github.com/demonoid81/containerd@v1.3.4/cmd/ctr/commands/resolver.go

github.com/demonoid81/containerd@v1.3.4/cmd/ctr/commands/resolver.go (about)

     1  /*
     2     Copyright The containerd Authors.
     3  
     4     Licensed under the Apache License, Version 2.0 (the "License");
     5     you may not use this file except in compliance with the License.
     6     You may obtain a copy of the License at
     7  
     8         http://www.apache.org/licenses/LICENSE-2.0
     9  
    10     Unless required by applicable law or agreed to in writing, software
    11     distributed under the License is distributed on an "AS IS" BASIS,
    12     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13     See the License for the specific language governing permissions and
    14     limitations under the License.
    15  */
    16  
    17  package commands
    18  
    19  import (
    20  	"bufio"
    21  	gocontext "context"
    22  	"crypto/tls"
    23  	"fmt"
    24  	"net"
    25  	"net/http"
    26  	"strings"
    27  	"time"
    28  
    29  	"github.com/containerd/console"
    30  	"github.com/containerd/containerd/remotes"
    31  	"github.com/containerd/containerd/remotes/docker"
    32  	"github.com/pkg/errors"
    33  	"github.com/urfave/cli"
    34  )
    35  
    36  // PushTracker returns a new InMemoryTracker which tracks the ref status
    37  var PushTracker = docker.NewInMemoryTracker()
    38  
    39  func passwordPrompt() (string, error) {
    40  	c := console.Current()
    41  	defer c.Reset()
    42  
    43  	if err := c.DisableEcho(); err != nil {
    44  		return "", errors.Wrap(err, "failed to disable echo")
    45  	}
    46  
    47  	line, _, err := bufio.NewReader(c).ReadLine()
    48  	if err != nil {
    49  		return "", errors.Wrap(err, "failed to read line")
    50  	}
    51  	return string(line), nil
    52  }
    53  
    54  // GetResolver prepares the resolver from the environment and options
    55  func GetResolver(ctx gocontext.Context, clicontext *cli.Context) (remotes.Resolver, error) {
    56  	username := clicontext.String("user")
    57  	var secret string
    58  	if i := strings.IndexByte(username, ':'); i > 0 {
    59  		secret = username[i+1:]
    60  		username = username[0:i]
    61  	}
    62  	options := docker.ResolverOptions{
    63  		PlainHTTP: clicontext.Bool("plain-http"),
    64  		Tracker:   PushTracker,
    65  	}
    66  	if username != "" {
    67  		if secret == "" {
    68  			fmt.Printf("Password: ")
    69  
    70  			var err error
    71  			secret, err = passwordPrompt()
    72  			if err != nil {
    73  				return nil, err
    74  			}
    75  
    76  			fmt.Print("\n")
    77  		}
    78  	} else if rt := clicontext.String("refresh"); rt != "" {
    79  		secret = rt
    80  	}
    81  
    82  	tr := &http.Transport{
    83  		Proxy: http.ProxyFromEnvironment,
    84  		DialContext: (&net.Dialer{
    85  			Timeout:   30 * time.Second,
    86  			KeepAlive: 30 * time.Second,
    87  			DualStack: true,
    88  		}).DialContext,
    89  		MaxIdleConns:        10,
    90  		IdleConnTimeout:     30 * time.Second,
    91  		TLSHandshakeTimeout: 10 * time.Second,
    92  		TLSClientConfig: &tls.Config{
    93  			InsecureSkipVerify: clicontext.Bool("skip-verify"),
    94  		},
    95  		ExpectContinueTimeout: 5 * time.Second,
    96  	}
    97  
    98  	options.Client = &http.Client{
    99  		Transport: tr,
   100  	}
   101  
   102  	credentials := func(host string) (string, string, error) {
   103  		// Only one host
   104  		return username, secret, nil
   105  	}
   106  	authOpts := []docker.AuthorizerOpt{docker.WithAuthClient(options.Client), docker.WithAuthCreds(credentials)}
   107  	options.Authorizer = docker.NewDockerAuthorizer(authOpts...)
   108  
   109  	return docker.NewResolver(options), nil
   110  }