Skip to content
This repository has been archived by the owner on Apr 25, 2023. It is now read-only.

Commit

Permalink
Enabled auth and support http registries for OCI
Browse files Browse the repository at this point in the history
Signed-off-by: Andrew Block <andy.block@gmail.com>
  • Loading branch information
sabre1041 authored and scottrigby committed Jan 12, 2022
1 parent 4c8a3fa commit 291c17f
Show file tree
Hide file tree
Showing 2 changed files with 54 additions and 8 deletions.
42 changes: 36 additions & 6 deletions internal/experimental/registry/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ limitations under the License.
package registry // import "helm.sh/helm/v3/internal/experimental/registry"

import (
"context"
"encoding/json"
"fmt"
"io"
Expand All @@ -34,7 +35,7 @@ import (
"oras.land/oras-go/pkg/content"
"oras.land/oras-go/pkg/oras"
"oras.land/oras-go/pkg/registry"
registrremote "oras.land/oras-go/pkg/registry/remote"
registryremote "oras.land/oras-go/pkg/registry/remote"
registryauth "oras.land/oras-go/pkg/registry/remote/auth"

"helm.sh/helm/v3/internal/version"
Expand Down Expand Up @@ -100,6 +101,23 @@ func NewClient(options ...ClientOption) (*Client, error) {
"User-Agent": {version.GetUserAgent()},
},
Cache: registryauth.DefaultCache,
Credential: func(ctx context.Context, reg string) (registryauth.Credential, error) {
dockerClient, ok := client.authorizer.(*dockerauth.Client)
if !ok {
return registryauth.EmptyCredential, errors.New("unable to obtain docker client")
}

username, password, err := dockerClient.Credential(reg)
if err != nil {
return registryauth.EmptyCredential, errors.New("unable to retrieve credentials")
}

return registryauth.Credential{
Username: username,
Password: password,
}, nil

},
}

}
Expand Down Expand Up @@ -555,21 +573,33 @@ func PushOptStrictMode(strictMode bool) PushOption {
}
}

// Tags provides an all semver compliant tags for a given repository
// Tags provides a sorted list all semver compliant tags for a given repository
func (c *Client) Tags(ref string) ([]string, error) {
parsedReference, err := registry.ParseReference(ref)
if err != nil {
return nil, err
}

repository := registrremote.Repository{
repository := registryremote.Repository{
Reference: parsedReference,
Client: c.registryAuthorizer,
}

registryTags, err := registry.Tags(ctx(c.out, c.debug), &repository)
if err != nil {
return nil, err
var registryTags []string

for {
registryTags, err = registry.Tags(ctx(c.out, c.debug), &repository)
if err != nil {
// Fallback to http based request
if !repository.PlainHTTP && strings.Contains(err.Error(), "server gave HTTP response") {
repository.PlainHTTP = true
continue
}
return nil, err
}

break

}

var tagVersions []*semver.Version
Expand Down
20 changes: 18 additions & 2 deletions internal/experimental/registry/client_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -294,15 +294,31 @@ func (suite *RegistryClientTestSuite) Test_2_Pull() {
suite.Equal(provData, result.Prov.Data)
}

func (suite *RegistryClientTestSuite) Test_3_Logout() {
func (suite *RegistryClientTestSuite) Test_3_Tags() {

// Load test chart (to build ref pushed in previous test)
chartData, err := ioutil.ReadFile("../../../pkg/downloader/testdata/local-subchart-0.1.0.tgz")
suite.Nil(err, "no error loading test chart")
meta, err := extractChartMeta(chartData)
suite.Nil(err, "no error extracting chart meta")
ref := fmt.Sprintf("%s/testrepo/%s", suite.DockerRegistryHost, meta.Name)

// Query for tags and validate length
tags, err := suite.RegistryClient.Tags(ref)
suite.Nil(err, "no error retrieving tags")
suite.Equal(1, len(tags))

}

func (suite *RegistryClientTestSuite) Test_4_Logout() {
err := suite.RegistryClient.Logout("this-host-aint-real:5000")
suite.NotNil(err, "error logging out of registry that has no entry")

err = suite.RegistryClient.Logout(suite.DockerRegistryHost)
suite.Nil(err, "no error logging out of registry")
}

func (suite *RegistryClientTestSuite) Test_4_ManInTheMiddle() {
func (suite *RegistryClientTestSuite) Test_5_ManInTheMiddle() {
ref := fmt.Sprintf("%s/testrepo/supposedlysafechart:9.9.9", suite.CompromisedRegistryHost)

// returns content that does not match the expected digest
Expand Down

0 comments on commit 291c17f

Please sign in to comment.