvider) FetchToken(ctx context.Context, req *bkauth.FetchTokenRequest) (rr *bkauth.FetchTokenResponse, err error) {
	return nil, status.Errorf(codes.Unavailable, "client side tokens not implemented")
}

func (a *RegistryAuthProvider) GetTokenAuthority(ctx context.Context, req *bkauth.GetTokenAuthorityRequest) (*bkauth.GetTokenAuthorityResponse, error) {
	return nil, status.Errorf(codes.Unavailable, "client side tokens not implemented")
}

func (a *RegistryAuthProvider) VerifyTokenAuthority(ctx context.Context, req *bkauth.VerifyTokenAuthorityRequest) (*bkauth.VerifyTokenAuthorityResponse, error) {
	return nil, status.Errorf(codes.Unavailable, "client side tokens not implemented")
}
cleanup: split dagger into sub-packages Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com> 2021-05-26 01:30:49 +02:00			`package solver`
implemented docker-login op to add custom registry credentials to the buildkit from a pipeline Signed-off-by: Sam Alba <sam.alba@gmail.com> 2021-04-27 02:39:19 +02:00
			`import (`
			`"context"`
			`"net/url"`
			`"strings"`
			`"sync"`

			`bkauth "github.com/moby/buildkit/session/auth"`
			`"google.golang.org/grpc"`
			`"google.golang.org/grpc/codes"`
			`"google.golang.org/grpc/status"`
			`)`

cleanup: split dagger into sub-packages Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com> 2021-05-26 01:30:49 +02:00			`// RegistryAuthProvider is a buildkit provider for registry authentication`
implemented docker-login op to add custom registry credentials to the buildkit from a pipeline Signed-off-by: Sam Alba <sam.alba@gmail.com> 2021-04-27 02:39:19 +02:00			`// Adapted from: https://github.com/moby/buildkit/blob/master/session/auth/authprovider/authprovider.go`
cleanup: split dagger into sub-packages Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com> 2021-05-26 01:30:49 +02:00			`type RegistryAuthProvider struct {`
implemented docker-login op to add custom registry credentials to the buildkit from a pipeline Signed-off-by: Sam Alba <sam.alba@gmail.com> 2021-04-27 02:39:19 +02:00			`credentials map[string]*bkauth.CredentialsResponse`
			`m sync.RWMutex`
			`}`

cleanup: split dagger into sub-packages Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com> 2021-05-26 01:30:49 +02:00			`func NewRegistryAuthProvider() *RegistryAuthProvider {`
			`return &RegistryAuthProvider{`
implemented docker-login op to add custom registry credentials to the buildkit from a pipeline Signed-off-by: Sam Alba <sam.alba@gmail.com> 2021-04-27 02:39:19 +02:00			`credentials: map[string]*bkauth.CredentialsResponse{},`
			`}`
			`}`

cleanup: split dagger into sub-packages Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com> 2021-05-26 01:30:49 +02:00			`func (a *RegistryAuthProvider) AddCredentials(target, username, secret string) {`
implemented docker-login op to add custom registry credentials to the buildkit from a pipeline Signed-off-by: Sam Alba <sam.alba@gmail.com> 2021-04-27 02:39:19 +02:00			`a.m.Lock()`
			`defer a.m.Unlock()`

			`a.credentials[target] = &bkauth.CredentialsResponse{`
			`Username: username,`
			`Secret: secret,`
			`}`
			`}`

cleanup: split dagger into sub-packages Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com> 2021-05-26 01:30:49 +02:00			`func (a RegistryAuthProvider) Register(server grpc.Server) {`
implemented docker-login op to add custom registry credentials to the buildkit from a pipeline Signed-off-by: Sam Alba <sam.alba@gmail.com> 2021-04-27 02:39:19 +02:00			`bkauth.RegisterAuthServer(server, a)`
			`}`

cleanup: split dagger into sub-packages Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com> 2021-05-26 01:30:49 +02:00			`func (a RegistryAuthProvider) Credentials(ctx context.Context, req bkauth.CredentialsRequest) (*bkauth.CredentialsResponse, error) {`
implemented docker-login op to add custom registry credentials to the buildkit from a pipeline Signed-off-by: Sam Alba <sam.alba@gmail.com> 2021-04-27 02:39:19 +02:00			`reqURL, err := parseAuthHost(req.Host)`
			`if err != nil {`
			`return nil, err`
			`}`

			`a.m.RLock()`
			`defer a.m.RUnlock()`

			`for authHost, auth := range a.credentials {`
			`u, err := parseAuthHost(authHost)`
			`if err != nil {`
			`return nil, err`
			`}`

			`if u.Host == reqURL.Host {`
			`return auth, nil`
			`}`
			`}`

			`return &bkauth.CredentialsResponse{}, nil`
			`}`

			`func parseAuthHost(host string) (*url.URL, error) {`
			`if host == "registry-1.docker.io" {`
			`host = "https://index.docker.io/v1/"`
			`}`

			`if !strings.HasPrefix(host, "http://") && !strings.HasPrefix(host, "https://") {`
			`host = "https://" + host`
			`}`
			`return url.Parse(host)`
			`}`

cleanup: split dagger into sub-packages Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com> 2021-05-26 01:30:49 +02:00			`func (a RegistryAuthProvider) FetchToken(ctx context.Context, req bkauth.FetchTokenRequest) (rr *bkauth.FetchTokenResponse, err error) {`
implemented docker-login op to add custom registry credentials to the buildkit from a pipeline Signed-off-by: Sam Alba <sam.alba@gmail.com> 2021-04-27 02:39:19 +02:00			`return nil, status.Errorf(codes.Unavailable, "client side tokens not implemented")`
			`}`

cleanup: split dagger into sub-packages Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com> 2021-05-26 01:30:49 +02:00			`func (a RegistryAuthProvider) GetTokenAuthority(ctx context.Context, req bkauth.GetTokenAuthorityRequest) (*bkauth.GetTokenAuthorityResponse, error) {`
implemented docker-login op to add custom registry credentials to the buildkit from a pipeline Signed-off-by: Sam Alba <sam.alba@gmail.com> 2021-04-27 02:39:19 +02:00			`return nil, status.Errorf(codes.Unavailable, "client side tokens not implemented")`
			`}`

cleanup: split dagger into sub-packages Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com> 2021-05-26 01:30:49 +02:00			`func (a RegistryAuthProvider) VerifyTokenAuthority(ctx context.Context, req bkauth.VerifyTokenAuthorityRequest) (*bkauth.VerifyTokenAuthorityResponse, error) {`
implemented docker-login op to add custom registry credentials to the buildkit from a pipeline Signed-off-by: Sam Alba <sam.alba@gmail.com> 2021-04-27 02:39:19 +02:00			`return nil, status.Errorf(codes.Unavailable, "client side tokens not implemented")`
			`}`