add internal fork of docker/docker/registry

cli/command/image/push.go

@@ -16,8 +16,8 @@ import (
 	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/cli/streams"
 	"github.com/docker/cli/internal/jsonstream"
+	"github.com/docker/cli/internal/registry"
 	"github.com/docker/cli/internal/tui"
-	"github.com/docker/docker/registry"
 	"github.com/moby/moby/api/types/auxprogress"
 	"github.com/moby/moby/api/types/image"
 	registrytypes "github.com/moby/moby/api/types/registry"

cli/command/image/trust.go

@@ -11,7 +11,7 @@ import (
 	"github.com/docker/cli/cli/streams"
 	"github.com/docker/cli/cli/trust"
 	"github.com/docker/cli/internal/jsonstream"
-	"github.com/docker/docker/registry"
+	"github.com/docker/cli/internal/registry"
 	"github.com/moby/moby/api/types/image"
 	registrytypes "github.com/moby/moby/api/types/registry"
 	"github.com/opencontainers/go-digest"

cli/command/plugin/install.go

@@ -11,7 +11,7 @@ import (
 	"github.com/docker/cli/cli/command/image"
 	"github.com/docker/cli/internal/jsonstream"
 	"github.com/docker/cli/internal/prompt"
-	"github.com/docker/docker/registry"
+	"github.com/docker/cli/internal/registry"
 	"github.com/moby/moby/api/types"
 	registrytypes "github.com/moby/moby/api/types/registry"
 	"github.com/pkg/errors"

cli/command/plugin/push.go

@@ -8,7 +8,7 @@ import (
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/trust"
 	"github.com/docker/cli/internal/jsonstream"
-	"github.com/docker/docker/registry"
+	"github.com/docker/cli/internal/registry"
 	registrytypes "github.com/moby/moby/api/types/registry"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"

cli/command/registry/login.go

@@ -15,8 +15,8 @@ import (
 	"github.com/docker/cli/cli/config/configfile"
 	configtypes "github.com/docker/cli/cli/config/types"
 	"github.com/docker/cli/internal/oauth/manager"
+	"github.com/docker/cli/internal/registry"
 	"github.com/docker/cli/internal/tui"
-	"github.com/docker/docker/registry"
 	registrytypes "github.com/moby/moby/api/types/registry"
 	"github.com/moby/moby/client"
 	"github.com/pkg/errors"
@@ -288,7 +288,7 @@ func loginClientSide(ctx context.Context, auth registrytypes.AuthConfig) (*regis
 		return nil, err
 	}
 
-	_, token, err := svc.Auth(ctx, &auth, command.UserAgent())
+	token, err := svc.Auth(ctx, &auth, command.UserAgent())
 	if err != nil {
 		return nil, err
 	}

cli/command/registry/login_test.go

@@ -13,8 +13,8 @@ import (
 	configtypes "github.com/docker/cli/cli/config/types"
 	"github.com/docker/cli/cli/streams"
 	"github.com/docker/cli/internal/prompt"
+	"github.com/docker/cli/internal/registry"
 	"github.com/docker/cli/internal/test"
-	"github.com/docker/docker/registry"
 	registrytypes "github.com/moby/moby/api/types/registry"
 	"github.com/moby/moby/api/types/system"
 	"github.com/moby/moby/client"

cli/command/registry/logout.go

@@ -8,7 +8,7 @@ import (
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/config/credentials"
 	"github.com/docker/cli/internal/oauth/manager"
-	"github.com/docker/docker/registry"
+	"github.com/docker/cli/internal/registry"
 	"github.com/spf13/cobra"
 )
 

cli/command/service/trust.go

@@ -6,7 +6,7 @@ import (
 	"github.com/distribution/reference"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/trust"
-	"github.com/docker/docker/registry"
+	"github.com/docker/cli/internal/registry"
 	"github.com/moby/moby/api/types/swarm"
 	"github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"

cli/command/system/info.go

@@ -19,8 +19,8 @@ import (
 	"github.com/docker/cli/cli/debug"
 	flagsHelper "github.com/docker/cli/cli/flags"
 	"github.com/docker/cli/internal/lazyregexp"
+	"github.com/docker/cli/internal/registry"
 	"github.com/docker/cli/templates"
-	"github.com/docker/docker/registry"
 	"github.com/docker/go-units"
 	"github.com/moby/moby/api/types/swarm"
 	"github.com/moby/moby/api/types/system"

cli/command/system/info_test.go

@@ -78,7 +78,6 @@ var sampleInfoNoSwarm = system.Info{
 		IndexConfigs: map[string]*registrytypes.IndexInfo{
 			"docker.io": {
 				Name:     "docker.io",
-				Mirrors:  nil,
 				Secure:   true,
 				Official: true,
 			},

cli/registry/client/endpoint.go

@@ -1,14 +1,16 @@
 package client
 
 import (
+	"context"
 	"net"
 	"net/http"
+	"net/url"
 	"time"
 
 	"github.com/distribution/reference"
+	"github.com/docker/cli/internal/registry"
 	"github.com/docker/distribution/registry/client/auth"
 	"github.com/docker/distribution/registry/client/transport"
-	"github.com/docker/docker/registry"
 	registrytypes "github.com/moby/moby/api/types/registry"
 	"github.com/pkg/errors"
 )
@@ -54,7 +56,7 @@ func getDefaultEndpoint(repoName reference.Named, insecure bool) (registry.APIEn
 	if err != nil {
 		return registry.APIEndpoint{}, err
 	}
-	endpoints, err := registryService.LookupPushEndpoints(reference.Domain(repoName))
+	endpoints, err := registryService.Endpoints(context.TODO(), reference.Domain(repoName))
 	if err != nil {
 		return registry.APIEndpoint{}, err
 	}
@@ -97,7 +99,7 @@ func getHTTPTransport(authConfig registrytypes.AuthConfig, endpoint registry.API
 		if len(actions) == 0 {
 			actions = []string{"pull"}
 		}
-		creds := registry.NewStaticCredentialStore(&authConfig)
+		creds := &staticCredentialStore{authConfig: &authConfig}
 		tokenHandler := auth.NewTokenHandler(authTransport, creds, repoName, actions...)
 		basicHandler := auth.NewBasicHandler(creds)
 		modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, tokenHandler, basicHandler))
@@ -117,3 +119,23 @@ func (th *existingTokenHandler) AuthorizeRequest(req *http.Request, _ map[string
 func (*existingTokenHandler) Scheme() string {
 	return "bearer"
 }
+
+type staticCredentialStore struct {
+	authConfig *registrytypes.AuthConfig
+}
+
+func (scs staticCredentialStore) Basic(*url.URL) (string, string) {
+	if scs.authConfig == nil {
+		return "", ""
+	}
+	return scs.authConfig.Username, scs.authConfig.Password
+}
+
+func (scs staticCredentialStore) RefreshToken(*url.URL, string) string {
+	if scs.authConfig == nil {
+		return ""
+	}
+	return scs.authConfig.IdentityToken
+}
+
+func (staticCredentialStore) SetRefreshToken(*url.URL, string, string) {}

cli/registry/client/fetcher.go

@@ -6,14 +6,14 @@ import (
 
 	"github.com/distribution/reference"
 	"github.com/docker/cli/cli/manifest/types"
+	"github.com/docker/cli/internal/registry"
 	"github.com/docker/distribution"
 	"github.com/docker/distribution/manifest/manifestlist"
 	"github.com/docker/distribution/manifest/ocischema"
 	"github.com/docker/distribution/manifest/schema2"
 	"github.com/docker/distribution/registry/api/errcode"
 	v2 "github.com/docker/distribution/registry/api/v2"
 	distclient "github.com/docker/distribution/registry/client"
-	"github.com/docker/docker/registry"
 	"github.com/opencontainers/go-digest"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
@@ -283,10 +283,10 @@ func allEndpoints(namedRef reference.Named, insecure bool) ([]registry.APIEndpoi
 	}
 	registryService, err := registry.NewService(serviceOpts)
 	if err != nil {
-		return []registry.APIEndpoint{}, err
+		return nil, err
 	}
 	repoInfo, _ := registry.ParseRepositoryInfo(namedRef)
-	endpoints, err := registryService.LookupPullEndpoints(reference.Domain(repoInfo.Name))
+	endpoints, err := registryService.Endpoints(context.TODO(), reference.Domain(repoInfo.Name))
 	logrus.Debugf("endpoints for %s: %v", namedRef, endpoints)
 	return endpoints, err
 }

cli/trust/trust.go

@@ -14,10 +14,10 @@ import (
 
 	"github.com/distribution/reference"
 	"github.com/docker/cli/cli/config"
+	"github.com/docker/cli/internal/registry"
 	"github.com/docker/distribution/registry/client/auth"
 	"github.com/docker/distribution/registry/client/auth/challenge"
 	"github.com/docker/distribution/registry/client/transport"
-	"github.com/docker/docker/registry"
 	"github.com/docker/go-connections/tlsconfig"
 	registrytypes "github.com/moby/moby/api/types/registry"
 	"github.com/opencontainers/go-digest"

cli/trust/trust_push.go

@@ -11,7 +11,7 @@ import (
 	"github.com/distribution/reference"
 	"github.com/docker/cli/cli/streams"
 	"github.com/docker/cli/internal/jsonstream"
-	"github.com/docker/docker/registry"
+	"github.com/docker/cli/internal/registry"
 	"github.com/moby/moby/api/types"
 	registrytypes "github.com/moby/moby/api/types/registry"
 	"github.com/opencontainers/go-digest"

internal/oauth/manager/manager.go

@@ -14,8 +14,8 @@ import (
 	"github.com/docker/cli/cli/streams"
 	"github.com/docker/cli/internal/oauth"
 	"github.com/docker/cli/internal/oauth/api"
+	"github.com/docker/cli/internal/registry"
 	"github.com/docker/cli/internal/tui"
-	"github.com/docker/docker/registry"
 	"github.com/morikuni/aec"
 	"github.com/sirupsen/logrus"
 

vendor/github.com/docker/docker/registry/auth.go → internal/registry/auth.go

@@ -2,6 +2,7 @@ package registry
 
 import (
 	"context"
+	"fmt"
 	"net/http"
 	"net/url"
 	"strings"
@@ -12,7 +13,6 @@ import (
 	"github.com/docker/distribution/registry/client/auth/challenge"
 	"github.com/docker/distribution/registry/client/transport"
 	"github.com/moby/moby/api/types/registry"
-	"github.com/pkg/errors"
 )
 
 // AuthClientID is used the ClientID used for the token server
@@ -34,35 +34,6 @@ func (lcs loginCredentialStore) SetRefreshToken(u *url.URL, service, token strin
 	lcs.authConfig.IdentityToken = token
 }
 
-type staticCredentialStore struct {
-	auth *registry.AuthConfig
-}
-
-// NewStaticCredentialStore returns a credential store
-// which always returns the same credential values.
-func NewStaticCredentialStore(ac *registry.AuthConfig) auth.CredentialStore {
-	return staticCredentialStore{
-		auth: ac,
-	}
-}
-
-func (scs staticCredentialStore) Basic(*url.URL) (string, string) {
-	if scs.auth == nil {
-		return "", ""
-	}
-	return scs.auth.Username, scs.auth.Password
-}
-
-func (scs staticCredentialStore) RefreshToken(*url.URL, string) string {
-	if scs.auth == nil {
-		return ""
-	}
-	return scs.auth.IdentityToken
-}
-
-func (staticCredentialStore) SetRefreshToken(*url.URL, string, string) {
-}
-
 // loginV2 tries to login to the v2 registry server. The given registry
 // endpoint will be pinged to get authorization challenges. These challenges
 // will be used to authenticate against the registry to validate credentials.
@@ -96,7 +67,7 @@ func loginV2(ctx context.Context, authConfig *registry.AuthConfig, endpoint APIE
 
 	if resp.StatusCode != http.StatusOK {
 		// TODO(dmcgowan): Attempt to further interpret result, status code and error code string
-		return "", errors.Errorf("login attempt to %s failed with status: %d %s", endpointStr, resp.StatusCode, http.StatusText(resp.StatusCode))
+		return "", fmt.Errorf("login attempt to %s failed with status: %d %s", endpointStr, resp.StatusCode, http.StatusText(resp.StatusCode))
 	}
 
 	return credentialAuthConfig.IdentityToken, nil
@@ -127,67 +98,19 @@ func v2AuthHTTPClient(endpoint *url.URL, authTransport http.RoundTripper, modifi
 	}, nil
 }
 
-// ConvertToHostname normalizes a registry URL which has http|https prepended
-// to just its hostname. It is used to match credentials, which may be either
-// stored as hostname or as hostname including scheme (in legacy configuration
-// files).
-func ConvertToHostname(maybeURL string) string {
-	stripped := maybeURL
-	if scheme, remainder, ok := strings.Cut(stripped, "://"); ok {
-		switch scheme {
-		case "http", "https":
-			stripped = remainder
-		default:
-			// unknown, or no scheme; doing nothing for now, as we never did.
-		}
-	}
-	stripped, _, _ = strings.Cut(stripped, "/")
-	return stripped
-}
-
-// ResolveAuthConfig matches an auth configuration to a server address or a URL
-func ResolveAuthConfig(authConfigs map[string]registry.AuthConfig, index *registry.IndexInfo) registry.AuthConfig {
-	configKey := GetAuthConfigKey(index)
-	// First try the happy case
-	if c, found := authConfigs[configKey]; found || index.Official {
-		return c
-	}
-
-	// Maybe they have a legacy config file, we will iterate the keys converting
-	// them to the new format and testing
-	for registryURL, ac := range authConfigs {
-		if configKey == ConvertToHostname(registryURL) {
-			return ac
-		}
-	}
-
-	// When all else fails, return an empty auth config
-	return registry.AuthConfig{}
-}
-
-// PingResponseError is used when the response from a ping
-// was received but invalid.
-type PingResponseError struct {
-	Err error
-}
-
-func (err PingResponseError) Error() string {
-	return err.Err.Error()
-}
-
 // PingV2Registry attempts to ping a v2 registry and on success return a
 // challenge manager for the supported authentication types.
 // If a response is received but cannot be interpreted, a PingResponseError will be returned.
 func PingV2Registry(endpoint *url.URL, authTransport http.RoundTripper) (challenge.Manager, error) {
-	pingClient := &http.Client{
-		Transport: authTransport,
-		Timeout:   15 * time.Second,
-	}
 	endpointStr := strings.TrimRight(endpoint.String(), "/") + "/v2/"
 	req, err := http.NewRequest(http.MethodGet, endpointStr, http.NoBody)
 	if err != nil {
 		return nil, err
 	}
+	pingClient := &http.Client{
+		Transport: authTransport,
+		Timeout:   15 * time.Second,
+	}
 	resp, err := pingClient.Do(req)
 	if err != nil {
 		return nil, err
@@ -196,9 +119,7 @@ func PingV2Registry(endpoint *url.URL, authTransport http.RoundTripper) (challen
 
 	challengeManager := challenge.NewSimpleManager()
 	if err := challengeManager.AddResponse(resp); err != nil {
-		return nil, PingResponseError{
-			Err: err,
-		}
+		return nil, err
 	}
 
 	return challengeManager, nil