Browse Source

Merge "Support basic auth for image registry" into stable/ussuri

changes/78/750278/3
Zuul 3 weeks ago
committed by Gerrit Code Review
parent
commit
244c32fbcd
2 changed files with 57 additions and 15 deletions
  1. +32
    -15
      tripleo_common/image/image_uploader.py
  2. +25
    -0
      tripleo_common/tests/image/test_image_uploader.py

+ 32
- 15
tripleo_common/image/image_uploader.py View File

@@ -688,31 +688,48 @@ class BaseImageUploader(object):
raise ImageUploaderException(
'Unknown authentication method for headers: %s' % r.headers)

auth = None
www_auth = r.headers['www-authenticate']
if not www_auth.startswith('Bearer '):
raise ImageUploaderException(
'Unknown www-authenticate value: %s' % www_auth)
token_param = {}

realm = re.search('realm="(.*?)"', www_auth).group(1)
if 'service=' in www_auth:
token_param['service'] = re.search(
'service="(.*?)"', www_auth).group(1)
token_param['scope'] = 'repository:%s:pull' % image[1:]

auth = None
if username:
if www_auth.startswith('Bearer '):
LOG.debug('Using bearer token auth')
realm = re.search('realm="(.*?)"', www_auth).group(1)
if 'service=' in www_auth:
token_param['service'] = re.search(
'service="(.*?)"', www_auth).group(1)
token_param['scope'] = 'repository:%s:pull' % image[1:]

if username:
auth = requests_auth.HTTPBasicAuth(username, password)
LOG.debug('Token parameters: params {}'.format(token_param))
rauth = session.get(realm, params=token_param, auth=auth,
timeout=30)
rauth.raise_for_status()
auth_header = 'Bearer %s' % rauth.json()['token']
elif www_auth.startswith('Basic '):
LOG.debug('Using basic auth')
if not username or not password:
raise Exception('Authentication credentials required for '
'basic auth: %s' % url)
auth = requests_auth.HTTPBasicAuth(username, password)
LOG.debug('Token parameters: params {}'.format(token_param))
rauth = session.get(realm, params=token_param, auth=auth, timeout=30)
rauth.raise_for_status()
session.headers['Authorization'] = 'Bearer %s' % rauth.json()['token']
rauth = session.get(url, params=token_param, auth=auth, timeout=30)
rauth.raise_for_status()
auth_header = (
'Basic %s' % base64.b64encode(
bytes(username + ':' + password, 'utf-8')).decode('ascii')
)
else:
raise ImageUploaderException(
'Unknown www-authenticate value: %s' % www_auth)
hash_request_id = hashlib.sha1(str(rauth.url).encode())
LOG.debug(
'Session authenticated: id {}'.format(
hash_request_id.hexdigest()
)
)
session.headers['Authorization'] = auth_header

setattr(session, 'reauthenticate', self.authenticate)
setattr(
session,


+ 25
- 0
tripleo_common/tests/image/test_image_uploader.py View File

@@ -800,6 +800,31 @@ class TestBaseImageUploader(base.TestCase):
auth(url1).headers['Authorization']
)

def test_authenticate_basic_auth(self):
req = self.requests
auth = self.uploader.authenticate
url1 = urlparse('docker://myrepo.com/t/nova-api:latest')

# successful auth requests
headers = {
'www-authenticate': 'Basic realm="Some Realm"'
}

def req_match(request):
resp = requests.Response()
resp.headers = headers
resp.status_code = 401
# if we got sent an user/password, return 200
if 'Authorization' in request.headers:
resp.status_code = 200
return resp

req.add_matcher(req_match)
self.assertEqual(
'Basic Zm9vOmJhcg==',
auth(url1, username='foo', password='bar').headers['Authorization']
)

def test_authenticate_with_no_service(self):
req = self.requests
auth = self.uploader.authenticate


Loading…
Cancel
Save