add --auth-url parameter (#90) (#105)

Signed-off-by: Alex Zillion <alex@alexzillion.com>
2024-05-13 01:38:32 -04:00 · 2018-11-14 09:06:30 -06:00 · 2018-11-14 09:06:30 -06:00 · db513b737e
parent 383e4f7d48
commit db513b737e
7 changed files with 27 additions and 14 deletions
--- a/README.md
+++ b/README.md
@ -43,6 +43,7 @@ Usage: reg <command>

 Flags:

+  --auth-url           alternate URL for registry authentication (ex. auth.docker.io) (default: <none>)
  -d                   enable debug logging (default: false)
  -f, --force-non-ssl  force allow use of non-ssl (default: false)
  -k, --insecure       do not verify tls certificates (default: false)
--- a/clair/clair.go
+++ b/clair/clair.go
@ -11,7 +11,7 @@ import (
 	"google.golang.org/grpc"
 )

-// Clair defines the client for retriving information from the clair API.
+// Clair defines the client for retrieving information from the clair API.
 type Clair struct {
 	URL      string
 	Client   *http.Client
@ -86,7 +86,7 @@ func (c *Clair) Close() error {
 	return c.grpcConn.Close()
 }

-// url returns a clair URL with the passed arguements concatenated.
+// url returns a clair URL with the passed arguments concatenated.
 func (c *Clair) url(pathTemplate string, args ...interface{}) string {
 	pathSuffix := fmt.Sprintf(pathTemplate, args...)
 	url := fmt.Sprintf("%s%s", c.URL, pathSuffix)
--- a/handlers.go
+++ b/handlers.go
@ -43,7 +43,7 @@ type Repository struct {
 	VulnerabilityReport clair.VulnerabilityReport `json:"vulnerability"`
 }

-// A AnalysisResult holds all vulnerabilities of a scan
+// An AnalysisResult holds all vulnerabilities of a scan
 type AnalysisResult struct {
 	Repositories   []Repository `json:"repositories"`
 	RegistryDomain string       `json:"registryDomain"`
--- a/main.go
+++ b/main.go
@ -24,6 +24,7 @@ var (

 	timeout time.Duration

+	authURL string
 	username string
 	password string

@ -64,6 +65,8 @@ func main() {

 	p.FlagSet.DurationVar(&timeout, "timeout", time.Minute, "timeout for HTTP requests")

+	p.FlagSet.StringVar(&authURL, "auth-url", "", "alternate URL for registry authentication (ex. auth.docker.io)")
+
 	p.FlagSet.StringVar(&username, "username", "", "username for the registry")
 	p.FlagSet.StringVar(&username, "u", "", "username for the registry")

@ -100,7 +103,12 @@ func main() {
 }

 func createRegistryClient(domain string) (*registry.Registry, error) {
-	auth, err := repoutils.GetAuthConfig(username, password, domain)
+	// Use the auth-url domain if provided
+	authDomain := authURL
+	if authDomain == "" {
+		authDomain = domain
+	}
+	auth, err := repoutils.GetAuthConfig(username, password, authDomain)
 	if err != nil {
 		return nil, err
 	}
@ -111,7 +119,7 @@ func createRegistryClient(domain string) (*registry.Registry, error) {
 	}

 	// Create the registry client.
-	return registry.New(auth, registry.Opt{
+	return registry.New(domain, auth, registry.Opt{
 		Insecure: insecure,
 		Debug:    debug,
 		SkipPing: skipPing,
--- a/registry/digest_test.go
+++ b/registry/digest_test.go
@ -12,7 +12,7 @@ func TestDigestFromDockerHub(t *testing.T) {
 		t.Fatalf("Could not get auth config: %s", err)
 	}

-	r, err := New(auth, Opt{})
+	r, err := New(auth.ServerAddress, auth, Opt{})
 	if err != nil {
 		t.Fatalf("Could not create registry instance: %s", err)
 	}
@ -33,7 +33,7 @@ func TestDigestFromGCR(t *testing.T) {
 		t.Fatalf("Could not get auth config: %s", err)
 	}

-	r, err := New(auth, Opt{})
+	r, err := New(auth.ServerAddress, auth, Opt{})
 	if err != nil {
 		t.Fatalf("Could not create registry instance: %s", err)
 	}
--- a/registry/registry.go
+++ b/registry/registry.go
@ -15,7 +15,7 @@ import (
 	"github.com/docker/docker/api/types"
 )

-// Registry defines the client for retriving information from the registry API.
+// Registry defines the client for retrieving information from the registry API.
 type Registry struct {
 	URL      string
 	Domain   string
@ -50,7 +50,7 @@ type Opt struct {
 }

 // New creates a new Registry struct with the given URL and credentials.
-func New(auth types.AuthConfig, opt Opt) (*Registry, error) {
+func New(domain string, auth types.AuthConfig, opt Opt) (*Registry, error) {
 	transport := http.DefaultTransport

 	if opt.Insecure {
@ -61,11 +61,12 @@ func New(auth types.AuthConfig, opt Opt) (*Registry, error) {
 		}
 	}

-	return newFromTransport(auth, transport, opt)
+	return newFromTransport(domain, auth, transport, opt)
 }

-func newFromTransport(auth types.AuthConfig, transport http.RoundTripper, opt Opt) (*Registry, error) {
-	url := strings.TrimSuffix(auth.ServerAddress, "/")
+func newFromTransport(domain string, auth types.AuthConfig, transport http.RoundTripper, opt Opt) (*Registry, error) {
+	url := strings.TrimSuffix(domain, "/")
+	authURL := strings.TrimSuffix(auth.ServerAddress, "/")

 	if !reProtocol.MatchString(url) {
 		if !opt.NonSSL {
@ -74,6 +75,9 @@ func newFromTransport(auth types.AuthConfig, transport http.RoundTripper, opt Op
 			url = "http://" + url
 		}
 	}
+	if !reProtocol.MatchString(authURL) {
+		authURL = "https://" + authURL
+	}

 	tokenTransport := &TokenTransport{
 		Transport: transport,
@ -82,7 +86,7 @@ func newFromTransport(auth types.AuthConfig, transport http.RoundTripper, opt Op
 	}
 	basicAuthTransport := &BasicTransport{
 		Transport: tokenTransport,
-		URL:       url,
+		URL:       authURL,
 		Username:  auth.Username,
 		Password:  auth.Password,
 	}
--- a/registry/tokentransport_test.go
+++ b/registry/tokentransport_test.go
@ -25,7 +25,7 @@ func TestErrBasicAuth(t *testing.T) {
 		Password:      "ss3j",
 		ServerAddress: ts.URL,
 	}
-	r, err := New(authConfig, Opt{Insecure: true, Debug: true})
+	r, err := New(authConfig.ServerAddress, authConfig, Opt{Insecure: true, Debug: true})
 	if err != nil {
 		t.Fatalf("expected no error creating client, got %v", err)
 	}