registry

package
v1.16.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 6, 2026 License: BSD-3-Clause Imports: 16 Imported by: 0

Documentation

Overview

Package registry is derived from Moby's registry implementation.

Source: https://github.com/moby/moby/blob/v28.5.2/registry/auth.go License: Apache License 2.0 SPDX-License-Identifier: Apache-2.0

Simplified Wrapper as Arcane only needs the Ping Function currently

This local copy is vendored to avoid pulling conflicting module variants during dependency resolution in this monorepo.

Index

Constants

View Source 
const (
	DefaultRegistry       = "registry-1.docker.io"
	DefaultRegistryDomain = "docker.io"
	DefaultRegistryHost   = "index.docker.io"
	ContentDigestHeader   = "Docker-Content-Digest"
	ChallengeHeader       = "WWW-Authenticate"
)

Variables

This section is empty.

Functions

func AcquireTokenViaChallenge 

func AcquireTokenViaChallenge(
	ctx context.Context,
	registryHost string,
	repository string,
	challengeHeader string,
	enabledRegs []models.ContainerRegistry,
) (string, string, string, error)

AcquireTokenViaChallenge: Parses a WWW-Authenticate Bearer challenge, builds an auth URL, tries anonymous multi-scope token, then credential-based. Returns (token, method, username, error)

func DecodeAuthHeader added in v1.16.0 

func DecodeAuthHeader(authEncoded string) (dockerregistry.AuthConfig, error)

func EncodeAuthHeader added in v1.16.0 

func EncodeAuthHeader(username, password, serverAddress string) (string, error)

func ExtractRegistryHost added in v1.16.0 

func ExtractRegistryHost(imageRef string) string

func GetAuthHeaderForImage 

func GetAuthHeaderForImage(ctx context.Context, imageRef string, enabledRegs []models.ContainerRegistry) (string, error)

GetAuthHeaderForImage performs the /v2/ challenge for an image and returns a usable Authorization header. It supports Basic and Bearer challenges. For Bearer, it reuses AcquireTokenViaChallenge which looks up credentials from the database (enabledRegs) when needed.

func GetChallengeRequest 

func GetChallengeRequest(ctx context.Context, u url.URL) (*http.Request, error)

func GetChallengeURL 

func GetChallengeURL(imageRef string) (url.URL, error)

GetChallengeURL returns https://<host>/v2/ for a given image ref (normalized). host is normalized so docker.io => index.docker.io.

func GetRegistryAddress 

func GetRegistryAddress(imageRef string) (string, error)

func IsRegistryMatch added in v1.16.0 

func IsRegistryMatch(left, right string) bool

func NormalizeRegistryForComparison added in v1.16.0 

func NormalizeRegistryForComparison(url string) string

func NormalizeRegistryURL added in v1.16.0 

func NormalizeRegistryURL(url string) string

func PingV2Registry added in v1.16.0 

func PingV2Registry(ctx context.Context, endpoint *url.URL, transport http.RoundTripper) (challenge.Manager, error)

PingV2Registry attempts to ping a v2 registry and on success return a challenge manager for the supported authentication types. If a response is received but cannot be interpreted, a PingResponseError will be returned.

func RegistryAuthLookupKeys added in v1.16.0 

func RegistryAuthLookupKeys(url string) []string

func ResolveAuthHeaderForRepository 

func ResolveAuthHeaderForRepository(ctx context.Context, host, repository, tag string, enabledRegs []models.ContainerRegistry) (string, string, string, error)

Types

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client provides helper methods for Docker/OCI registries.

func NewClient 

func NewClient() *Client

func (*Client) CheckAuth 

func (c *Client) CheckAuth(ctx context.Context, registry string) (string, error)

func (*Client) GetLatestDigest 

func (c *Client) GetLatestDigest(ctx context.Context, registry, repository, tag, token string) (string, error)

func (*Client) GetLatestDigestTimed 

func (c *Client) GetLatestDigestTimed(ctx context.Context, registry, repository, tag, token string) (string, time.Duration, error)

func (*Client) GetRegistryURL 

func (c *Client) GetRegistryURL(registry string) string

func (*Client) GetToken 

func (c *Client) GetToken(ctx context.Context, authURL, repository string, creds *Credentials) (string, error)

func (*Client) GetTokenMulti 

func (c *Client) GetTokenMulti(ctx context.Context, authURL string, repositories []string, creds *Credentials) (string, error)

func (*Client) ParseAuthChallenge 

func (c *Client) ParseAuthChallenge(header string) (string, string)

type Credentials 

type Credentials struct {
	Username string
	Token    string
}

type PingResponseError added in v1.16.0 

type PingResponseError struct {
	Err error
}

func (PingResponseError) Error added in v1.16.0 

func (e PingResponseError) Error() string

func (PingResponseError) Unwrap added in v1.16.0 

func (e PingResponseError) Unwrap() error

type TestResult 

type TestResult struct {
	OverallSuccess bool      `json:"overall_success"`
	PingSuccess    bool      `json:"ping_success"`
	AuthSuccess    bool      `json:"auth_success"`
	CatalogSuccess bool      `json:"catalog_success"`
	URL            string    `json:"url"`
	Domain         string    `json:"domain"`
	Timestamp      time.Time `json:"timestamp"`
	Errors         []string  `json:"errors"`
}

func TestRegistryConnection 

func TestRegistryConnection(ctx context.Context, registryURL string, creds *Credentials) (*TestResult, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.