package authn

import "github.com/google/go-containerregistry/pkg/authn"

Package authn defines different methods of authentication for talking to a container registry.

Index

Constants

const (
	// DefaultAuthKey is the key used for dockerhub in config files, which
	// is hardcoded for historical reasons.
	DefaultAuthKey = "https://" + name.DefaultRegistry + "/v1/"
)

Variables

var (
	// DefaultKeychain implements Keychain by interpreting the docker config file.
	DefaultKeychain = &defaultKeychain{}
)

Types

type AuthConfig

type AuthConfig struct {
	Username string `json:"username,omitempty"`
	Password string `json:"password,omitempty"`
	Auth     string `json:"auth,omitempty"`

	// IdentityToken is used to authenticate the user and get
	// an access token for the registry.
	IdentityToken string `json:"identitytoken,omitempty"`

	// RegistryToken is a bearer token to be sent to a registry
	RegistryToken string `json:"registrytoken,omitempty"`
}

AuthConfig contains authorization information for connecting to a Registry Inlined what we use from github.com/docker/cli/cli/config/types

func Authorization

func Authorization(ctx context.Context, authn Authenticator) (*AuthConfig, error)

Authorization calls AuthorizationContext with ctx if the given Authenticator implements ContextAuthenticator, otherwise it calls Resolve with the given Resource.

func (AuthConfig) MarshalJSON

func (a AuthConfig) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler

func (*AuthConfig) UnmarshalJSON

func (a *AuthConfig) UnmarshalJSON(data []byte) error

UnmarshalJSON implements json.Unmarshaler

type Authenticator

type Authenticator interface {
	// Authorization returns the value to use in an http transport's Authorization header.
	Authorization() (*AuthConfig, error)
}

Authenticator is used to authenticate Docker transports.

var Anonymous Authenticator = &anonymous{}

Anonymous is a singleton Authenticator for providing anonymous auth.

func FromConfig

func FromConfig(cfg AuthConfig) Authenticator

FromConfig returns an Authenticator that just returns the given AuthConfig.

func Resolve

func Resolve(ctx context.Context, keychain Keychain, target Resource) (Authenticator, error)

Resolve calls ResolveContext with ctx if the given Keychain implements ContextKeychain, otherwise it calls Resolve with the given Resource.

type Basic

type Basic struct {
	Username string
	Password string
}

Basic implements Authenticator for basic authentication.

func (*Basic) Authorization

func (b *Basic) Authorization() (*AuthConfig, error)

Authorization implements Authenticator.

type Bearer

type Bearer struct {
	Token string `json:"token"`
}

Bearer implements Authenticator for bearer authentication.

func (*Bearer) Authorization

func (b *Bearer) Authorization() (*AuthConfig, error)

Authorization implements Authenticator.

type ContextAuthenticator

type ContextAuthenticator interface {
	// Authorization returns the value to use in an http transport's Authorization header.
	AuthorizationContext(context.Context) (*AuthConfig, error)
}

ContextAuthenticator is like Authenticator, but allows for context to be passed in.

type ContextKeychain

type ContextKeychain interface {
	ResolveContext(context.Context, Resource) (Authenticator, error)
}

ContextKeychain is like Keychain, but allows for context to be passed in.

type Helper

type Helper interface {
	Get(serverURL string) (string, string, error)
}

Helper is a subset of the Docker credential helper credentials.Helper interface used by NewKeychainFromHelper.

See: https://pkg.go.dev/github.com/docker/docker-credential-helpers/credentials#Helper

type Keychain

type Keychain interface {
	// Resolve looks up the most appropriate credential for the specified target.
	Resolve(Resource) (Authenticator, error)
}

Keychain is an interface for resolving an image reference to a credential.

func NewKeychainFromHelper

func NewKeychainFromHelper(h Helper) Keychain

NewKeychainFromHelper returns a Keychain based on a Docker credential helper implementation that can Get username and password credentials for a given server URL.

func NewMultiKeychain

func NewMultiKeychain(kcs ...Keychain) Keychain

NewMultiKeychain composes a list of keychains into one new keychain.

func RefreshingKeychain

func RefreshingKeychain(inner Keychain, duration time.Duration) Keychain

type Resource

type Resource interface {
	// String returns the full string representation of the target, e.g.
	// gcr.io/my-project or just gcr.io.
	String() string

	// RegistryStr returns just the registry portion of the target, e.g. for
	// gcr.io/my-project, this should just return gcr.io. This is needed to
	// pull out an appropriate hostname.
	RegistryStr() string
}

Resource represents a registry or repository that can be authenticated against.

Source Files

anon.go auth.go authn.go basic.go bearer.go doc.go keychain.go multikeychain.go

Directories

PathSynopsis
pkg/authn/githubPackage github provides a keychain for the GitHub Container Registry.
Version
v0.20.3 (latest)
Published
Jan 15, 2025
Platform
linux/amd64
Imports
14 packages
Last checked
16 hours ago

Tools for package owners.