Multiple calls to request.Header.Add() will overwrite the last value.
This formats the value of the Accept headers correctly so that a
registry can perform content-type negotiation.
Rather than returning an error that requires pattern-matching from
`parseChallenge` when the challenge header requires basic
authentication, return a distinguished error value. This makes checking
for this error a bit easier.
This commit also updates the check in `r.Headers` to use the new error
value and adds a couple of regression tests.
Using a registry having basic auth enabled the authentication was not
submitted to Clair. This newly introduced error fixes the missing auth
but needs testing with non-basic auth protected registries.
Also maybe the test for the "malformed auth..." string can now be
removed as it does not trigger on registries with basic auth enabled?
Signed-off-by: Knut Ahlers <knut@ahlers.me>
* Add more useful error for bad credentials.
The www-authenticate: basic response currently gets caught by
the token transport, which fails to parse it and spits out
a rather oblique "malformed auth challenge header" error.
Make the token transport ignore basic auth types, and make
the error transport handle a 401 response.
* Format authchallenge.go correctly.
Basic auth only worked if a full url was supplied. The reason is that
BasicTransport.RoundTrip checked if the resulting request URL has a the
transport's URL as a prefix.
This is fixed by setting the transport's URL to the canonical URL that is
computed a few lines earlier.
* Allow for non-SSL access
* Reuqire --insecure option to use http protocol
* Fixed lint error
* Added --force-non-ssl option. Also moved check to allow handling of docker config
* Add flag to trust ssl certificates signed by unknown authority
* Use registry http client instead of pure http client
* Add Bearer token only if required
* Create clair client instance with configurable debug option
* Limit number of parallel vuln scann´s to 20 to reduce load
* No need to throttle anymore because parallism is limited
* Make number of workers configurable
* During first run do not create clair vulns report details