From e27b6e610a6fe5f015a0c6347abb94390c37524f Mon Sep 17 00:00:00 2001 From: Ming Xu Date: Thu, 2 Jun 2022 14:36:44 +0800 Subject: [PATCH 1/2] Upgrade github.com/simonshyu/notary-gcr to v0.0.0-20220601090547-d99a631aa58b Signed-off-by: Ming Xu --- commands/out.go | 18 ++++++++++++++++-- go.mod | 4 +--- go.sum | 4 ++-- types.go | 8 ++++++++ 4 files changed, 27 insertions(+), 7 deletions(-) diff --git a/commands/out.go b/commands/out.go index 1f87ea3..04ce108 100644 --- a/commands/out.go +++ b/commands/out.go @@ -232,7 +232,7 @@ func signImages(req resource.OutRequest, img v1.Image, tags []name.Tag) error { } for _, tag := range tags { - trustedRepo, err := gcr.NewTrustedGcrRepository(notaryConfigDir, tag, createAuth(req)) + trustedRepo, err := gcr.NewTrustedGcrRepository(notaryConfigDir, tag, createRegistryAuth(req), createNotaryAuth(req)) if err != nil { return fmt.Errorf("create TrustedGcrRepository: %w", err) } @@ -250,7 +250,21 @@ func signImages(req resource.OutRequest, img v1.Image, tags []name.Tag) error { // It's okay if both are blank. It will become an Anonymous Authenticator in // that case. -func createAuth(req resource.OutRequest) *authn.Basic { +func createRegistryAuth(req resource.OutRequest) *authn.Basic { + return &authn.Basic{ + Username: req.Source.Username, + Password: req.Source.Password, + } +} + +func createNotaryAuth(req resource.OutRequest) *authn.Basic { + if req.Source.ContentTrust.Username != "" || req.Source.ContentTrust.Password != "" { + return &authn.Basic{ + Username: req.Source.ContentTrust.Username, + Password: req.Source.ContentTrust.Password, + } + } + // keep compatibility, fallback to using source.username & source.password return &authn.Basic{ Username: req.Source.Username, Password: req.Source.Password, diff --git a/go.mod b/go.mod index e35f69c..4086035 100644 --- a/go.mod +++ b/go.mod @@ -11,11 +11,9 @@ require ( github.com/google/go-containerregistry v0.8.0 github.com/onsi/ginkgo v1.16.4 github.com/onsi/gomega v1.19.0 - github.com/simonshyu/notary-gcr v0.0.0-20211109021545-380a129b0e83 + github.com/simonshyu/notary-gcr v0.0.0-20220601090547-d99a631aa58b github.com/sirupsen/logrus v1.8.1 github.com/vbauerster/mpb v3.4.0+incompatible ) -replace github.com/simonshyu/notary-gcr => github.com/xtremerui/notary-gcr v0.0.0-20220307174448-84487b5997d2 - go 1.16 diff --git a/go.sum b/go.sum index 3e03267..886ec99 100644 --- a/go.sum +++ b/go.sum @@ -773,6 +773,8 @@ github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdh github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= +github.com/simonshyu/notary-gcr v0.0.0-20220601090547-d99a631aa58b h1:kUn9MHeKTptaFJSGHpWj+f0+ckEQPBPDw70qom6kvEs= +github.com/simonshyu/notary-gcr v0.0.0-20220601090547-d99a631aa58b/go.mod h1:Dw2ChFJTfDnT2+3+sTv0XKsRPmqwsUk54m49WVBew0w= github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= @@ -857,8 +859,6 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1: github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= -github.com/xtremerui/notary-gcr v0.0.0-20220307174448-84487b5997d2 h1:TizTPADAcLkNjUd1PcnU4QQQ1sHiKVmIFva2/AfVSd0= -github.com/xtremerui/notary-gcr v0.0.0-20220307174448-84487b5997d2/go.mod h1:Dw2ChFJTfDnT2+3+sTv0XKsRPmqwsUk54m49WVBew0w= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= diff --git a/types.go b/types.go index c8f6f65..eaac9e2 100644 --- a/types.go +++ b/types.go @@ -205,6 +205,9 @@ type ContentTrust struct { RepositoryPassphrase string `json:"repository_passphrase"` TLSKey string `json:"tls_key"` TLSCert string `json:"tls_cert"` + Scopes string `json:"scopes,omitempty"` + + BasicCredentials } /* Create notary config directory with following structure @@ -227,6 +230,11 @@ func (ct *ContentTrust) PrepareConfigDir() (string, error) { configObj["server_url"] = ct.Server configObj["root_passphrase"] = "" configObj["repository_passphrase"] = ct.RepositoryPassphrase + if ct.Scopes == "" { + configObj["scopes"] = transport.PushScope + } else { + configObj["scopes"] = ct.Scopes + } configData, err := json.Marshal(configObj) if err != nil { From 9c62a0e5f5e342bb1660861b6b0958e25500ea19 Mon Sep 17 00:00:00 2001 From: Ming Xu Date: Mon, 6 Jun 2022 10:52:24 +0800 Subject: [PATCH 2/2] Update README.md Signed-off-by: Ming Xu --- README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/README.md b/README.md index ba00b6a..591e942 100644 --- a/README.md +++ b/README.md @@ -204,6 +204,18 @@ differences: tls_cert (Optional): TLS certificate for the notary server. +
  • + username (Optional): + Username for authorize Docker Registry with a Notary server(`content_trust.server`) attached. +
  • +
  • + password (Optional): + Password for authorize Docker Registry with a Notary server(`content_trust.server`) attached. +
  • +
  • + scopes (Optional): + What access for the resources requested, should be one of ['pull', 'push,pull', 'catalog'] +