Skip to content

Move AuthConfig to types/registry, and implement utilities for encoding/decoding#43885

Merged
tianon merged 15 commits intomoby:masterfrom
thaJeztah:auth_header_refactor
Aug 3, 2022
Merged

Move AuthConfig to types/registry, and implement utilities for encoding/decoding#43885
tianon merged 15 commits intomoby:masterfrom
thaJeztah:auth_header_refactor

Conversation

@thaJeztah
Copy link
Copy Markdown
Member

@thaJeztah thaJeztah commented Jul 29, 2022

Had this branch lying around for quite a while, so did some dusting off to open it as a PR. See individual commits for details, but this is mostly to;

  • move the AuthConfig into the types/registry package to allow for more granular importing
  • have utilities for encoding/decoding, as it's not immediately trivial, and there was quite some duplication in that area. Having a canonical implementation can help make improvements and make sure that they're implemented consistently everywhere.

There's some bits remaining;

  • documentation of the types can be improved
  • I have a variant that adds support for un-padded base64url encoding. Some tooling may expect padding to be optional, so it may help to be slightly more flexible (especially as "invalid" values are ignored in many places
  • I was also playing with a variant where AuthConfig implemented a Stringer interface (and a MarshalText()), but not entirely sure if that's more convenient.
  • Perhaps a utility that doesn't require passing the value, but could obtain the auth-config from the request's headers.

- Description for the changelog

- A picture of a cute animal (not mandatory but encouraged)

@thaJeztah thaJeztah added area/api API status/2-code-review kind/refactor PR's that refactor, or clean-up code labels Jul 29, 2022
@thaJeztah thaJeztah requested a review from cpuguy83 as a code owner July 29, 2022 16:02
@thaJeztah thaJeztah force-pushed the auth_header_refactor branch 2 times, most recently from cd52009 to a2a2d43 Compare July 29, 2022 16:12
@thaJeztah thaJeztah added this to the v-next milestone Jul 29, 2022
@thaJeztah thaJeztah force-pushed the auth_header_refactor branch from a2a2d43 to 990c837 Compare July 29, 2022 18:34
thaJeztah added 15 commits July 29, 2022 23:04
@thaJeztah
api: add const for 'X-Registry-Auth'
857cb26 
Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah
api/types: move AuthConfig to registry types
818ee96 
Making the api types more focused per API type, and the general
api/types package somewhat smaller.

Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah
api/server/router: use types/registry.AuthConfig
d8a4339 
Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah
client: use types/registry.AuthConfig
eaf1a60 
Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah
daemon/cluster: use types/registry.AuthConfig
05eacf9 
Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah
daemon/images: use types/registry.AuthConfig
39f3adc 
Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah
daemon: use types/registry.AuthConfig
a02abca 
Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah
distribution: use types/registry.AuthConfig
04c339a 
Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah
plugin: use types/registry.AuthConfig
55d1a56 
Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah
registry: use types/registry.AuthConfig
d817f4d 
Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah
testutil, integration: use types/registry.AuthConfig
2b7416e 
Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah
daemon/containerd: use types/registry.AuthConfig
360d38a 
Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah
client: linting: fix "invalid auth header" error
e3a7a1c 
Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah
api: add registry.DecodeAuthConfig, registry.DecodeAuthConfigBody
7819811 
Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah
api: add registry.EncodeAuthConfig
7ca66e3 
Based on EncodeAuthToBase64 in docker/cli;
https://github.com/docker/cli/blob/1f4111d2bf3dbd9b6f5252c551621af84401b691/cli/command/registry.go#L30-L37

Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah thaJeztah force-pushed the auth_header_refactor branch from 990c837 to 7ca66e3 Compare July 29, 2022 21:11
tianon
tianon reviewed Aug 2, 2022
View reviewed changes
api/types/registry/authconfig.go
//
// For details on base64url encoding, see:
// - RFC4648, section 5: https://tools.ietf.org/html/rfc4648#section-5
func EncodeAuthConfig(authConfig AuthConfig) (string, error) {
Copy link
Copy Markdown
Member

@tianon tianon Aug 2, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the CLI code the intended consumer of this function?

Copy link
Copy Markdown
Member Author

@thaJeztah thaJeztah Aug 2, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently, yes; we can use this function to replace the EncodeAuthToBase64() that's currently living in docker/cli;
https://github.com/docker/cli/blob/1f4111d2bf3dbd9b6f5252c551621af84401b691/cli/command/registry.go#L30-L37

While admittedly, that'd mostly be shifting some code around, I think it makes sense to have the "encoding" and "decoding" logic to be together, and (as it's effectively part of the API's contract in what format to send this information), I think it makes sense to make it part of the API packages (instead of in "an" implementation of a CLI that uses the API).

w.r.t. the "currently" bit in the above; I'm somewhat learning towards making the encoding/decoding part of the client, so that code like https://github.com/docker/cli/blob/f1615facb1ca44e4336ab20e621315fc2cfb845a/cli/command/container/create.go#L127-L136 wouldn't be needed, and the "as-is" AuthConfig (or perhaps some other construct) could be passed as option.

I haven't worked on that yet (this would require changing some function signatures).

@tianon tianon merged commit e60bddc into moby:master Aug 3, 2022
@thaJeztah thaJeztah deleted the auth_header_refactor branch August 3, 2022 18:33
crazy-max pushed a commit to crazy-max/moby that referenced this pull request Sep 29, 2022
@tianon @crazy-max
Merge pull request moby#43885 from thaJeztah/auth_header_refactor
ffd5c2c 
Move AuthConfig to types/registry, and implement utilities for encoding/decoding
Signed-off-by: CrazyMax <[email protected]>
@thaJeztah thaJeztah mentioned this pull request Nov 23, 2022
Closed
@thaJeztah thaJeztah mentioned this pull request May 6, 2023
Merged
@Slijkhuis Slijkhuis mentioned this pull request Jul 17, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tianon tianon tianon approved these changes

@cpuguy83 cpuguy83 cpuguy83 approved these changes

@vvoland vvoland vvoland approved these changes

Assignees

No one assigned

Labels

area/api API kind/refactor PR's that refactor, or clean-up code status/2-code-review

Projects

None yet

Milestone

24.0.0

Development

Successfully merging this pull request may close these issues.

4 participants

@thaJeztah @tianon @cpuguy83 @vvoland