From 6beaffa36388f7e27c4df0645f8cdefcc22cf7fa Mon Sep 17 00:00:00 2001 From: bourd0n Date: Fri, 16 Mar 2018 01:11:57 +0300 Subject: [PATCH 1/3] Add ability to configure 'forceBasicAuth' for docker registries --- .../provisioning/RepositoryApiImpl.groovy | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/plugins/nexus-script-plugin/src/main/java/org/sonatype/nexus/script/plugin/internal/provisioning/RepositoryApiImpl.groovy b/plugins/nexus-script-plugin/src/main/java/org/sonatype/nexus/script/plugin/internal/provisioning/RepositoryApiImpl.groovy index db62c99de8..6f683ad170 100644 --- a/plugins/nexus-script-plugin/src/main/java/org/sonatype/nexus/script/plugin/internal/provisioning/RepositoryApiImpl.groovy +++ b/plugins/nexus-script-plugin/src/main/java/org/sonatype/nexus/script/plugin/internal/provisioning/RepositoryApiImpl.groovy @@ -265,11 +265,12 @@ class RepositoryApiImpl final String blobStoreName = BlobStoreManager.DEFAULT_BLOBSTORE_NAME, final boolean strictContentTypeValidation = true, final boolean v1Enabled = true, - final WritePolicy writePolicy = WritePolicy.ALLOW + final WritePolicy writePolicy = WritePolicy.ALLOW, + final boolean forceBasicAuth = false ) { Configuration configuration = createHosted(name, 'docker-hosted', blobStoreName, writePolicy, strictContentTypeValidation) - configuration.attributes.docker = configureDockerAttributes(httpPort, httpsPort, v1Enabled) + configuration.attributes.docker = configureDockerAttributes(httpPort, httpsPort, v1Enabled, forceBasicAuth) createRepository(configuration) } @@ -283,10 +284,11 @@ class RepositoryApiImpl @Nullable Integer httpsPort, final String blobStoreName = BlobStoreManager.DEFAULT_BLOBSTORE_NAME, final boolean strictContentTypeValidation = true, - final boolean v1Enabled = true) + final boolean v1Enabled = true, + final boolean forceBasicAuth = false) { Configuration configuration = createProxy(name, 'docker-proxy', remoteUrl, blobStoreName, strictContentTypeValidation) - configuration.attributes.docker = configureDockerAttributes(httpPort, httpsPort, v1Enabled) + configuration.attributes.docker = configureDockerAttributes(httpPort, httpsPort, v1Enabled, forceBasicAuth) configuration.attributes.dockerProxy = [ indexType: indexType, indexUrl : indexUrl @@ -301,10 +303,11 @@ class RepositoryApiImpl @Nullable Integer httpsPort, final List members, final boolean v1Enabled = true, - final String blobStoreName = BlobStoreManager.DEFAULT_BLOBSTORE_NAME) + final String blobStoreName = BlobStoreManager.DEFAULT_BLOBSTORE_NAME, + final boolean forceBasicAuth = false) { Configuration configuration = createGroup(name, 'docker-group', blobStoreName, members as String[]) - configuration.attributes.docker = configureDockerAttributes(httpPort, httpsPort, v1Enabled) + configuration.attributes.docker = configureDockerAttributes(httpPort, httpsPort, v1Enabled, forceBasicAuth) createRepository(configuration) } @@ -422,7 +425,7 @@ class RepositoryApiImpl [versionPolicy: versionPolicy, layoutPolicy: layoutPolicy] } - private static Map configureDockerAttributes(Integer httpPort, Integer httpsPort, boolean v1Enabled) { + private static Map configureDockerAttributes(Integer httpPort, Integer httpsPort, boolean v1Enabled, boolean forceBasicAuth) { def docker = [:] if (httpPort) { docker.httpPort = httpPort @@ -431,6 +434,7 @@ class RepositoryApiImpl docker.httpsPort = httpsPort } docker.v1Enabled = v1Enabled + docker.forceBasicAuth = forceBasicAuth return docker } From 0f8ee2bfc46c9c45e1bbb30d351be44aa50d6c28 Mon Sep 17 00:00:00 2001 From: bourd0n Date: Fri, 16 Mar 2018 11:33:38 +0300 Subject: [PATCH 2/3] Add method to interface --- .../nexus/script/plugin/RepositoryApi.java | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/plugins/nexus-script-plugin/src/main/java/org/sonatype/nexus/script/plugin/RepositoryApi.java b/plugins/nexus-script-plugin/src/main/java/org/sonatype/nexus/script/plugin/RepositoryApi.java index 57e10701d8..b2fa1ba27f 100644 --- a/plugins/nexus-script-plugin/src/main/java/org/sonatype/nexus/script/plugin/RepositoryApi.java +++ b/plugins/nexus-script-plugin/src/main/java/org/sonatype/nexus/script/plugin/RepositoryApi.java @@ -213,6 +213,27 @@ Repository createDockerHosted(final String name, final boolean strictContentTypeValidation, final WritePolicy writePolicy); + /** + * Create a Docker hosted repository. + * @param name The name of the new Repository + * @param httpPort The http port to accept traffic for this Repository on (optional) + * @param httpsPort The https port to accept traffic for this Repository on (optional) + * @param blobStoreName The BlobStore the Repository should use + * @param v1Enabled Whether or not this Repository supports Docker V1 format + * @param strictContentTypeValidation Whether or not the Repository should enforce strict content types + * @param writePolicy The {@link WritePolicy} for the Repository + * @param forceBasicAuth whether or not this Repository should support anonymous pull + * @return the newly created Repository + */ + Repository createDockerHosted(final String name, + Integer httpPort, + Integer httpsPort, + final String blobStoreName, + final boolean v1Enabled, + final boolean strictContentTypeValidation, + final WritePolicy writePolicy, + final boolean forceBasicAuth); + /** * Create a Docker proxy repository. * From fa64227ba6174331c2167b2fea472006f7820c77 Mon Sep 17 00:00:00 2001 From: bourd0n Date: Fri, 16 Mar 2018 22:24:59 +0300 Subject: [PATCH 3/3] Fix javadoc and set default value of forceBasicAuth to true --- .../org/sonatype/nexus/script/plugin/RepositoryApi.java | 2 +- .../plugin/internal/provisioning/RepositoryApiImpl.groovy | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/plugins/nexus-script-plugin/src/main/java/org/sonatype/nexus/script/plugin/RepositoryApi.java b/plugins/nexus-script-plugin/src/main/java/org/sonatype/nexus/script/plugin/RepositoryApi.java index b2fa1ba27f..40072e63f6 100644 --- a/plugins/nexus-script-plugin/src/main/java/org/sonatype/nexus/script/plugin/RepositoryApi.java +++ b/plugins/nexus-script-plugin/src/main/java/org/sonatype/nexus/script/plugin/RepositoryApi.java @@ -222,7 +222,7 @@ Repository createDockerHosted(final String name, * @param v1Enabled Whether or not this Repository supports Docker V1 format * @param strictContentTypeValidation Whether or not the Repository should enforce strict content types * @param writePolicy The {@link WritePolicy} for the Repository - * @param forceBasicAuth whether or not this Repository should support anonymous pull + * @param forceBasicAuth whether to force basic auth. False is required to enable token auth which can be used for anonymous access * @return the newly created Repository */ Repository createDockerHosted(final String name, diff --git a/plugins/nexus-script-plugin/src/main/java/org/sonatype/nexus/script/plugin/internal/provisioning/RepositoryApiImpl.groovy b/plugins/nexus-script-plugin/src/main/java/org/sonatype/nexus/script/plugin/internal/provisioning/RepositoryApiImpl.groovy index 6f683ad170..66609fa630 100644 --- a/plugins/nexus-script-plugin/src/main/java/org/sonatype/nexus/script/plugin/internal/provisioning/RepositoryApiImpl.groovy +++ b/plugins/nexus-script-plugin/src/main/java/org/sonatype/nexus/script/plugin/internal/provisioning/RepositoryApiImpl.groovy @@ -266,7 +266,7 @@ class RepositoryApiImpl final boolean strictContentTypeValidation = true, final boolean v1Enabled = true, final WritePolicy writePolicy = WritePolicy.ALLOW, - final boolean forceBasicAuth = false + final boolean forceBasicAuth = true ) { Configuration configuration = createHosted(name, 'docker-hosted', blobStoreName, writePolicy, strictContentTypeValidation) @@ -285,7 +285,7 @@ class RepositoryApiImpl final String blobStoreName = BlobStoreManager.DEFAULT_BLOBSTORE_NAME, final boolean strictContentTypeValidation = true, final boolean v1Enabled = true, - final boolean forceBasicAuth = false) + final boolean forceBasicAuth = true) { Configuration configuration = createProxy(name, 'docker-proxy', remoteUrl, blobStoreName, strictContentTypeValidation) configuration.attributes.docker = configureDockerAttributes(httpPort, httpsPort, v1Enabled, forceBasicAuth) @@ -304,7 +304,7 @@ class RepositoryApiImpl final List members, final boolean v1Enabled = true, final String blobStoreName = BlobStoreManager.DEFAULT_BLOBSTORE_NAME, - final boolean forceBasicAuth = false) + final boolean forceBasicAuth = true) { Configuration configuration = createGroup(name, 'docker-group', blobStoreName, members as String[]) configuration.attributes.docker = configureDockerAttributes(httpPort, httpsPort, v1Enabled, forceBasicAuth)