dagger/solver/registryauth.go

package solver

import (
	"context"
	"strings"
	"sync"

	"github.com/docker/distribution/reference"
	bkauth "github.com/moby/buildkit/session/auth"
	"google.golang.org/grpc"
	"google.golang.org/grpc/codes"
	"google.golang.org/grpc/status"
)

// RegistryAuthProvider is a buildkit provider for registry authentication
// Adapted from: https://github.com/moby/buildkit/blob/master/session/auth/authprovider/authprovider.go
type RegistryAuthProvider struct {
	credentials map[string]*bkauth.CredentialsResponse
	m           sync.RWMutex
}

func NewRegistryAuthProvider() *RegistryAuthProvider {
	return &RegistryAuthProvider{
		credentials: map[string]*bkauth.CredentialsResponse{},
	}
}

func (a *RegistryAuthProvider) AddCredentials(target, username, secret string) {
	a.m.Lock()
	defer a.m.Unlock()

	a.credentials[target] = &bkauth.CredentialsResponse{
		Username: username,
		Secret:   secret,
	}
}

func (a *RegistryAuthProvider) Register(server *grpc.Server) {
	bkauth.RegisterAuthServer(server, a)
}

func (a *RegistryAuthProvider) Credentials(ctx context.Context, req *bkauth.CredentialsRequest) (*bkauth.CredentialsResponse, error) {
	host := req.Host
	if host == "registry-1.docker.io" {
		host = "docker.io"
	}

	a.m.RLock()
	defer a.m.RUnlock()

	for authHost, auth := range a.credentials {
		u, err := parseAuthHost(authHost)
		if err != nil {
			return nil, err
		}

		if u == host {
			return auth, nil
		}
	}

	return &bkauth.CredentialsResponse{}, nil
}

func parseAuthHost(host string) (string, error) {
	host = strings.TrimPrefix(host, "http://")
	host = strings.TrimPrefix(host, "https://")

	ref, err := reference.ParseNormalizedNamed(host)

	if err != nil {
		return "", err
	}
	return reference.Domain(ref), nil
}

func (a *RegistryAuthProvider) FetchToken(ctx context.Context, req *bkauth.FetchTokenRequest) (rr *bkauth.FetchTokenResponse, err error) {
	return nil, status.Errorf(codes.Unavailable, "client side tokens not implemented")
}

func (a *RegistryAuthProvider) GetTokenAuthority(ctx context.Context, req *bkauth.GetTokenAuthorityRequest) (*bkauth.GetTokenAuthorityResponse, error) {
	return nil, status.Errorf(codes.Unavailable, "client side tokens not implemented")
}

func (a *RegistryAuthProvider) VerifyTokenAuthority(ctx context.Context, req *bkauth.VerifyTokenAuthorityRequest) (*bkauth.VerifyTokenAuthorityResponse, error) {
	return nil, status.Errorf(codes.Unavailable, "client side tokens not implemented")
}
cleanup: split dagger into sub-packages Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com> 2021-05-26 01:30:49 +02:00			`package solver`
implemented docker-login op to add custom registry credentials to the buildkit from a pipeline Signed-off-by: Sam Alba <sam.alba@gmail.com> 2021-04-27 02:39:19 +02:00
			`import (`
			`"context"`
			`"strings"`
			`"sync"`

Normalize reference to login on registry Signed-off-by: Tom Chauveau <tom.chauveau@epitech.eu> 2021-06-24 11:42:34 +02:00			`"github.com/docker/distribution/reference"`
implemented docker-login op to add custom registry credentials to the buildkit from a pipeline Signed-off-by: Sam Alba <sam.alba@gmail.com> 2021-04-27 02:39:19 +02:00			`bkauth "github.com/moby/buildkit/session/auth"`
			`"google.golang.org/grpc"`
			`"google.golang.org/grpc/codes"`
			`"google.golang.org/grpc/status"`
			`)`

cleanup: split dagger into sub-packages Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com> 2021-05-26 01:30:49 +02:00			`// RegistryAuthProvider is a buildkit provider for registry authentication`
implemented docker-login op to add custom registry credentials to the buildkit from a pipeline Signed-off-by: Sam Alba <sam.alba@gmail.com> 2021-04-27 02:39:19 +02:00			`// Adapted from: https://github.com/moby/buildkit/blob/master/session/auth/authprovider/authprovider.go`
cleanup: split dagger into sub-packages Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com> 2021-05-26 01:30:49 +02:00			`type RegistryAuthProvider struct {`
implemented docker-login op to add custom registry credentials to the buildkit from a pipeline Signed-off-by: Sam Alba <sam.alba@gmail.com> 2021-04-27 02:39:19 +02:00			`credentials map[string]*bkauth.CredentialsResponse`
			`m sync.RWMutex`
			`}`

cleanup: split dagger into sub-packages Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com> 2021-05-26 01:30:49 +02:00			`func NewRegistryAuthProvider() *RegistryAuthProvider {`
			`return &RegistryAuthProvider{`
implemented docker-login op to add custom registry credentials to the buildkit from a pipeline Signed-off-by: Sam Alba <sam.alba@gmail.com> 2021-04-27 02:39:19 +02:00			`credentials: map[string]*bkauth.CredentialsResponse{},`
			`}`
			`}`

cleanup: split dagger into sub-packages Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com> 2021-05-26 01:30:49 +02:00			`func (a *RegistryAuthProvider) AddCredentials(target, username, secret string) {`
implemented docker-login op to add custom registry credentials to the buildkit from a pipeline Signed-off-by: Sam Alba <sam.alba@gmail.com> 2021-04-27 02:39:19 +02:00			`a.m.Lock()`
			`defer a.m.Unlock()`

			`a.credentials[target] = &bkauth.CredentialsResponse{`
			`Username: username,`
			`Secret: secret,`
			`}`
			`}`

cleanup: split dagger into sub-packages Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com> 2021-05-26 01:30:49 +02:00			`func (a RegistryAuthProvider) Register(server grpc.Server) {`
implemented docker-login op to add custom registry credentials to the buildkit from a pipeline Signed-off-by: Sam Alba <sam.alba@gmail.com> 2021-04-27 02:39:19 +02:00			`bkauth.RegisterAuthServer(server, a)`
			`}`

cleanup: split dagger into sub-packages Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com> 2021-05-26 01:30:49 +02:00			`func (a RegistryAuthProvider) Credentials(ctx context.Context, req bkauth.CredentialsRequest) (*bkauth.CredentialsResponse, error) {`
Fix login miss behavior and update op Signed-off-by: Tom Chauveau <tom.chauveau@epitech.eu> 2021-07-01 14:08:49 +02:00			`host := req.Host`
			`if host == "registry-1.docker.io" {`
			`host = "docker.io"`
implemented docker-login op to add custom registry credentials to the buildkit from a pipeline Signed-off-by: Sam Alba <sam.alba@gmail.com> 2021-04-27 02:39:19 +02:00			`}`

			`a.m.RLock()`
			`defer a.m.RUnlock()`

			`for authHost, auth := range a.credentials {`
			`u, err := parseAuthHost(authHost)`
			`if err != nil {`
			`return nil, err`
			`}`

Fix login miss behavior and update op Signed-off-by: Tom Chauveau <tom.chauveau@epitech.eu> 2021-07-01 14:08:49 +02:00			`if u == host {`
implemented docker-login op to add custom registry credentials to the buildkit from a pipeline Signed-off-by: Sam Alba <sam.alba@gmail.com> 2021-04-27 02:39:19 +02:00			`return auth, nil`
			`}`
			`}`

			`return &bkauth.CredentialsResponse{}, nil`
			`}`

Fix login miss behavior and update op Signed-off-by: Tom Chauveau <tom.chauveau@epitech.eu> 2021-07-01 14:08:49 +02:00			`func parseAuthHost(host string) (string, error) {`
Improve parseAuthHost function to work for all ref Signed-off-by: Tom Chauveau <tom.chauveau@epitech.eu> 2021-06-30 18:27:26 +02:00			`host = strings.TrimPrefix(host, "http://")`
			`host = strings.TrimPrefix(host, "https://")`
Fix docker hub login error when using image ref as target Signed-off-by: Tom Chauveau <tom.chauveau@epitech.eu> 2021-06-18 22:01:16 +02:00
Improve parseAuthHost function to work for all ref Signed-off-by: Tom Chauveau <tom.chauveau@epitech.eu> 2021-06-30 18:27:26 +02:00			`ref, err := reference.ParseNormalizedNamed(host)`
implemented docker-login op to add custom registry credentials to the buildkit from a pipeline Signed-off-by: Sam Alba <sam.alba@gmail.com> 2021-04-27 02:39:19 +02:00
Fix login miss behavior and update op Signed-off-by: Tom Chauveau <tom.chauveau@epitech.eu> 2021-07-01 14:08:49 +02:00			`if err != nil {`
			`return "", err`
implemented docker-login op to add custom registry credentials to the buildkit from a pipeline Signed-off-by: Sam Alba <sam.alba@gmail.com> 2021-04-27 02:39:19 +02:00			`}`
Fix login miss behavior and update op Signed-off-by: Tom Chauveau <tom.chauveau@epitech.eu> 2021-07-01 14:08:49 +02:00			`return reference.Domain(ref), nil`
implemented docker-login op to add custom registry credentials to the buildkit from a pipeline Signed-off-by: Sam Alba <sam.alba@gmail.com> 2021-04-27 02:39:19 +02:00			`}`

cleanup: split dagger into sub-packages Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com> 2021-05-26 01:30:49 +02:00			`func (a RegistryAuthProvider) FetchToken(ctx context.Context, req bkauth.FetchTokenRequest) (rr *bkauth.FetchTokenResponse, err error) {`
implemented docker-login op to add custom registry credentials to the buildkit from a pipeline Signed-off-by: Sam Alba <sam.alba@gmail.com> 2021-04-27 02:39:19 +02:00			`return nil, status.Errorf(codes.Unavailable, "client side tokens not implemented")`
			`}`

cleanup: split dagger into sub-packages Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com> 2021-05-26 01:30:49 +02:00			`func (a RegistryAuthProvider) GetTokenAuthority(ctx context.Context, req bkauth.GetTokenAuthorityRequest) (*bkauth.GetTokenAuthorityResponse, error) {`
implemented docker-login op to add custom registry credentials to the buildkit from a pipeline Signed-off-by: Sam Alba <sam.alba@gmail.com> 2021-04-27 02:39:19 +02:00			`return nil, status.Errorf(codes.Unavailable, "client side tokens not implemented")`
			`}`

cleanup: split dagger into sub-packages Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com> 2021-05-26 01:30:49 +02:00			`func (a RegistryAuthProvider) VerifyTokenAuthority(ctx context.Context, req bkauth.VerifyTokenAuthorityRequest) (*bkauth.VerifyTokenAuthorityResponse, error) {`
implemented docker-login op to add custom registry credentials to the buildkit from a pipeline Signed-off-by: Sam Alba <sam.alba@gmail.com> 2021-04-27 02:39:19 +02:00			`return nil, status.Errorf(codes.Unavailable, "client side tokens not implemented")`
			`}`