Documentation
¶
Overview ¶
Package registry provides functionality for interacting with container registries in Watchtower. It handles authentication, digest retrieval, and image pull options for registry operations.
Key components:
- auth: Manages registry authentication (token fetching, challenge handling).
- digest: Retrieves and compares image digests via HTTP requests.
- helpers: Utilities for registry address parsing and digest normalization.
- manifest: Constructs manifest URLs for digest fetching.
- registry: Configures pull options and API consumption checks.
Usage example:
opts, err := registry.GetPullOptions("docker.io/library/alpine")
if err != nil {
logrus.WithError(err).Error("Failed to get pull options")
}
digest, err := digest.FetchDigest(ctx, container, opts.RegistryAuth)
The package integrates with Docker’s registry API, supports credential fetching from config files or environment variables, and uses logrus for logging operations.
Index ¶
- func CredentialsStore(configFile dockerConfigConfigfile.ConfigFile) dockerConfigCredentials.Store
- func DefaultAuthHandler(_ context.Context) (string, error)
- func EncodeCredentials(authConfig dockerConfig.AuthConfig) (string, error)
- func EncodedAuth(imageName string) (string, error)
- func EncodedConfigCredentials(imageRef string) (string, error)
- func EncodedEnvAuth() (string, error)
- func GetPullOptions(imageName string) (dockerImage.PullOptions, error)
- func WarnOnAPIConsumption(container types.Container) bool
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CredentialsStore ¶
func CredentialsStore(configFile dockerConfigConfigfile.ConfigFile) dockerConfigCredentials.Store
CredentialsStore returns a new credentials store based on the configuration file settings.
It selects a native or file-based store depending on the config.
Parameters:
- configFile: Docker configuration file.
Returns:
- dockerConfigCredentials.Store: Configured credentials store.
func DefaultAuthHandler ¶
DefaultAuthHandler is a privilege function called when initial authentication fails.
It retries the request without credentials, as reusing the same auth is unlikely to succeed.
Parameters:
- ctx: Context for request lifecycle control (unused here).
Returns:
- string: Empty string to indicate no new credentials.
- error: Always nil, as no further action is taken.
func EncodeCredentials ¶
func EncodeCredentials(authConfig dockerConfig.AuthConfig) (string, error)
EncodeCredentials Base64 encodes an AuthConfig struct for HTTP transmission.
It marshals the struct to JSON and applies URL-safe base64 encoding.
Parameters:
- authConfig: Authentication configuration to encode.
Returns:
- string: Base64-encoded auth string if successful.
- error: Non-nil if marshaling fails, nil on success.
func EncodedAuth ¶
EncodedAuth attempts to retrieve encoded authentication credentials for a given image name.
It checks environment variables first, then falls back to the Docker config file if needed.
Parameters:
- ref: Image reference string (e.g., "docker.io/library/alpine").
Returns:
- string: Base64-encoded credentials string if successful, empty if none found.
- error: Non-nil if both methods fail, nil on success or if no credentials are available.
func EncodedConfigCredentials ¶
EncodedConfigCredentials retrieves authentication credentials from the Docker config file.
The Docker config must be mounted on the container.
Parameters:
- imageRef: Image reference string for registry lookup.
Returns:
- string: Base64-encoded credentials string if found, empty if none.
- error: Non-nil if config loading or address retrieval fails, nil on success or if no auth is found.
func EncodedEnvAuth ¶
EncodedEnvAuth checks for REPO_USER and REPO_PASS environment variables and encodes them.
It returns an error if these variables are not set.
Returns:
- string: Base64-encoded auth string if credentials are found.
- error: Non-nil if env vars are missing, nil on success.
func GetPullOptions ¶
func GetPullOptions(imageName string) (dockerImage.PullOptions, error)
GetPullOptions creates a struct with all options needed for pulling images from a registry.
It retrieves encoded authentication credentials and configures pull options with a privilege function.
Parameters:
- imageName: Name of the image to pull (e.g., "docker.io/library/alpine").
Returns:
- image.PullOptions: Configured pull options if successful.
- error: Non-nil if auth retrieval fails, nil on success.
func WarnOnAPIConsumption ¶
WarnOnAPIConsumption determines whether to warn about API consumption for a container’s registry.
It returns true for registries supporting HEAD requests (e.g., Docker Hub, GHCR) or if parsing fails.
Parameters:
- container: Container with image info for registry check.
Returns:
- bool: True if a warning is warranted, false otherwise.
Types ¶
This section is empty.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package auth provides functionality for authenticating with container registries.
|
Package auth provides functionality for authenticating with container registries. |
|
Package digest provides functionality for retrieving and comparing Docker image digests in Watchtower.
|
Package digest provides functionality for retrieving and comparing Docker image digests in Watchtower. |
|
Package manifest provides functionality for constructing URLs to access container image manifests in Watchtower.
|
Package manifest provides functionality for constructing URLs to access container image manifests in Watchtower. |