client

package

v0.0.0-...-11bd816 Latest Latest Go to latest Published: Apr 29, 2024 License: Apache-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/sapcc/keppel

Links

Open Source Insights

Documentation ¶

Index ¶

func RegisterAuthDriver(name string, factory func() AuthDriver)
type AuthChallenge
- func ParseAuthChallenge(hdr http.Header) (AuthChallenge, error)
- func (c AuthChallenge) GetToken(ctx context.Context, userName, password string) (string, error)
type AuthDriver
- func NewAuthDriver() (AuthDriver, error)
type DownloadManifestOpts
type RepoClient
type ValidationLogger
type ValidationSession

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func RegisterAuthDriver ¶

func RegisterAuthDriver(name string, factory func() AuthDriver)

RegisterAuthDriver registers an AuthDriver. Call this from func init() of the package defining the AuthDriver.

Types ¶

type AuthChallenge ¶

type AuthChallenge struct {
	Realm   string
	Service string
	Scope   string
}

AuthChallenge contains the parsed contents of a Www-Authenticate header returned by a registry.

func ParseAuthChallenge ¶

func ParseAuthChallenge(hdr http.Header) (AuthChallenge, error)

ParseAuthChallenge parses the auth challenge from the response headers of an unauthenticated request to a registry API.

func (AuthChallenge) GetToken ¶

func (c AuthChallenge) GetToken(ctx context.Context, userName, password string) (string, error)

GetToken obtains a token that satisfies this challenge.

type AuthDriver ¶

type AuthDriver interface {
	// MatchesEnvironment checks the process's environment variables to see if
	// they contain credentials for this authentication method. This is how we
	// decide which AuthDriver to use.
	MatchesEnvironment() bool

	// Connect sets up a connection to a Keppel server, using the credentials from
	// the process's environment variables.
	Connect() error

	// CurrentAuthTenantID returns the ID of the auth tenant where the client is
	// authenticated.
	CurrentAuthTenantID() string
	// ServerHost returns the server's hostname. May be of the form "host:port".
	// May panic when called before Connect().
	ServerHost() string
	// ServerScheme returns "http" or "https" to indicate whether the server
	// exposes an encrypted or unencrypted API.
	ServerScheme() string
	// SendHTTPRequest sends a HTTP request to the Keppel API. The implementation
	// will fill in the correct server hostname and add any required auth headers.
	// May panic when called before Connect().
	SendHTTPRequest(req *http.Request) (*http.Response, error)

	// CredentialsForRegistryAPI returns a pair of username and password that can
	// be used on the Registry API of the same Keppel instance to obtain
	// equivalent access.
	CredentialsForRegistryAPI() (userName, password string)
}

AuthDriver is the client-side counterpart of keppel.AuthDriver. It implements support for talking to the Keppel API using the corresponding server-side authentication driver.

func NewAuthDriver ¶

func NewAuthDriver() (AuthDriver, error)

NewAuthDriver selects the correct AuthDriver and executes its Connect() method.

type DownloadManifestOpts ¶

type DownloadManifestOpts struct {
	DoNotCountTowardsLastPulled bool
	ExtraHeaders                http.Header
}

DownloadManifestOpts appears in func DownloadManifest.

type RepoClient ¶

type RepoClient struct {
	Scheme   string // either "http" or "https"
	Host     string // either a plain hostname or a host:port like "example.org:443"
	RepoName string

	// credentials (only needed for non-public repos)
	UserName string
	Password string
	// contains filtered or unexported fields
}

RepoClient contains methods for interacting with a repository on a registry server.

func (*RepoClient) DownloadBlob ¶

func (c *RepoClient) DownloadBlob(ctx context.Context, blobDigest digest.Digest) (contents io.ReadCloser, sizeBytes uint64, returnErr error)

DownloadBlob fetches a blob's contents from this repository. If an error is returned, it's usually a *keppel.RegistryV2Error.

func (*RepoClient) DownloadManifest ¶

func (c *RepoClient) DownloadManifest(ctx context.Context, reference models.ManifestReference, opts *DownloadManifestOpts) (contents []byte, mediaType string, returnErr error)

DownloadManifest fetches a manifest from this repository. If an error is returned, it's usually a *keppel.RegistryV2Error.

func (*RepoClient) SetToken ¶

func (c *RepoClient) SetToken(token string)

SetToken can be used in tests to inject a pre-computed token and bypass the username/password requirement.

func (*RepoClient) UploadManifest ¶

func (c *RepoClient) UploadManifest(ctx context.Context, contents []byte, mediaType, tagName string) (digest.Digest, error)

UploadManifest uploads a manifest. If `tagName` is not empty, this tag name is used, otherwise the manifest is uploaded to its canonical digest. On success, the manifest's digest is returned.

func (*RepoClient) UploadMonolithicBlob ¶

func (c *RepoClient) UploadMonolithicBlob(ctx context.Context, contents []byte) (digest.Digest, error)

UploadMonolithicBlob performs a monolithic blob upload. On success, the blob's digest is returned.

func (*RepoClient) ValidateBlobContents ¶

func (c *RepoClient) ValidateBlobContents(ctx context.Context, blobDigest digest.Digest, session *ValidationSession) error

ValidateBlobContents fetches the given blob from the repo and verifies that the contents produce the correct digest.

func (*RepoClient) ValidateManifest ¶

func (c *RepoClient) ValidateManifest(ctx context.Context, reference models.ManifestReference, session *ValidationSession, platformFilter models.PlatformFilter) error

ValidateManifest fetches the given manifest from the repo and verifies that it parses correctly. It also validates all references manifests and blobs recursively.

type ValidationLogger ¶

type ValidationLogger interface {
	LogManifest(reference models.ManifestReference, level int, validationResult error, resultFromCache bool)
	LogBlob(d digest.Digest, level int, validationResult error, resultFromCache bool)
}

ValidationLogger can be passed to ValidateManifest, primarily to allow the caller to log the progress of the validation operation.

type ValidationSession ¶

type ValidationSession struct {
	Logger ValidationLogger
	// contains filtered or unexported fields
}

ValidationSession holds state and caches intermediate results over the course of several ValidateManifest() and ValidateBlobContents() calls. The cache optimizes the validation of submanifests and blobs that are referenced multiple times. The session instance should only be used for as long as the caller wishes to cache validation results.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
peer

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL