Add --registry-token flags to support Bearer token authentication

Signed-off-by: Alvaro Iradier <airadier@gmail.com>
2025-09-01 14:47:10 +00:00 · 2020-09-18 11:40:51 +02:00
parent bbd800f974
commit 3c73c0c0cd
7 changed files with 24 additions and 0 deletions
--- a/cmd/skopeo/utils.go
+++ b/cmd/skopeo/utils.go
@@ -57,6 +57,7 @@ type dockerImageOptions struct {
 	shared         *sharedImageOptions // May be shared across several imageOptions instances.
 	authFilePath   optionalString      // Path to a */containers/auth.json (prefixed version to override shared image option).
 	credsOption    optionalString      // username[:password] for accessing a registry
+	registryToken  optionalString      // token to be used directy as a Bearer token when accessing the registry
 	dockerCertPath string              // A directory using Docker-like *.{crt,cert,key} files for connecting to a registry or a daemon
 	tlsVerify      optionalBool        // Require HTTPS and verify certificates (for docker: and docker-daemon:)
 	noCreds        bool                // Access the registry anonymously
@@ -95,6 +96,7 @@ func dockerImageFlags(global *globalOptions, shared *sharedImageOptions, flagPre
 	fs.StringVar(&flags.dockerCertPath, flagPrefix+"cert-dir", "", "use certificates at `PATH` (*.crt, *.cert, *.key) to connect to the registry or daemon")
 	optionalBoolFlag(&fs, &flags.tlsVerify, flagPrefix+"tls-verify", "require HTTPS and verify certificates when talking to the container registry or daemon (defaults to true)")
 	fs.BoolVar(&flags.noCreds, flagPrefix+"no-creds", false, "Access the registry anonymously")
+	fs.Var(newOptionalStringValue(&flags.registryToken), flagPrefix+"registry-token", "Provide a Bearer token for accessing the registry")
 	return fs, &flags
 }

@@ -131,6 +133,9 @@ func (opts *imageOptions) newSystemContext() (*types.SystemContext, error) {
 	ctx.AuthFilePath = opts.shared.authFilePath
 	ctx.DockerDaemonHost = opts.dockerDaemonHost
 	ctx.DockerDaemonCertPath = opts.dockerCertPath
+	if opts.registryToken.present {
+		ctx.DockerBearerRegistryToken = opts.registryToken.value
+	}
 	if opts.dockerImageOptions.authFilePath.present {
 		ctx.AuthFilePath = opts.dockerImageOptions.authFilePath.value
 	}
--- a/completions/bash/skopeo
+++ b/completions/bash/skopeo
@@ -49,6 +49,8 @@ _skopeo_copy() {
    --dest-tls-verify
    --src-daemon-host
    --dest-daemon-host
+    --src-registry-token
+    --dest-registry-token
    "

    local boolean_options="
@@ -74,6 +76,7 @@ _skopeo_inspect() {
     --creds
     --cert-dir
     --retry-times
+     --registry-token
     "
     local boolean_options="
     --config
@@ -120,6 +123,7 @@ _skopeo_delete() {
     --authfile
     --creds
     --cert-dir
+     --registry-token
     "
     local boolean_options="
     --tls-verify
@@ -150,6 +154,7 @@ _skopeo_list_repository_tags() {
     --authfile
     --creds
     --cert-dir
+     --registry-token
     "

     local boolean_options="
--- a/docs/skopeo-copy.1.md
+++ b/docs/skopeo-copy.1.md
@@ -84,6 +84,10 @@ Existing signatures, if any, are preserved as well.

 **--dest-compress-level** _format_ Specifies the compression level to use.  The value is specific to the compression algorithm used, e.g. for zstd the accepted values are in the range 1-20 (inclusive), while for gzip it is 1-9 (inclusive).

+**--src-registry-token** _Bearer token_ for accessing the source registry
+
+**--dest-registry-token** _Bearer token_ for accessing the destination registry
+
 ## EXAMPLES

 To just copy an image from one registry to another:
--- a/docs/skopeo-delete.1.md
+++ b/docs/skopeo-delete.1.md
@@ -34,6 +34,8 @@ $ docker exec -it registry /usr/bin/registry garbage-collect /etc/docker-distrib

 Additionally, the registry must allow deletions by setting `REGISTRY_STORAGE_DELETE_ENABLED=true` for the registry daemon.

+**--registry-token** _Bearer token_ for accessing the registry
+
 ## EXAMPLES

 Mark image example/pause for deletion from the registry.example.com registry:
--- a/docs/skopeo-inspect.1.md
+++ b/docs/skopeo-inspect.1.md
@@ -35,6 +35,8 @@ Return low-level information about _image-name_ in a registry

  **--no-creds** _bool-value_ Access the registry anonymously.

+  **--registry-token** _Bearer token_ for accessing the registry
+
 ## EXAMPLES

 To review information for the image fedora from the docker.io registry:
--- a/docs/skopeo-list-tags.1.md
+++ b/docs/skopeo-list-tags.1.md
@@ -23,6 +23,8 @@ Return a list of tags from _repository-name_ in a registry.

  **--no-creds** _bool-value_ Access the registry anonymously.

+  **--registry-token** _Bearer token_ for accessing the registry
+
 ## REPOSITORY NAMES

 Repository names are transport-specific references as each transport may have its own concept of a "repository" and "tags". Currently, only the Docker transport is supported.
--- a/docs/skopeo-sync.1.md
+++ b/docs/skopeo-sync.1.md
@@ -71,6 +71,10 @@ Path of the authentication file for the destination registry. Uses path given by

 **--dest-tls-verify** _bool-value_ Require HTTPS and verify certificates when talking to a container destination registry or daemon (defaults to true).

+**--src-registry-token** _Bearer token_ for accessing the source registry
+
+**--dest-registry-token** _Bearer token_ for accessing the destination registry
+
 ## EXAMPLES

 ### Synchronizing to a local directory