You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
watchtower/pkg/registry/registry.go

62 lines
1.8 KiB
Go

package registry
import (
"github.com/containrrr/watchtower/pkg/registry/helpers"
watchtowerTypes "github.com/containrrr/watchtower/pkg/types"
ref "github.com/docker/distribution/reference"
"github.com/docker/docker/api/types"
log "github.com/sirupsen/logrus"
)
// GetPullOptions creates a struct with all options needed for pulling images from a registry
func GetPullOptions(imageName string) (types.ImagePullOptions, error) {
auth, err := EncodedAuth(imageName)
log.Debugf("Got image name: %s", imageName)
if err != nil {
return types.ImagePullOptions{}, err
}
if auth == "" {
return types.ImagePullOptions{}, nil
}
// CREDENTIAL: Uncomment to log docker config auth
// log.Tracef("Got auth value: %s", auth)
return types.ImagePullOptions{
RegistryAuth: auth,
PrivilegeFunc: DefaultAuthHandler,
}, nil
}
// DefaultAuthHandler will be invoked if an AuthConfig is rejected
// It could be used to return a new value for the "X-Registry-Auth" authentication header,
// but there's no point trying again with the same value as used in AuthConfig
func DefaultAuthHandler() (string, error) {
log.Debug("Authentication request was rejected. Trying again without authentication")
return "", nil
}
// WarnOnAPIConsumption will return true if the registry is known-expected
// to respond well to HTTP HEAD in checking the container digest -- or if there
// are problems parsing the container hostname.
// Will return false if behavior for container is unknown.
func WarnOnAPIConsumption(container watchtowerTypes.Container) bool {
normalizedRef, err := ref.ParseNormalizedNamed(container.ImageName())
if err != nil {
return true
}
containerHost, err := helpers.GetRegistryAddress(normalizedRef.Name())
if err != nil {
return true
}
if containerHost == helpers.DefaultRegistryHost || containerHost == "ghcr.io" {
return true
}
return false
}