public async Task <Authorization> CallAsync()
{
Credential registryCredential = await retrieveTargetRegistryCredentialsStep.GetFuture().ConfigureAwait(false);
string registry = buildConfiguration.GetTargetImageConfiguration().GetImageRegistry();
try
{
using (progressEventDispatcherFactory.Create("authenticating push to " + registry, 1))
using (new TimerEventDispatcher(
buildConfiguration.GetEventHandlers(), string.Format(CultureInfo.CurrentCulture, DESCRIPTION, registry)))
{
RegistryAuthenticator registryAuthenticator =
await buildConfiguration
.NewTargetImageRegistryClientFactory()
.NewRegistryClient()
.GetRegistryAuthenticatorAsync().ConfigureAwait(false);
if (registryAuthenticator != null)
{
return(await registryAuthenticator.AuthenticatePushAsync(registryCredential).ConfigureAwait(false));
}
}
}
catch (InsecureRegistryException)
{
// Cannot skip certificate validation or use HTTP; fall through.
}
return(registryCredential?.IsOAuth2RefreshToken() != false
? null
: Authorization.FromBasicCredentials(
registryCredential.GetUsername(), registryCredential.GetPassword()));
}
public void SetUp()
{
registryAuthenticator =
RegistryAuthenticator.FromAuthenticationMethod(
new AuthenticationHeaderValue("Bearer", "realm=\"https://somerealm\",service=\"someservice\",scope=\"somescope\""),
registryEndpointRequestProperties,
new[] { new ProductInfoHeaderValue(new ProductHeaderValue("userAgent")) });
}
public void TestFromAuthenticationMethod_noService()
{
RegistryAuthenticator registryAuthenticator =
RegistryAuthenticator.FromAuthenticationMethod(
new AuthenticationHeaderValue("Bearer", "realm=\"https://somerealm\""),
registryEndpointRequestProperties,
new[] { new ProductInfoHeaderValue(new ProductHeaderValue("userAgent")) });
Assert.AreEqual(
new Uri("https://somerealm?service=someserver&scope=repository:someimage:scope"),
registryAuthenticator.GetAuthenticationUrl(null, "scope"));
}
public async Task TestGetRegistryAuthenticatorAsync()
{
RegistryClient registryClient =
RegistryClient.CreateFactory(EventHandlers.NONE, "registry.hub.docker.com", "library/busybox")
.NewRegistryClient();
RegistryAuthenticator registryAuthenticator = await registryClient.GetRegistryAuthenticatorAsync().ConfigureAwait(false);
Assert.IsNotNull(registryAuthenticator);
Authorization authorization = await registryAuthenticator.AuthenticatePullAsync(null).ConfigureAwait(false);
RegistryClient authorizedRegistryClient =
RegistryClient.CreateFactory(EventHandlers.NONE, "registry.hub.docker.com", "library/busybox")
.SetAuthorization(authorization)
.NewRegistryClient();
await authorizedRegistryClient.PullManifestAsync("latest").ConfigureAwait(false);
}
public void TestFromAuthenticationMethod_noRealm()
{
try
{
RegistryAuthenticator.FromAuthenticationMethod(
new AuthenticationHeaderValue("Bearer", "scope=\"somescope\""),
registryEndpointRequestProperties,
new[] { new ProductInfoHeaderValue(new ProductHeaderValue("userAgent")) });
Assert.Fail("Authentication method without 'realm' should fail");
}
catch (RegistryAuthenticationFailedException ex)
{
Assert.AreEqual(
"Failed to authenticate with registry someserver/someimage because: 'realm' was not found in the 'WWW-Authenticate' header, tried to parse: scope=\"somescope\"",
ex.Message);
}
}
public async Task TestAuthenticateAsync()
{
ImageReference dockerHubImageReference = ImageReference.Parse("library/busybox");
RegistryAuthenticator registryAuthenticator =
await RegistryClient.CreateFactory(
EventHandlers.NONE,
dockerHubImageReference.GetRegistry(),
dockerHubImageReference.GetRepository())
.NewRegistryClient()
.GetRegistryAuthenticatorAsync().ConfigureAwait(false);
Assert.IsNotNull(registryAuthenticator);
Authorization authorization = await registryAuthenticator.AuthenticatePullAsync(null).ConfigureAwait(false);
// Checks that some token was received.
Assert.IsTrue(0 < authorization.GetToken().Length);
}
private async Task <BaseImageWithAuthorization> GetOauthBaseImage(IEventHandlers eventHandlers, ProgressEventDispatcher progressEventDispatcher)
{
try
{
RetrieveRegistryCredentialsStep retrieveBaseRegistryCredentialsStep =
RetrieveRegistryCredentialsStep.ForBaseImage(
buildConfiguration,
progressEventDispatcher.NewChildProducer(), this.Index);
Credential registryCredential =
await retrieveBaseRegistryCredentialsStep.GetFuture().ConfigureAwait(false);
Authorization registryAuthorization =
registryCredential?.IsOAuth2RefreshToken() != false
? null
: Authorization.FromBasicCredentials(
registryCredential.GetUsername(), registryCredential.GetPassword());
RegistryAuthenticator registryAuthenticator =
await buildConfiguration
.NewBaseImageRegistryClientFactory()
.NewRegistryClient()
.GetRegistryAuthenticatorAsync().ConfigureAwait(false);
if (registryAuthenticator != null)
{
Authorization pullAuthorization =
await registryAuthenticator.AuthenticatePullAsync(registryCredential, eventHandlers)
.ConfigureAwait(false);
return(new BaseImageWithAuthorization(
await PullBaseImageAsync(pullAuthorization, progressEventDispatcher)
.ConfigureAwait(false), pullAuthorization));
}
}
catch (Exception e)
{
// Cannot skip certificate validation or use HTTP; fall through.
eventHandlers.Dispatch(LogEvent.Error(Resources.PullBaseImageStepAuthenticationErrorMessage + ",err:" + e.Message));
throw;
}
eventHandlers.Dispatch(LogEvent.Error(Resources.PullBaseImageStepAuthenticationErrorMessage + ",err:BaseImageCredential not config "));
throw new Exception("BaseImageCredential not config");
}
public async Task TestUserAgentAsync()
{
using (TestWebServer server = new TestWebServer(false))
{
try
{
RegistryAuthenticator authenticator =
RegistryAuthenticator.FromAuthenticationMethod(
new AuthenticationHeaderValue("Bearer", "realm=\"" + server.GetAddressAndPort() + "\""),
registryEndpointRequestProperties,
new[] { new ProductInfoHeaderValue(new ProductHeaderValue("Competent-Agent")) });
await authenticator.AuthenticatePushAsync(null).ConfigureAwait(false);
}
catch (RegistryAuthenticationFailedException)
{
// Doesn't matter if auth fails. We only examine what we sent.
}
Assert.That(server.GetInputRead(), Does.Contain("User-Agent: Competent-Agent"));
}
}
public void TestFromAuthenticationMethod_basic()
{
Assert.IsNull(
RegistryAuthenticator.FromAuthenticationMethod(
new AuthenticationHeaderValue("Basic", "realm=\"https://somerealm\",service=\"someservice\",scope=\"somescope\""),
registryEndpointRequestProperties,
new[] { new ProductInfoHeaderValue(new ProductHeaderValue("userAgent")) }));
Assert.IsNull(
RegistryAuthenticator.FromAuthenticationMethod(
new AuthenticationHeaderValue("BASIC", "realm=\"https://somerealm\",service=\"someservice\",scope=\"somescope\""),
registryEndpointRequestProperties,
new[] { new ProductInfoHeaderValue(new ProductHeaderValue("userAgent")) }));
Assert.IsNull(
RegistryAuthenticator.FromAuthenticationMethod(
new AuthenticationHeaderValue("bASIC", "realm=\"https://somerealm\",service=\"someservice\",scope=\"somescope\""),
registryEndpointRequestProperties,
new[] { new ProductInfoHeaderValue(new ProductHeaderValue("userAgent")) }));
}
public void TestHandleHttpResponseException_pass()
{
const string authScheme = "Bearer";
const string authParamter = "realm=\"https://somerealm\",service=\"someservice\",scope=\"somescope\"";
using (var mockHttpResponse = new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
Headers =
{
WwwAuthenticate =
{
new AuthenticationHeaderValue(authScheme, authParamter)
}
}
})
{
RegistryAuthenticator registryAuthenticator =
testAuthenticationMethodRetriever.HandleHttpResponse(mockHttpResponse);
Assert.AreEqual(
new Uri("https://somerealm?service=someservice&scope=repository:someImageName:someScope"),
registryAuthenticator.GetAuthenticationUrl(null, "someScope"));
}
}
public async Task <BaseImageWithAuthorization> CallAsync()
{
IEventHandlers eventHandlers = buildConfiguration.GetEventHandlers();
// Skip this step if this is a scratch image
ImageConfiguration baseImageConfiguration = buildConfiguration.GetBaseImageConfiguration();
string description = string.Format(
CultureInfo.CurrentCulture,
Resources.PullBaseImageStepDescriptionFormat,
buildConfiguration.GetBaseImageConfiguration().GetImage());
eventHandlers.Dispatch(LogEvent.Progress(description));
if (baseImageConfiguration.GetImage().IsScratch())
{
return(new BaseImageWithAuthorization(
Image.CreateBuilder(buildConfiguration.GetTargetFormat()).Build(), null));
}
if (buildConfiguration.IsOffline())
{
return(new BaseImageWithAuthorization(PullBaseImageOffline(), null));
}
using (ProgressEventDispatcher progressEventDispatcher = progressEventDispatcherFactory.Create(description, 2))
using (new TimerEventDispatcher(buildConfiguration.GetEventHandlers(), description))
{
// First, try with no credentials.
try
{
return(new BaseImageWithAuthorization(await PullBaseImageAsync(null, progressEventDispatcher).ConfigureAwait(false), null));
}
catch (RegistryUnauthorizedException)
{
eventHandlers.Dispatch(
LogEvent.Lifecycle(
"The base image requires auth. Trying again for "
+ buildConfiguration.GetBaseImageConfiguration().GetImage()
+ "..."));
// If failed, then, retrieve base registry credentials and try with retrieved credentials.
// TODO: Refactor the logic in RetrieveRegistryCredentialsStep out to
// registry.credentials.RegistryCredentialsRetriever to avoid this direct executor hack.
RetrieveRegistryCredentialsStep retrieveBaseRegistryCredentialsStep =
RetrieveRegistryCredentialsStep.ForBaseImage(
buildConfiguration,
progressEventDispatcher.NewChildProducer());
Credential registryCredential = await retrieveBaseRegistryCredentialsStep.GetFuture().ConfigureAwait(false);
Authorization registryAuthorization =
registryCredential?.IsOAuth2RefreshToken() != false
? null
: Authorization.FromBasicCredentials(
registryCredential.GetUsername(), registryCredential.GetPassword());
try
{
return(new BaseImageWithAuthorization(
await PullBaseImageAsync(registryAuthorization, progressEventDispatcher).ConfigureAwait(false), registryAuthorization));
}
catch (RegistryUnauthorizedException)
{
// The registry requires us to authenticate using the Docker Token Authentication.
// See https://docs.docker.com/registry/spec/auth/token
try
{
RegistryAuthenticator registryAuthenticator =
await buildConfiguration
.NewBaseImageRegistryClientFactory()
.NewRegistryClient()
.GetRegistryAuthenticatorAsync().ConfigureAwait(false);
if (registryAuthenticator != null)
{
Authorization pullAuthorization =
await registryAuthenticator.AuthenticatePullAsync(registryCredential).ConfigureAwait(false);
return(new BaseImageWithAuthorization(
await PullBaseImageAsync(pullAuthorization, progressEventDispatcher).ConfigureAwait(false), pullAuthorization));
}
}
catch (InsecureRegistryException)
{
// Cannot skip certificate validation or use HTTP; fall through.
}
eventHandlers.Dispatch(LogEvent.Error(Resources.PullBaseImageStepAuthenticationErrorMessage));
throw;
}
}
}
}
public void IsOAuth2Auth_basicAuth()
{
Credential credential = Credential.From("name", "password");
Assert.IsFalse(RegistryAuthenticator.IsOAuth2Auth(credential));
}
public void IsOAuth2Auth_nullCredential()
{
Assert.IsFalse(RegistryAuthenticator.IsOAuth2Auth(null));
}
public void IsOAuth2Auth_oauth2()
{
Credential credential = Credential.From("<token>", "oauth2_token");
Assert.IsTrue(RegistryAuthenticator.IsOAuth2Auth(credential));
}
