Skip to content

Commit

Permalink
feat: added a host-based auth cache as a fallback
Browse files Browse the repository at this point in the history 
Signed-off-by: Kyle M. Tarplee <[email protected]>
  • Loading branch information
@ktarplee
ktarplee committed Nov 28, 2023
1 parent 79a08b4 commit bc318bd
Showing 1 changed file with 65 additions and 1 deletion.
66 changes: 65 additions & 1 deletion registry/remote/auth/cache.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ import (
)

// DefaultCache is the sharable cache used by DefaultClient.
var DefaultCache Cache = NewCache()
var DefaultCache Cache = NewRobustCache()

// Cache caches the auth-scheme and auth-token for the "Authorization" header in
// accessing the remote registry.
Expand Down Expand Up @@ -157,3 +157,67 @@ func (noCache) GetToken(ctx context.Context, registry string, scheme Scheme, key
func (noCache) Set(ctx context.Context, registry string, scheme Scheme, key string, fetch func(context.Context) (string, error)) (string, error) {
return fetch(ctx)
}

// hostCache is an auth cache that ignores scopes. Uses only the registry's hostname to find a token.
type hostCache struct {
Cache
}

// GetToken implements Cache.
func (c *hostCache) GetToken(ctx context.Context, registry string, scheme Scheme, key string) (string, error) {
return c.Cache.GetToken(ctx, registry, scheme, "")
}

// Set implements Cache.
func (c *hostCache) Set(ctx context.Context, registry string, scheme Scheme, key string, fetch func(context.Context) (string, error)) (string, error) {
return c.Cache.Set(ctx, registry, scheme, "", fetch)
}

// fallbackCache tries the primary cache then falls back to the secondary cache.
type fallbackCache struct {
primary Cache
secondary Cache
}

// GetScheme implements Cache.
func (fc *fallbackCache) GetScheme(ctx context.Context, registry string) (Scheme, error) {
scheme, err := fc.primary.GetScheme(ctx, registry)
if err == nil {
return scheme, nil
}

Check warning on line 187 in registry/remote/auth/cache.go

View check run for this annotation

Codecov / codecov/patch

registry/remote/auth/cache.go#L186-L187 

Added lines #L186 - L187 were not covered by tests

// fallback
return fc.secondary.GetScheme(ctx, registry)
}

// GetToken implements Cache.
func (fc *fallbackCache) GetToken(ctx context.Context, registry string, scheme Scheme, key string) (string, error) {
token, err := fc.primary.GetToken(ctx, registry, scheme, key)
if err == nil {
return token, nil
}

Check warning on line 198 in registry/remote/auth/cache.go

View check run for this annotation

Codecov / codecov/patch

registry/remote/auth/cache.go#L197-L198 

Added lines #L197 - L198 were not covered by tests

// fallback
return fc.secondary.GetToken(ctx, registry, scheme, key)
}

// Set implements Cache.
func (fc *fallbackCache) Set(ctx context.Context, registry string, scheme Scheme, key string, fetch func(context.Context) (string, error)) (string, error) {
token, err := fc.primary.Set(ctx, registry, scheme, key, fetch)
if err != nil {
return token, err
}

Check warning on line 209 in registry/remote/auth/cache.go

View check run for this annotation

Codecov / codecov/patch

registry/remote/auth/cache.go#L208-L209 

Added lines #L208 - L209 were not covered by tests

return fc.secondary.Set(ctx, registry, scheme, key, func(ctx context.Context) (string, error) {
return token, nil
})
}

// NewRobustCache prefers scope-based auth but falls back to host-based auth.
func NewRobustCache() Cache {
cache := NewCache()
return &fallbackCache{
primary: cache,
secondary: &hostCache{cache},
}
}

0 comments on commit bc318bd

Please sign in to comment.