github.com/kastenhq/syft@v0.0.0-20230821225854-0710af25cdbe/internal/config/registry.go

github.com/kastenhq/syft@v0.0.0-20230821225854-0710af25cdbe/internal/config/registry.go (about)

     1  package config
     2  
     3  import (
     4  	"os"
     5  
     6  	"github.com/spf13/viper"
     7  
     8  	"github.com/anchore/stereoscope/pkg/image"
     9  )
    10  
    11  type RegistryCredentials struct {
    12  	Authority string `yaml:"authority" json:"authority" mapstructure:"authority"`
    13  	// IMPORTANT: do not show the username in any YAML/JSON output (sensitive information)
    14  	Username string `yaml:"-" json:"-" mapstructure:"username"`
    15  	// IMPORTANT: do not show the password in any YAML/JSON output (sensitive information)
    16  	Password string `yaml:"-" json:"-" mapstructure:"password"`
    17  	// IMPORTANT: do not show the token in any YAML/JSON output (sensitive information)
    18  	Token string `yaml:"-" json:"-" mapstructure:"token"`
    19  }
    20  
    21  type registry struct {
    22  	InsecureSkipTLSVerify bool                  `yaml:"insecure-skip-tls-verify" json:"insecure-skip-tls-verify" mapstructure:"insecure-skip-tls-verify"`
    23  	InsecureUseHTTP       bool                  `yaml:"insecure-use-http" json:"insecure-use-http" mapstructure:"insecure-use-http"`
    24  	Auth                  []RegistryCredentials `yaml:"auth" json:"auth" mapstructure:"auth"`
    25  }
    26  
    27  func (cfg registry) loadDefaultValues(v *viper.Viper) {
    28  	v.SetDefault("registry.insecure-skip-tls-verify", false)
    29  	v.SetDefault("registry.insecure-use-http", false)
    30  	v.SetDefault("registry.auth", []RegistryCredentials{})
    31  }
    32  
    33  //nolint:unparam
    34  func (cfg *registry) parseConfigValues() error {
    35  	// there may be additional credentials provided by env var that should be appended to the set of credentials
    36  	authority, username, password, token :=
    37  		os.Getenv("SYFT_REGISTRY_AUTH_AUTHORITY"),
    38  		os.Getenv("SYFT_REGISTRY_AUTH_USERNAME"),
    39  		os.Getenv("SYFT_REGISTRY_AUTH_PASSWORD"),
    40  		os.Getenv("SYFT_REGISTRY_AUTH_TOKEN")
    41  
    42  	if hasNonEmptyCredentials(username, password, token) {
    43  		// note: we prepend the credentials such that the environment variables take precedence over on-disk configuration.
    44  		cfg.Auth = append([]RegistryCredentials{
    45  			{
    46  				Authority: authority,
    47  				Username:  username,
    48  				Password:  password,
    49  				Token:     token,
    50  			},
    51  		}, cfg.Auth...)
    52  	}
    53  	return nil
    54  }
    55  
    56  func hasNonEmptyCredentials(username, password, token string) bool {
    57  	return password != "" && username != "" || token != ""
    58  }
    59  
    60  func (cfg *registry) ToOptions() *image.RegistryOptions {
    61  	var auth = make([]image.RegistryCredentials, len(cfg.Auth))
    62  	for i, a := range cfg.Auth {
    63  		auth[i] = image.RegistryCredentials{
    64  			Authority: a.Authority,
    65  			Username:  a.Username,
    66  			Password:  a.Password,
    67  			Token:     a.Token,
    68  		}
    69  	}
    70  	return &image.RegistryOptions{
    71  		InsecureSkipTLSVerify: cfg.InsecureSkipTLSVerify,
    72  		InsecureUseHTTP:       cfg.InsecureUseHTTP,
    73  		Credentials:           auth,
    74  	}
    75  }