README
¶
Docker Registry Authenticator
This is an authentication server for Docker Registry V2. Users and permissions are defined in a configuration file. See config.toml for an example. The server must have an RSA private key in order to sign tokens. The respective public key must be configured in the registry to verify the tokens.
Examples
Please see "accounts.toml" and "config.toml" in the testdata directory for configuration examples.
Generate User Passwords
Passwords can be generated using any of the following algorithms:
- Argon2i
- scrypt-sha256
- sha512-crypt -
openssl passwd -6 demo - sha256-crypt -
openssl passwd -5 demo - bcrypt -
htpasswd -bnBC 10 "" demo | tr -d ':\n' - pbkdf2-sha512 (in passlib format)
- pbkdf2-sha256 (in passlib format)
- pbkdf2-sha1 (in passlib format)
Documentation
¶
Index ¶
- Variables
- func GenerateToken(username string, accessClaims []*AccessControl) (string, error)
- func LoadConfig(path string) (err error)
- type AccessControl
- type AccessControlStore
- type Authenticator
- type Config
- type FileAuthenticator
- type Logf
- type Options
- type RegistryConfig
- type UserAccessConfig
- type UserAuthenticator
- type UserConfig
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrInvalidLogin = errors.New("Invalid username or password") ErrInvalidScope = errors.New("Invalid scope format") ErrUnknownService = errors.New("Unknown service") )
View Source
var ( ErrKeyMustBePEMEncoded = errors.New("invalid key: Key must be PEM encoded PKCS1 or PKCS8 private key") ErrNotRSAPrivateKey = errors.New("key is not a valid RSA private key") )
Functions ¶
func GenerateToken ¶
func GenerateToken(username string, accessClaims []*AccessControl) (string, error)
func LoadConfig ¶
Types ¶
type AccessControl ¶
type AccessControlStore ¶
type AccessControlStore interface {
GetACLS(username string) ([]*AccessControl, error)
}
type Authenticator ¶
type Authenticator struct {
// contains filtered or unexported fields
}
func NewAuthenticator ¶
func NewAuthenticator(o *Options) *Authenticator
func (*Authenticator) GetBasicCredentials ¶
func (a *Authenticator) GetBasicCredentials(r *http.Request) (string, string)
func (*Authenticator) ProcessRequest ¶
func (a *Authenticator) ProcessRequest(w http.ResponseWriter, r *http.Request) error
type Config ¶
type Config struct {
PrintToken bool
Registry *RegistryConfig
}
type FileAuthenticator ¶
type FileAuthenticator struct {
// contains filtered or unexported fields
}
func NewFileAuthenticator ¶
func NewFileAuthenticator(filename string) (*FileAuthenticator, error)
func (*FileAuthenticator) GetACLS ¶
func (a *FileAuthenticator) GetACLS(username string) ([]*AccessControl, error)
type Options ¶
type Options struct {
UserAuthenticator UserAuthenticator
AccessControlStore AccessControlStore
Log Logf
}
type RegistryConfig ¶
type UserAccessConfig ¶
type UserAccessConfig struct {
User []*UserConfig
}
type UserAuthenticator ¶
type UserConfig ¶
type UserConfig struct {
Username string
Password string
Hash string
Permissions []*AccessControl
}
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.