From 0e1d46f8f98819f0a226dbecb99345c6ee55ca35 Mon Sep 17 00:00:00 2001 From: Santosh Date: Sat, 8 Jun 2024 11:15:15 +0530 Subject: [PATCH 1/3] Update to use PAT as auth in push and pull commands Signed-off-by: Santosh --- cmd/artifact_push.go | 3 ++- pkg/oci/ociClient.go | 20 ++++++++++++++------ 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/cmd/artifact_push.go b/cmd/artifact_push.go index a35c0af..04a27af 100644 --- a/cmd/artifact_push.go +++ b/cmd/artifact_push.go @@ -66,6 +66,7 @@ type pushFlags struct { annotations []string sign bool cosignKey string + creds string } var pushArgs pushFlags @@ -82,6 +83,7 @@ func init() { pushCmd.Flags().StringArrayVarP(&pushArgs.annotations, "annotations", "a", nil, "Set custom annotation in = format") pushCmd.Flags().BoolVarP(&pushArgs.sign, "sign", "s", false, "If set to true, signs the artifact with cosign in keyless mode") pushCmd.Flags().StringVarP(&pushArgs.cosignKey, "cosign-key", "k", "", "path to cosign private key") + pushCmd.Flags().StringVarP(&pushArgs.creds, "credentials", "c", "", "Credentials to authenticate with OCI registries ") artifactCmd.AddCommand(pushCmd) } @@ -149,7 +151,6 @@ func runPushCmd(cmd *cobra.Command, args []string) error { if err != nil { log.Errorf("appending content to artifact failed: %v", err) } - // TODO: Add userAgent header for HTTP requests made to OCI registry spin := utils.StartSpinner("pushing artifact") defer spin.Stop() opts, err := oci.GetCreds() diff --git a/pkg/oci/ociClient.go b/pkg/oci/ociClient.go index 23f7c43..bf55027 100644 --- a/pkg/oci/ociClient.go +++ b/pkg/oci/ociClient.go @@ -283,13 +283,21 @@ func GetCreds() ([]crane.Option, error) { return nil, errors.New("ARTIFACT_REGISTRY_PASSWORD environment variable not set") } - if user == "" || pass == "" { - return nil, errors.New("username or password is empty") + token, tokenSet := os.LookupEnv("ARTIFACT_REGISTRY_TOKEN") + + if tokenSet || token != "" { + // Token is set, use it + authConfig := authn.AuthConfig{RegistryToken: token} + opts = append(opts, crane.WithAuth(authn.FromConfig(authConfig))) + } else { + if user == "" || pass == "" { + return nil, errors.New("username or password is empty") + } + + // Create authentication config + authConfig := authn.AuthConfig{Username: user, Password: pass} + opts = append(opts, crane.WithAuth(authn.FromConfig(authConfig))) } - - // Create authentication config - authConfig := authn.AuthConfig{Username: user, Password: pass} - opts = append(opts, crane.WithAuth(authn.FromConfig(authConfig))) } else { // Other error occurred while checking for Docker config file return nil, fmt.Errorf("error checking Docker config at %s: %v", credPath, err) From 9b8cd745edfa5b5aeb168df1a22305a956cfb4b4 Mon Sep 17 00:00:00 2001 From: Santosh Date: Sat, 8 Jun 2024 11:27:22 +0530 Subject: [PATCH 2/3] Update: Add cred flag to push and pull commands Signed-off-by: Santosh --- cmd/artifact_pull.go | 3 ++- pkg/oci/ociClient.go | 2 -- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/cmd/artifact_pull.go b/cmd/artifact_pull.go index 2152d62..6e71dad 100644 --- a/cmd/artifact_pull.go +++ b/cmd/artifact_pull.go @@ -60,6 +60,7 @@ type pullFlags struct { dest string verify bool cosignKey string + creds string } var pullArgs pullFlags @@ -69,7 +70,7 @@ func init() { pullCmd.Flags().StringVarP(&pullArgs.dest, "dest", "d", "", "destination URL for pulling the artifact from") pullCmd.Flags().BoolVarP(&pullArgs.verify, "verify", "v", false, "Set signature verification of the artifact using Sigstore cosign") pullCmd.Flags().StringVarP(&pullArgs.cosignKey, "pub-key", "k", "", "Cosign public key for varifying the artifact") - + pushCmd.Flags().StringVarP(&pushArgs.creds, "credentials", "c", "", "Credentials to authenticate with OCI registries ") artifactCmd.AddCommand(pullCmd) } diff --git a/pkg/oci/ociClient.go b/pkg/oci/ociClient.go index bf55027..50ee611 100644 --- a/pkg/oci/ociClient.go +++ b/pkg/oci/ociClient.go @@ -189,8 +189,6 @@ func PullArtifact(ctx context.Context, dest, path string) error { url := parts[0] desiredTag := parts[1] - // TODO: Add userAgent header for HTTP requests made to OCI registry - opts, err := GetCreds() if err != nil { return fmt.Errorf("error getting credentials: %v", err) From 677498652d9c43fd7ee4dcc1b8f82c964b218867 Mon Sep 17 00:00:00 2001 From: Santosh Date: Sat, 8 Jun 2024 11:38:26 +0530 Subject: [PATCH 3/3] Fix lint errors Signed-off-by: Santosh --- cmd/artifact_pull.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/artifact_pull.go b/cmd/artifact_pull.go index 6e71dad..c50e809 100644 --- a/cmd/artifact_pull.go +++ b/cmd/artifact_pull.go @@ -70,7 +70,7 @@ func init() { pullCmd.Flags().StringVarP(&pullArgs.dest, "dest", "d", "", "destination URL for pulling the artifact from") pullCmd.Flags().BoolVarP(&pullArgs.verify, "verify", "v", false, "Set signature verification of the artifact using Sigstore cosign") pullCmd.Flags().StringVarP(&pullArgs.cosignKey, "pub-key", "k", "", "Cosign public key for varifying the artifact") - pushCmd.Flags().StringVarP(&pushArgs.creds, "credentials", "c", "", "Credentials to authenticate with OCI registries ") + pullCmd.Flags().StringVarP(&pullArgs.creds, "credentials", "c", "", "Credentials to authenticate with OCI registries ") artifactCmd.AddCommand(pullCmd) }