public async Task <Authorization> CallAsync() { Credential registryCredential = await retrieveTargetRegistryCredentialsStep.GetFuture().ConfigureAwait(false); string registry = buildConfiguration.GetTargetImageConfiguration().GetImageRegistry(); try { using (progressEventDispatcherFactory.Create("authenticating push to " + registry, 1)) using (new TimerEventDispatcher( buildConfiguration.GetEventHandlers(), string.Format(CultureInfo.CurrentCulture, DESCRIPTION, registry))) { RegistryAuthenticator registryAuthenticator = await buildConfiguration .NewTargetImageRegistryClientFactory() .NewRegistryClient() .GetRegistryAuthenticatorAsync().ConfigureAwait(false); if (registryAuthenticator != null) { return(await registryAuthenticator.AuthenticatePushAsync(registryCredential).ConfigureAwait(false)); } } } catch (InsecureRegistryException) { // Cannot skip certificate validation or use HTTP; fall through. } return(registryCredential?.IsOAuth2RefreshToken() != false ? null : Authorization.FromBasicCredentials( registryCredential.GetUsername(), registryCredential.GetPassword())); }
public void SetUp() { registryAuthenticator = RegistryAuthenticator.FromAuthenticationMethod( new AuthenticationHeaderValue("Bearer", "realm=\"https://somerealm\",service=\"someservice\",scope=\"somescope\""), registryEndpointRequestProperties, new[] { new ProductInfoHeaderValue(new ProductHeaderValue("userAgent")) }); }
public void TestFromAuthenticationMethod_noService() { RegistryAuthenticator registryAuthenticator = RegistryAuthenticator.FromAuthenticationMethod( new AuthenticationHeaderValue("Bearer", "realm=\"https://somerealm\""), registryEndpointRequestProperties, new[] { new ProductInfoHeaderValue(new ProductHeaderValue("userAgent")) }); Assert.AreEqual( new Uri("https://somerealm?service=someserver&scope=repository:someimage:scope"), registryAuthenticator.GetAuthenticationUrl(null, "scope")); }
public async Task TestGetRegistryAuthenticatorAsync() { RegistryClient registryClient = RegistryClient.CreateFactory(EventHandlers.NONE, "registry.hub.docker.com", "library/busybox") .NewRegistryClient(); RegistryAuthenticator registryAuthenticator = await registryClient.GetRegistryAuthenticatorAsync().ConfigureAwait(false); Assert.IsNotNull(registryAuthenticator); Authorization authorization = await registryAuthenticator.AuthenticatePullAsync(null).ConfigureAwait(false); RegistryClient authorizedRegistryClient = RegistryClient.CreateFactory(EventHandlers.NONE, "registry.hub.docker.com", "library/busybox") .SetAuthorization(authorization) .NewRegistryClient(); await authorizedRegistryClient.PullManifestAsync("latest").ConfigureAwait(false); }
public void TestFromAuthenticationMethod_noRealm() { try { RegistryAuthenticator.FromAuthenticationMethod( new AuthenticationHeaderValue("Bearer", "scope=\"somescope\""), registryEndpointRequestProperties, new[] { new ProductInfoHeaderValue(new ProductHeaderValue("userAgent")) }); Assert.Fail("Authentication method without 'realm' should fail"); } catch (RegistryAuthenticationFailedException ex) { Assert.AreEqual( "Failed to authenticate with registry someserver/someimage because: 'realm' was not found in the 'WWW-Authenticate' header, tried to parse: scope=\"somescope\"", ex.Message); } }
public async Task TestAuthenticateAsync() { ImageReference dockerHubImageReference = ImageReference.Parse("library/busybox"); RegistryAuthenticator registryAuthenticator = await RegistryClient.CreateFactory( EventHandlers.NONE, dockerHubImageReference.GetRegistry(), dockerHubImageReference.GetRepository()) .NewRegistryClient() .GetRegistryAuthenticatorAsync().ConfigureAwait(false); Assert.IsNotNull(registryAuthenticator); Authorization authorization = await registryAuthenticator.AuthenticatePullAsync(null).ConfigureAwait(false); // Checks that some token was received. Assert.IsTrue(0 < authorization.GetToken().Length); }
private async Task <BaseImageWithAuthorization> GetOauthBaseImage(IEventHandlers eventHandlers, ProgressEventDispatcher progressEventDispatcher) { try { RetrieveRegistryCredentialsStep retrieveBaseRegistryCredentialsStep = RetrieveRegistryCredentialsStep.ForBaseImage( buildConfiguration, progressEventDispatcher.NewChildProducer(), this.Index); Credential registryCredential = await retrieveBaseRegistryCredentialsStep.GetFuture().ConfigureAwait(false); Authorization registryAuthorization = registryCredential?.IsOAuth2RefreshToken() != false ? null : Authorization.FromBasicCredentials( registryCredential.GetUsername(), registryCredential.GetPassword()); RegistryAuthenticator registryAuthenticator = await buildConfiguration .NewBaseImageRegistryClientFactory() .NewRegistryClient() .GetRegistryAuthenticatorAsync().ConfigureAwait(false); if (registryAuthenticator != null) { Authorization pullAuthorization = await registryAuthenticator.AuthenticatePullAsync(registryCredential, eventHandlers) .ConfigureAwait(false); return(new BaseImageWithAuthorization( await PullBaseImageAsync(pullAuthorization, progressEventDispatcher) .ConfigureAwait(false), pullAuthorization)); } } catch (Exception e) { // Cannot skip certificate validation or use HTTP; fall through. eventHandlers.Dispatch(LogEvent.Error(Resources.PullBaseImageStepAuthenticationErrorMessage + ",err:" + e.Message)); throw; } eventHandlers.Dispatch(LogEvent.Error(Resources.PullBaseImageStepAuthenticationErrorMessage + ",err:BaseImageCredential not config ")); throw new Exception("BaseImageCredential not config"); }
public async Task TestUserAgentAsync() { using (TestWebServer server = new TestWebServer(false)) { try { RegistryAuthenticator authenticator = RegistryAuthenticator.FromAuthenticationMethod( new AuthenticationHeaderValue("Bearer", "realm=\"" + server.GetAddressAndPort() + "\""), registryEndpointRequestProperties, new[] { new ProductInfoHeaderValue(new ProductHeaderValue("Competent-Agent")) }); await authenticator.AuthenticatePushAsync(null).ConfigureAwait(false); } catch (RegistryAuthenticationFailedException) { // Doesn't matter if auth fails. We only examine what we sent. } Assert.That(server.GetInputRead(), Does.Contain("User-Agent: Competent-Agent")); } }
public void TestFromAuthenticationMethod_basic() { Assert.IsNull( RegistryAuthenticator.FromAuthenticationMethod( new AuthenticationHeaderValue("Basic", "realm=\"https://somerealm\",service=\"someservice\",scope=\"somescope\""), registryEndpointRequestProperties, new[] { new ProductInfoHeaderValue(new ProductHeaderValue("userAgent")) })); Assert.IsNull( RegistryAuthenticator.FromAuthenticationMethod( new AuthenticationHeaderValue("BASIC", "realm=\"https://somerealm\",service=\"someservice\",scope=\"somescope\""), registryEndpointRequestProperties, new[] { new ProductInfoHeaderValue(new ProductHeaderValue("userAgent")) })); Assert.IsNull( RegistryAuthenticator.FromAuthenticationMethod( new AuthenticationHeaderValue("bASIC", "realm=\"https://somerealm\",service=\"someservice\",scope=\"somescope\""), registryEndpointRequestProperties, new[] { new ProductInfoHeaderValue(new ProductHeaderValue("userAgent")) })); }
public void TestHandleHttpResponseException_pass() { const string authScheme = "Bearer"; const string authParamter = "realm=\"https://somerealm\",service=\"someservice\",scope=\"somescope\""; using (var mockHttpResponse = new HttpResponseMessage(HttpStatusCode.Unauthorized) { Headers = { WwwAuthenticate = { new AuthenticationHeaderValue(authScheme, authParamter) } } }) { RegistryAuthenticator registryAuthenticator = testAuthenticationMethodRetriever.HandleHttpResponse(mockHttpResponse); Assert.AreEqual( new Uri("https://somerealm?service=someservice&scope=repository:someImageName:someScope"), registryAuthenticator.GetAuthenticationUrl(null, "someScope")); } }
public async Task <BaseImageWithAuthorization> CallAsync() { IEventHandlers eventHandlers = buildConfiguration.GetEventHandlers(); // Skip this step if this is a scratch image ImageConfiguration baseImageConfiguration = buildConfiguration.GetBaseImageConfiguration(); string description = string.Format( CultureInfo.CurrentCulture, Resources.PullBaseImageStepDescriptionFormat, buildConfiguration.GetBaseImageConfiguration().GetImage()); eventHandlers.Dispatch(LogEvent.Progress(description)); if (baseImageConfiguration.GetImage().IsScratch()) { return(new BaseImageWithAuthorization( Image.CreateBuilder(buildConfiguration.GetTargetFormat()).Build(), null)); } if (buildConfiguration.IsOffline()) { return(new BaseImageWithAuthorization(PullBaseImageOffline(), null)); } using (ProgressEventDispatcher progressEventDispatcher = progressEventDispatcherFactory.Create(description, 2)) using (new TimerEventDispatcher(buildConfiguration.GetEventHandlers(), description)) { // First, try with no credentials. try { return(new BaseImageWithAuthorization(await PullBaseImageAsync(null, progressEventDispatcher).ConfigureAwait(false), null)); } catch (RegistryUnauthorizedException) { eventHandlers.Dispatch( LogEvent.Lifecycle( "The base image requires auth. Trying again for " + buildConfiguration.GetBaseImageConfiguration().GetImage() + "...")); // If failed, then, retrieve base registry credentials and try with retrieved credentials. // TODO: Refactor the logic in RetrieveRegistryCredentialsStep out to // registry.credentials.RegistryCredentialsRetriever to avoid this direct executor hack. RetrieveRegistryCredentialsStep retrieveBaseRegistryCredentialsStep = RetrieveRegistryCredentialsStep.ForBaseImage( buildConfiguration, progressEventDispatcher.NewChildProducer()); Credential registryCredential = await retrieveBaseRegistryCredentialsStep.GetFuture().ConfigureAwait(false); Authorization registryAuthorization = registryCredential?.IsOAuth2RefreshToken() != false ? null : Authorization.FromBasicCredentials( registryCredential.GetUsername(), registryCredential.GetPassword()); try { return(new BaseImageWithAuthorization( await PullBaseImageAsync(registryAuthorization, progressEventDispatcher).ConfigureAwait(false), registryAuthorization)); } catch (RegistryUnauthorizedException) { // The registry requires us to authenticate using the Docker Token Authentication. // See https://docs.docker.com/registry/spec/auth/token try { RegistryAuthenticator registryAuthenticator = await buildConfiguration .NewBaseImageRegistryClientFactory() .NewRegistryClient() .GetRegistryAuthenticatorAsync().ConfigureAwait(false); if (registryAuthenticator != null) { Authorization pullAuthorization = await registryAuthenticator.AuthenticatePullAsync(registryCredential).ConfigureAwait(false); return(new BaseImageWithAuthorization( await PullBaseImageAsync(pullAuthorization, progressEventDispatcher).ConfigureAwait(false), pullAuthorization)); } } catch (InsecureRegistryException) { // Cannot skip certificate validation or use HTTP; fall through. } eventHandlers.Dispatch(LogEvent.Error(Resources.PullBaseImageStepAuthenticationErrorMessage)); throw; } } } }
public void IsOAuth2Auth_basicAuth() { Credential credential = Credential.From("name", "password"); Assert.IsFalse(RegistryAuthenticator.IsOAuth2Auth(credential)); }
public void IsOAuth2Auth_nullCredential() { Assert.IsFalse(RegistryAuthenticator.IsOAuth2Auth(null)); }
public void IsOAuth2Auth_oauth2() { Credential credential = Credential.From("<token>", "oauth2_token"); Assert.IsTrue(RegistryAuthenticator.IsOAuth2Auth(credential)); }