Skip to content

Commit

Permalink
Merge pull request concourse#320 from SimonXming/upgrade-notary-gcr
Browse files Browse the repository at this point in the history
Upgrade github.com/simonshyu/notary-gcr
  • Loading branch information
Rui Yang authored Jun 17, 2022
2 parents 671c7bc + 9c62a0e commit 1e90288
Show file tree
Hide file tree
Showing 5 changed files with 39 additions and 7 deletions.
12 changes: 12 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -204,6 +204,18 @@ differences:
<code>tls_cert</code> <em>(Optional)</em>:
TLS certificate for the notary server.
</li>
<li>
<code>username</code> <em>(Optional)</em>:
Username for authorize Docker Registry with a Notary server(`content_trust.server`) attached.
</li>
<li>
<code>password</code> <em>(Optional)</em>:
Password for authorize Docker Registry with a Notary server(`content_trust.server`) attached.
</li>
<li>
<code>scopes</code> <em>(Optional)</em>:
What access for the resources requested, should be one of ['pull', 'push,pull', 'catalog']
</li>
</ul>
</td>
</tr>
Expand Down
18 changes: 16 additions & 2 deletions commands/out.go
Original file line number Diff line number Diff line change
Expand Up @@ -232,7 +232,7 @@ func signImages(req resource.OutRequest, img v1.Image, tags []name.Tag) error {
}

for _, tag := range tags {
trustedRepo, err := gcr.NewTrustedGcrRepository(notaryConfigDir, tag, createAuth(req))
trustedRepo, err := gcr.NewTrustedGcrRepository(notaryConfigDir, tag, createRegistryAuth(req), createNotaryAuth(req))
if err != nil {
return fmt.Errorf("create TrustedGcrRepository: %w", err)
}
Expand All @@ -250,7 +250,21 @@ func signImages(req resource.OutRequest, img v1.Image, tags []name.Tag) error {

// It's okay if both are blank. It will become an Anonymous Authenticator in
// that case.
func createAuth(req resource.OutRequest) *authn.Basic {
func createRegistryAuth(req resource.OutRequest) *authn.Basic {
return &authn.Basic{
Username: req.Source.Username,
Password: req.Source.Password,
}
}

func createNotaryAuth(req resource.OutRequest) *authn.Basic {
if req.Source.ContentTrust.Username != "" || req.Source.ContentTrust.Password != "" {
return &authn.Basic{
Username: req.Source.ContentTrust.Username,
Password: req.Source.ContentTrust.Password,
}
}
// keep compatibility, fallback to using source.username & source.password
return &authn.Basic{
Username: req.Source.Username,
Password: req.Source.Password,
Expand Down
4 changes: 1 addition & 3 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,9 @@ require (
github.com/google/go-containerregistry v0.8.0
github.com/onsi/ginkgo v1.16.4
github.com/onsi/gomega v1.19.0
github.com/simonshyu/notary-gcr v0.0.0-20211109021545-380a129b0e83
github.com/simonshyu/notary-gcr v0.0.0-20220601090547-d99a631aa58b
github.com/sirupsen/logrus v1.8.1
github.com/vbauerster/mpb v3.4.0+incompatible
)

replace github.com/simonshyu/notary-gcr => github.com/xtremerui/notary-gcr v0.0.0-20220307174448-84487b5997d2

go 1.16
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -773,6 +773,8 @@ github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdh
github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo=
github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
github.com/simonshyu/notary-gcr v0.0.0-20220601090547-d99a631aa58b h1:kUn9MHeKTptaFJSGHpWj+f0+ckEQPBPDw70qom6kvEs=
github.com/simonshyu/notary-gcr v0.0.0-20220601090547-d99a631aa58b/go.mod h1:Dw2ChFJTfDnT2+3+sTv0XKsRPmqwsUk54m49WVBew0w=
github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
Expand Down Expand Up @@ -857,8 +859,6 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:
github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs=
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
github.com/xtremerui/notary-gcr v0.0.0-20220307174448-84487b5997d2 h1:TizTPADAcLkNjUd1PcnU4QQQ1sHiKVmIFva2/AfVSd0=
github.com/xtremerui/notary-gcr v0.0.0-20220307174448-84487b5997d2/go.mod h1:Dw2ChFJTfDnT2+3+sTv0XKsRPmqwsUk54m49WVBew0w=
github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
Expand Down
8 changes: 8 additions & 0 deletions types.go
Original file line number Diff line number Diff line change
Expand Up @@ -205,6 +205,9 @@ type ContentTrust struct {
RepositoryPassphrase string `json:"repository_passphrase"`
TLSKey string `json:"tls_key"`
TLSCert string `json:"tls_cert"`
Scopes string `json:"scopes,omitempty"`

BasicCredentials
}

/* Create notary config directory with following structure
Expand All @@ -227,6 +230,11 @@ func (ct *ContentTrust) PrepareConfigDir() (string, error) {
configObj["server_url"] = ct.Server
configObj["root_passphrase"] = ""
configObj["repository_passphrase"] = ct.RepositoryPassphrase
if ct.Scopes == "" {
configObj["scopes"] = transport.PushScope
} else {
configObj["scopes"] = ct.Scopes
}

configData, err := json.Marshal(configObj)
if err != nil {
Expand Down

0 comments on commit 1e90288

Please sign in to comment.