package authn

import "github.com/google/go-containerregistry/pkg/authn"

Package authn defines different methods of authentication for talking to a container registry.

Index ¶

• Constants
• Variables
• type AuthConfig
• func Authorization(ctx context.Context, authn Authenticator) (*AuthConfig, error)
• func (a AuthConfig) MarshalJSON() ([]byte, error)
• func (a *AuthConfig) UnmarshalJSON(data []byte) error
• type Authenticator
• func FromConfig(cfg AuthConfig) Authenticator
• func Resolve(ctx context.Context, keychain Keychain, target Resource) (Authenticator, error)
• type Basic
• func (b *Basic) Authorization() (*AuthConfig, error)
• type Bearer
• func (b *Bearer) Authorization() (*AuthConfig, error)
• type ContextAuthenticator
• type ContextKeychain
• type Helper
• type Keychain
• func NewKeychainFromHelper(h Helper) Keychain
• func NewMultiKeychain(kcs ...Keychain) Keychain
• func RefreshingKeychain(inner Keychain, duration time.Duration) Keychain
• type Resource

Constants ¶

const (
	// DefaultAuthKey is the key used for dockerhub in config files, which
	// is hardcoded for historical reasons.
	DefaultAuthKey = "https://" + name.DefaultRegistry + "/v1/"
)

Variables ¶

var (
	// DefaultKeychain implements Keychain by interpreting the docker config file.
	DefaultKeychain = &defaultKeychain{}
)

Types ¶

type AuthConfig ¶

type AuthConfig struct {
	Username string `json:"username,omitempty"`
	Password string `json:"password,omitempty"`
	Auth     string `json:"auth,omitempty"`

	// IdentityToken is used to authenticate the user and get
	// an access token for the registry.
	IdentityToken string `json:"identitytoken,omitempty"`

	// RegistryToken is a bearer token to be sent to a registry
	RegistryToken string `json:"registrytoken,omitempty"`
}

AuthConfig contains authorization information for connecting to a Registry Inlined what we use from github.com/docker/cli/cli/config/types

func Authorization ¶

func Authorization(ctx context.Context, authn Authenticator) (*AuthConfig, error)

Authorization calls AuthorizationContext with ctx if the given Authenticator implements ContextAuthenticator, otherwise it calls Resolve with the given Resource.

func (AuthConfig) MarshalJSON ¶

func (a AuthConfig) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler

func (*AuthConfig) UnmarshalJSON ¶

func (a *AuthConfig) UnmarshalJSON(data []byte) error

UnmarshalJSON implements json.Unmarshaler

type Authenticator ¶

type Authenticator interface {
	// Authorization returns the value to use in an http transport's Authorization header.
	Authorization() (*AuthConfig, error)
}

Authenticator is used to authenticate Docker transports.

var Anonymous Authenticator = &anonymous{}

Anonymous is a singleton Authenticator for providing anonymous auth.

func FromConfig ¶

func FromConfig(cfg AuthConfig) Authenticator

FromConfig returns an Authenticator that just returns the given AuthConfig.

func Resolve ¶

func Resolve(ctx context.Context, keychain Keychain, target Resource) (Authenticator, error)

Resolve calls ResolveContext with ctx if the given Keychain implements ContextKeychain, otherwise it calls Resolve with the given Resource.

type Basic ¶

type Basic struct {
	Username string
	Password string
}

Basic implements Authenticator for basic authentication.

func (*Basic) Authorization ¶

func (b *Basic) Authorization() (*AuthConfig, error)

Authorization implements Authenticator.

type Bearer ¶

type Bearer struct {
	Token string `json:"token"`
}

Bearer implements Authenticator for bearer authentication.

func (*Bearer) Authorization ¶

func (b *Bearer) Authorization() (*AuthConfig, error)

Authorization implements Authenticator.

type ContextAuthenticator ¶

type ContextAuthenticator interface {
	// Authorization returns the value to use in an http transport's Authorization header.
	AuthorizationContext(context.Context) (*AuthConfig, error)
}

ContextAuthenticator is like Authenticator, but allows for context to be passed in.

type ContextKeychain ¶

type ContextKeychain interface {
	ResolveContext(context.Context, Resource) (Authenticator, error)
}

ContextKeychain is like Keychain, but allows for context to be passed in.

type Helper ¶

type Helper interface {
	Get(serverURL string) (string, string, error)
}

Helper is a subset of the Docker credential helper credentials.Helper interface used by NewKeychainFromHelper.

See: https://pkg.go.dev/github.com/docker/docker-credential-helpers/credentials#Helper

type Keychain ¶

type Keychain interface {
	// Resolve looks up the most appropriate credential for the specified target.
	Resolve(Resource) (Authenticator, error)
}

Keychain is an interface for resolving an image reference to a credential.

func NewKeychainFromHelper ¶

func NewKeychainFromHelper(h Helper) Keychain

NewKeychainFromHelper returns a Keychain based on a Docker credential helper implementation that can Get username and password credentials for a given server URL.

func NewMultiKeychain ¶

func NewMultiKeychain(kcs ...Keychain) Keychain

NewMultiKeychain composes a list of keychains into one new keychain.

func RefreshingKeychain ¶

func RefreshingKeychain(inner Keychain, duration time.Duration) Keychain

type Resource ¶

type Resource interface {
	// String returns the full string representation of the target, e.g.
	// gcr.io/my-project or just gcr.io.
	String() string

	// RegistryStr returns just the registry portion of the target, e.g. for
	// gcr.io/my-project, this should just return gcr.io. This is needed to
	// pull out an appropriate hostname.
	RegistryStr() string
}

Resource represents a registry or repository that can be authenticated against.

Source Files ¶

anon.go auth.go authn.go basic.go bearer.go doc.go keychain.go multikeychain.go

Directories ¶