fix token

Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
2024-05-20 12:08:33 -04:00 · 2018-06-06 15:43:12 -04:00 · 2018-06-06 15:43:12 -04:00 · 294bae7b50
parent 307f7c8400
commit 294bae7b50
5 changed files with 28 additions and 3 deletions
--- a/clair/layer.go
+++ b/clair/layer.go
@ -34,6 +34,8 @@ func (c *Clair) PostLayer(layer *Layer) (*Layer, error) {
 		return nil, err
 	}

+	c.Logf("clair.clair req.Body=%s", string(b))
+
 	resp, err := c.Client.Post(url, "application/json", bytes.NewReader(b))
 	if err != nil {
 		return nil, err
--- a/clair/vulns.go
+++ b/clair/vulns.go
@ -138,7 +138,7 @@ func (c *Clair) NewClairLayerV2(r *registry.Registry, image string, fsLayers []d
 	if err != nil {
 		// If we get an error here of type: malformed auth challenge header: 'Basic realm="Registry Realm"'
 		// We need to use basic auth for the registry.
-		if !strings.Contains(err.Error(), `malformed auth challenge header: 'Basic realm="Registry Realm"'`) {
+		if !strings.Contains(err.Error(), `malformed auth challenge header: 'Basic realm="Registry Realm"'`) && !strings.Contains(err.Error(), "basic auth required") {
 			return nil, err
 		}
 		useBasicAuth = true
--- a/registry/authchallenge_test.go
+++ b/registry/authchallenge_test.go
@ -42,6 +42,14 @@ func TestParseChallenge(t *testing.T) {
 				realm:   "https://foobar.com/api/v1/token",
 			},
 		},
+		{
+			header: `Bearer realm="https://r.j3ss.co/auth",service="Docker registry",scope="repository:chrome:pull"`,
+			value: authServiceMock{
+				service: "Docker registry",
+				realm:   "https://r.j3ss.co/auth",
+				scope:   []string{"repository:chrome:pull"},
+			},
+		},
 	}

 	for _, tc := range challengeHeaderCases {
--- a/registry/registry.go
+++ b/registry/registry.go
@ -23,6 +23,7 @@ type Registry struct {
 	Password string
 	Client   *http.Client
 	Logf     LogfCallback
+	Opt      Opt
 }

 var reProtocol = regexp.MustCompile("^https?://")
@ -99,6 +100,7 @@ func newFromTransport(auth types.AuthConfig, transport http.RoundTripper, opt Op
 		Username: auth.Username,
 		Password: auth.Password,
 		Logf:     logf,
+		Opt:      opt,
 	}

 	if !opt.SkipPing {
--- a/registry/tokentransport.go
+++ b/registry/tokentransport.go
@ -1,6 +1,7 @@
 package registry

 import (
+	"crypto/tls"
 	"encoding/json"
 	"errors"
 	"fmt"
@ -123,7 +124,19 @@ func (r *Registry) Token(url string) (string, error) {
 		return "", err
 	}

-	resp, err := r.Client.Do(req)
+	client := http.DefaultClient
+	if r.Opt.Insecure {
+		client = &http.Client{
+			Timeout: r.Opt.Timeout,
+			Transport: &http.Transport{
+				TLSClientConfig: &tls.Config{
+					InsecureSkipVerify: true,
+				},
+			},
+		}
+	}
+
+	resp, err := client.Do(req)
 	if err != nil {
 		return "", err
 	}
@ -143,7 +156,7 @@ func (r *Registry) Token(url string) (string, error) {
 	if err != nil {
 		return "", err
 	}
-	resp, err = r.Client.Do(authReq)
+	resp, err = http.DefaultClient.Do(authReq)
 	if err != nil {
 		return "", err
 	}