Documentation ¶
Index ¶
Constants ¶
const ( PrivIllegal Priv = 0 PrivPush = 1 PrivPull = 2 PrivAll = 3 // NB: equivlant to (PrivPush | PrivPull) )
Variables ¶
var ( ErrForbidden = NewHTTPError("Forbiden Access", http.StatusForbidden) ErrInternal = NewHTTPError("Internal server error", http.StatusInternalServerError) )
Predefined internal error
Functions ¶
This section is empty.
Types ¶
type AuthRequest ¶
AuthRequest parse the client request
type Config ¶
type Config struct { Version string `yaml:"version,omitempty"` Log Log `yaml:"log,omitempty"` Storage Storage `yaml:"storage,omitempty"` HTTP ServerConf `yaml:"http"` Token Token `yaml:"token"` }
func (*Config) LoadFromFile ¶
type HTTPAuthError ¶
type HTTPAuthError struct { Code int // contains filtered or unexported fields }
func HTTPBadRequest ¶
func HTTPBadRequest(s string) (err *HTTPAuthError)
HTTPBadRequest returns *HTTPError with supplied informative string and error code 400.
func NewHTTPError ¶
func NewHTTPError(s string, code int) (err *HTTPAuthError)
NewHTTPError creates new HTTPError with supplied error message and code. The message is displayed to the end user, so please be careful.
func (HTTPAuthError) Error ¶
func (e HTTPAuthError) Error() string
func (*HTTPAuthError) Respond ¶
func (e *HTTPAuthError) Respond(w http.ResponseWriter)
Respond sends the error code and message to the supplied ResponseWriter
type Handler ¶
func NewHandler ¶
func NewHandler(authHandler *TokenAuthHandler) *Handler
NewHandler returns a new instance of Handler built from a config.
type Scope ¶
type Scope struct { Type string // repository Name string // foo/bar Actions Priv // Priv who would guess that ? }
Scope definition
type ServerConf ¶
type TokenAuthHandler ¶
type TokenAuthHandler struct { // Main config file ... similar as in the server handler Config *Config // Account name of the user Account string // Service identifier ... One Auth server may be source of true for different services Service string }
TokenAuthHandler handler for the docker token request Docker client will pass the following parameters in the request
service - The name of the service which hosts the resource. (required) scope - The resource in question. Can be speficied more time (required) account - name of the account. Optional usually get passed only if docker login
func (*TokenAuthHandler) CreateToken ¶
func (h *TokenAuthHandler) CreateToken(scopes *Scope, service, account string) (tokenString string, err error)
func (*TokenAuthHandler) ServeHTTP ¶
func (h *TokenAuthHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type VaultClient ¶
type VaultClient struct {
Config *Vault
}
func (*VaultClient) RetrieveUser ¶
func (c *VaultClient) RetrieveUser(ctx context.Context, namespace, user string) (*UserInfo, *HTTPAuthError)
RetrieveUser retrieve username/password/acl from Vault BUG(dejan) We need to add some context and potentiall a pool of clients
Notes ¶
Bugs ¶
add support to write logs to a text file
if c.Log.File != "" { // BUG(dejan): Implement file handler s.Handler = handlers.CombinedLoggingHandler(os.Stdout, s.Handler) } else { s.Handler = handlers.CombinedLoggingHandler(os.Stdout, s.Handler) }
we do not support anonymous images yet
We need to add some context and potentiall a pool of clients