You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
buildx/util/imagetools/inspect.go

140 lines
3.0 KiB
Go

package imagetools
import (
"bytes"
"context"
"encoding/base64"
"encoding/json"
"io"
"net/http"
"github.com/containerd/containerd/remotes"
"github.com/containerd/containerd/remotes/docker"
clitypes "github.com/docker/cli/cli/config/types"
"github.com/docker/distribution/reference"
registryconfig "github.com/moby/buildkit/util/resolver/config"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
)
type Auth interface {
GetAuthConfig(registryHostname string) (clitypes.AuthConfig, error)
}
type Opt struct {
Auth Auth
RegistryConfig map[string]registryconfig.RegistryConfig
}
type Resolver struct {
auth docker.Authorizer
}
func New(opt Opt) *Resolver {
return &Resolver{
auth: docker.NewDockerAuthorizer(docker.WithAuthCreds(toCredentialsFunc(opt.Auth)), docker.WithAuthClient(http.DefaultClient)),
}
}
func (r *Resolver) resolver() remotes.Resolver {
return docker.NewResolver(docker.ResolverOptions{
Authorizer: r.auth,
Client: http.DefaultClient,
})
}
func (r *Resolver) Resolve(ctx context.Context, in string) (string, ocispec.Descriptor, error) {
ref, err := parseRef(in)
if err != nil {
return "", ocispec.Descriptor{}, err
}
in, desc, err := r.resolver().Resolve(ctx, ref.String())
if err != nil {
return "", ocispec.Descriptor{}, err
}
return in, desc, nil
}
func (r *Resolver) Get(ctx context.Context, in string) ([]byte, ocispec.Descriptor, error) {
in, desc, err := r.Resolve(ctx, in)
if err != nil {
return nil, ocispec.Descriptor{}, err
}
dt, err := r.GetDescriptor(ctx, in, desc)
if err != nil {
return nil, ocispec.Descriptor{}, err
}
return dt, desc, nil
}
func (r *Resolver) GetDescriptor(ctx context.Context, in string, desc ocispec.Descriptor) ([]byte, error) {
fetcher, err := r.resolver().Fetcher(ctx, in)
if err != nil {
return nil, err
}
rc, err := fetcher.Fetch(ctx, desc)
if err != nil {
return nil, err
}
buf := &bytes.Buffer{}
_, err = io.Copy(buf, rc)
rc.Close()
if err != nil {
return nil, err
}
return buf.Bytes(), nil
}
func parseRef(s string) (reference.Named, error) {
ref, err := reference.ParseNormalizedNamed(s)
if err != nil {
return nil, err
}
ref = reference.TagNameOnly(ref)
return ref, nil
}
func toCredentialsFunc(a Auth) func(string) (string, string, error) {
return func(host string) (string, string, error) {
if host == "registry-1.docker.io" {
host = "https://index.docker.io/v1/"
}
ac, err := a.GetAuthConfig(host)
if err != nil {
return "", "", err
}
if ac.IdentityToken != "" {
return "", ac.IdentityToken, nil
}
return ac.Username, ac.Password, nil
}
}
func RegistryAuthForRef(ref string, a Auth) (string, error) {
if a == nil {
return "", nil
}
r, err := parseRef(ref)
if err != nil {
return "", err
}
host := reference.Domain(r)
if host == "docker.io" {
host = "https://index.docker.io/v1/"
}
ac, err := a.GetAuthConfig(host)
if err != nil {
return "", err
}
buf, err := json.Marshal(ac)
if err != nil {
return "", err
}
return base64.URLEncoding.EncodeToString(buf), nil
}