github/docker-registry-ui
1
0
Fork 1
mirror of https://github.com/Quiq/docker-registry-ui.git synced 2025-07-17 15:51:27 +00:00
Code Issues Projects Releases Wiki Activity

Made client renew password every 8th hour

Browse Source
This commit is contained in:
Daniel Olsson 2019-10-14 10:05:19 +02:00
parent 422847a8de
commit 625d5d2c4c
2 changed files with 47 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
main.go
View File

@ -8,6 +8,7 @@ import (
"net/url" "net/url"
"os" "os"
"strings" "strings"
"time"
"github.com/CloudyKit/jet" "github.com/CloudyKit/jet"
"github.com/labstack/echo" "github.com/labstack/echo"
@ -109,31 +110,7 @@ func main() {
} }
// Get authorization token for AWS ECR. // Get authorization token for AWS ECR.
if a.config.AWSRegion != "" { if a.config.AWSRegion != "" {
sess, err := session.NewSession(&aws.Config{ a.setAWSCredentials()
Region: aws.String(a.config.AWSRegion),
})
if err != nil {
panic(err)
}
// Get authorization token
input := &ecr.GetAuthorizationTokenInput{
RegistryIds: []*string{
aws.String(a.config.AWSRegistryID),
},
}
svc := ecr.New(sess)
authTokenOutput, err := svc.GetAuthorizationToken(input)
if err != nil {
panic(err)
}
authToken := *authTokenOutput.AuthorizationData[0].AuthorizationToken
decodedToken, err := base64.StdEncoding.DecodeString(authToken)
if err != nil {
panic(err)
}
// Override username and password with the ones found in token
a.config.Username = strings.Split(string(decodedToken), ":")[0]
a.config.Password = strings.Split(string(decodedToken), ":")[1]
} }
// Init registry API client. // Init registry API client.
@ -142,6 +119,17 @@ func main() {
panic(fmt.Errorf("cannot initialize api client or unsupported auth method")) panic(fmt.Errorf("cannot initialize api client or unsupported auth method"))
} }
// When using AWS ECR, renew AWS credentials
if a.config.AWSRegion != "" {
go func() {
for {
time.Sleep(time.Hour * 8)
a.setAWSCredentials()
a.client.RenewBasicAuth(a.config.Username, a.config.Password)
}
}()
}
// Execute CLI task and exit. // Execute CLI task and exit.
if purgeTags { if purgeTags {
a.purgeOldTags(purgeDryRun) a.purgeOldTags(purgeDryRun)
@ -198,6 +186,34 @@ func main() {
e.Logger.Fatal(e.Start(a.config.ListenAddr)) e.Logger.Fatal(e.Start(a.config.ListenAddr))
} }
func (a *apiClient) setAWSCredentials() {
sess, err := session.NewSession(&aws.Config{
Region: aws.String(a.config.AWSRegion),
})
if err != nil {
panic(err)
}
// Get authorization token
input := &ecr.GetAuthorizationTokenInput{
RegistryIds: []*string{
aws.String(a.config.AWSRegistryID),
},
}
svc := ecr.New(sess)
authTokenOutput, err := svc.GetAuthorizationToken(input)
if err != nil {
panic(err)
}
authToken := *authTokenOutput.AuthorizationData[0].AuthorizationToken
decodedToken, err := base64.StdEncoding.DecodeString(authToken)
if err != nil {
panic(err)
}
// Override username and password with the ones found in token
a.config.Username = strings.Split(string(decodedToken), ":")[0]
a.config.Password = strings.Split(string(decodedToken), ":")[1]
}
func (a *apiClient) viewRepositories(c echo.Context) error { func (a *apiClient) viewRepositories(c echo.Context) error {
namespace := c.Param("namespace") namespace := c.Param("namespace")
if namespace == "" { if namespace == "" {

6
registry/client.go
View File

@ -78,6 +78,12 @@ func NewClient(url string, verifyTLS bool, username, password string) *Client {
return c return c
} }
// RenewBasicAuth sets the basic auth credentials.
func (c *Client) RenewBasicAuth(username, password string) {
c.request = c.request.SetBasicAuth(username, password)
c.logger.Info("Renewed basic auth credentials")
}
// getToken get existing or new auth token. // getToken get existing or new auth token.
func (c *Client) getToken(scope string) string { func (c *Client) getToken(scope string) string {
// Check if we have already a token and it's not expired. // Check if we have already a token and it's not expired.