Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ability to configure 'forceBasicAuth' for docker registries #31

Closed
wants to merge 3 commits into from
Closed
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -213,6 +213,27 @@ Repository createDockerHosted(final String name,
final boolean strictContentTypeValidation,
final WritePolicy writePolicy);

/**
* Create a Docker hosted repository.
* @param name The name of the new Repository
* @param httpPort The http port to accept traffic for this Repository on (optional)
* @param httpsPort The https port to accept traffic for this Repository on (optional)
* @param blobStoreName The BlobStore the Repository should use
* @param v1Enabled Whether or not this Repository supports Docker V1 format
* @param strictContentTypeValidation Whether or not the Repository should enforce strict content types
* @param writePolicy The {@link WritePolicy} for the Repository
* @param forceBasicAuth whether or not this Repository should support anonymous pull
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This comment is not entirely true.

forceBasicAuth=true means use BASIC auth.
forceBasicAuth=false means use bearer token auth.

False is required for anonymous access but it doesn't guarantee it, also you could configure the permissions so that it isn't just "pull" specific. How about something like "whether to force basic auth (false is required to enable token auth which can be used for anonymous access)"

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jlstephens89 thanks for remark. Fixed

* @return the newly created Repository
*/
Repository createDockerHosted(final String name,
Integer httpPort,
Integer httpsPort,
final String blobStoreName,
final boolean v1Enabled,
final boolean strictContentTypeValidation,
final WritePolicy writePolicy,
final boolean forceBasicAuth);

/**
* Create a Docker proxy repository.
*
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -265,11 +265,12 @@ class RepositoryApiImpl
final String blobStoreName = BlobStoreManager.DEFAULT_BLOBSTORE_NAME,
final boolean strictContentTypeValidation = true,
final boolean v1Enabled = true,
final WritePolicy writePolicy = WritePolicy.ALLOW
final WritePolicy writePolicy = WritePolicy.ALLOW,
final boolean forceBasicAuth = false
)
{
Configuration configuration = createHosted(name, 'docker-hosted', blobStoreName, writePolicy, strictContentTypeValidation)
configuration.attributes.docker = configureDockerAttributes(httpPort, httpsPort, v1Enabled)
configuration.attributes.docker = configureDockerAttributes(httpPort, httpsPort, v1Enabled, forceBasicAuth)
createRepository(configuration)
}

Expand All @@ -283,10 +284,11 @@ class RepositoryApiImpl
@Nullable Integer httpsPort,
final String blobStoreName = BlobStoreManager.DEFAULT_BLOBSTORE_NAME,
final boolean strictContentTypeValidation = true,
final boolean v1Enabled = true)
final boolean v1Enabled = true,
final boolean forceBasicAuth = false)
{
Configuration configuration = createProxy(name, 'docker-proxy', remoteUrl, blobStoreName, strictContentTypeValidation)
configuration.attributes.docker = configureDockerAttributes(httpPort, httpsPort, v1Enabled)
configuration.attributes.docker = configureDockerAttributes(httpPort, httpsPort, v1Enabled, forceBasicAuth)
configuration.attributes.dockerProxy = [
indexType: indexType,
indexUrl : indexUrl
Expand All @@ -301,10 +303,11 @@ class RepositoryApiImpl
@Nullable Integer httpsPort,
final List<String> members,
final boolean v1Enabled = true,
final String blobStoreName = BlobStoreManager.DEFAULT_BLOBSTORE_NAME)
final String blobStoreName = BlobStoreManager.DEFAULT_BLOBSTORE_NAME,
final boolean forceBasicAuth = false)
{
Configuration configuration = createGroup(name, 'docker-group', blobStoreName, members as String[])
configuration.attributes.docker = configureDockerAttributes(httpPort, httpsPort, v1Enabled)
configuration.attributes.docker = configureDockerAttributes(httpPort, httpsPort, v1Enabled, forceBasicAuth)
createRepository(configuration)
}

Expand Down Expand Up @@ -422,7 +425,7 @@ class RepositoryApiImpl
[versionPolicy: versionPolicy, layoutPolicy: layoutPolicy]
}

private static Map configureDockerAttributes(Integer httpPort, Integer httpsPort, boolean v1Enabled) {
private static Map configureDockerAttributes(Integer httpPort, Integer httpsPort, boolean v1Enabled, boolean forceBasicAuth) {
def docker = [:]
if (httpPort) {
docker.httpPort = httpPort
Expand All @@ -431,6 +434,7 @@ class RepositoryApiImpl
docker.httpsPort = httpsPort
}
docker.v1Enabled = v1Enabled
docker.forceBasicAuth = forceBasicAuth
return docker
}

Expand Down