From 3c73c0c0cd0f96c537d9c90f9ae9a3ed19f045b0 Mon Sep 17 00:00:00 2001 From: Alvaro Iradier Date: Fri, 18 Sep 2020 11:40:51 +0200 Subject: [PATCH] Add --registry-token flags to support Bearer token authentication Signed-off-by: Alvaro Iradier --- cmd/skopeo/utils.go | 5 +++++ completions/bash/skopeo | 5 +++++ docs/skopeo-copy.1.md | 4 ++++ docs/skopeo-delete.1.md | 2 ++ docs/skopeo-inspect.1.md | 2 ++ docs/skopeo-list-tags.1.md | 2 ++ docs/skopeo-sync.1.md | 4 ++++ 7 files changed, 24 insertions(+) diff --git a/cmd/skopeo/utils.go b/cmd/skopeo/utils.go index abe4fbd09a..3fdd371556 100644 --- a/cmd/skopeo/utils.go +++ b/cmd/skopeo/utils.go @@ -57,6 +57,7 @@ type dockerImageOptions struct { shared *sharedImageOptions // May be shared across several imageOptions instances. authFilePath optionalString // Path to a */containers/auth.json (prefixed version to override shared image option). credsOption optionalString // username[:password] for accessing a registry + registryToken optionalString // token to be used directy as a Bearer token when accessing the registry dockerCertPath string // A directory using Docker-like *.{crt,cert,key} files for connecting to a registry or a daemon tlsVerify optionalBool // Require HTTPS and verify certificates (for docker: and docker-daemon:) noCreds bool // Access the registry anonymously @@ -95,6 +96,7 @@ func dockerImageFlags(global *globalOptions, shared *sharedImageOptions, flagPre fs.StringVar(&flags.dockerCertPath, flagPrefix+"cert-dir", "", "use certificates at `PATH` (*.crt, *.cert, *.key) to connect to the registry or daemon") optionalBoolFlag(&fs, &flags.tlsVerify, flagPrefix+"tls-verify", "require HTTPS and verify certificates when talking to the container registry or daemon (defaults to true)") fs.BoolVar(&flags.noCreds, flagPrefix+"no-creds", false, "Access the registry anonymously") + fs.Var(newOptionalStringValue(&flags.registryToken), flagPrefix+"registry-token", "Provide a Bearer token for accessing the registry") return fs, &flags } @@ -131,6 +133,9 @@ func (opts *imageOptions) newSystemContext() (*types.SystemContext, error) { ctx.AuthFilePath = opts.shared.authFilePath ctx.DockerDaemonHost = opts.dockerDaemonHost ctx.DockerDaemonCertPath = opts.dockerCertPath + if opts.registryToken.present { + ctx.DockerBearerRegistryToken = opts.registryToken.value + } if opts.dockerImageOptions.authFilePath.present { ctx.AuthFilePath = opts.dockerImageOptions.authFilePath.value } diff --git a/completions/bash/skopeo b/completions/bash/skopeo index 214ebc3c2b..65fc8281d6 100644 --- a/completions/bash/skopeo +++ b/completions/bash/skopeo @@ -49,6 +49,8 @@ _skopeo_copy() { --dest-tls-verify --src-daemon-host --dest-daemon-host + --src-registry-token + --dest-registry-token " local boolean_options=" @@ -74,6 +76,7 @@ _skopeo_inspect() { --creds --cert-dir --retry-times + --registry-token " local boolean_options=" --config @@ -120,6 +123,7 @@ _skopeo_delete() { --authfile --creds --cert-dir + --registry-token " local boolean_options=" --tls-verify @@ -150,6 +154,7 @@ _skopeo_list_repository_tags() { --authfile --creds --cert-dir + --registry-token " local boolean_options=" diff --git a/docs/skopeo-copy.1.md b/docs/skopeo-copy.1.md index 1c38bcbfc8..ff1e04d125 100644 --- a/docs/skopeo-copy.1.md +++ b/docs/skopeo-copy.1.md @@ -84,6 +84,10 @@ Existing signatures, if any, are preserved as well. **--dest-compress-level** _format_ Specifies the compression level to use. The value is specific to the compression algorithm used, e.g. for zstd the accepted values are in the range 1-20 (inclusive), while for gzip it is 1-9 (inclusive). +**--src-registry-token** _Bearer token_ for accessing the source registry + +**--dest-registry-token** _Bearer token_ for accessing the destination registry + ## EXAMPLES To just copy an image from one registry to another: diff --git a/docs/skopeo-delete.1.md b/docs/skopeo-delete.1.md index f61afae104..b77557c620 100644 --- a/docs/skopeo-delete.1.md +++ b/docs/skopeo-delete.1.md @@ -34,6 +34,8 @@ $ docker exec -it registry /usr/bin/registry garbage-collect /etc/docker-distrib Additionally, the registry must allow deletions by setting `REGISTRY_STORAGE_DELETE_ENABLED=true` for the registry daemon. +**--registry-token** _Bearer token_ for accessing the registry + ## EXAMPLES Mark image example/pause for deletion from the registry.example.com registry: diff --git a/docs/skopeo-inspect.1.md b/docs/skopeo-inspect.1.md index a16a46ed56..eb954c3d32 100644 --- a/docs/skopeo-inspect.1.md +++ b/docs/skopeo-inspect.1.md @@ -35,6 +35,8 @@ Return low-level information about _image-name_ in a registry **--no-creds** _bool-value_ Access the registry anonymously. + **--registry-token** _Bearer token_ for accessing the registry + ## EXAMPLES To review information for the image fedora from the docker.io registry: diff --git a/docs/skopeo-list-tags.1.md b/docs/skopeo-list-tags.1.md index 6d7866178b..e5d88871c8 100644 --- a/docs/skopeo-list-tags.1.md +++ b/docs/skopeo-list-tags.1.md @@ -23,6 +23,8 @@ Return a list of tags from _repository-name_ in a registry. **--no-creds** _bool-value_ Access the registry anonymously. + **--registry-token** _Bearer token_ for accessing the registry + ## REPOSITORY NAMES Repository names are transport-specific references as each transport may have its own concept of a "repository" and "tags". Currently, only the Docker transport is supported. diff --git a/docs/skopeo-sync.1.md b/docs/skopeo-sync.1.md index 2be13cae1b..d0e624fa84 100644 --- a/docs/skopeo-sync.1.md +++ b/docs/skopeo-sync.1.md @@ -71,6 +71,10 @@ Path of the authentication file for the destination registry. Uses path given by **--dest-tls-verify** _bool-value_ Require HTTPS and verify certificates when talking to a container destination registry or daemon (defaults to true). +**--src-registry-token** _Bearer token_ for accessing the source registry + +**--dest-registry-token** _Bearer token_ for accessing the destination registry + ## EXAMPLES ### Synchronizing to a local directory