Merge pull request #1328 from sstosh/search-token

libimage: search: add IdentityToken option for authentication
containers · Feb 16, 2023 · dbef45f · dbef45f
2 parents d4ed97c + 68dfe59
commit dbef45f
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/libimage/search.go b/libimage/search.go
@@ -65,6 +65,9 @@ type SearchOptions struct {
 	// "username[:password]".  Cannot be used in combination with
 	// Username/Password.
 	Credentials string
+	// IdentityToken is used to authenticate the user and get
+	// an access token for the registry.
+	IdentityToken string `json:"identitytoken,omitempty"`
 	// InsecureSkipTLSVerify allows to skip TLS verification.
 	InsecureSkipTLSVerify types.OptionalBool
 	// ListTags returns the search result with available tags
@@ -216,7 +219,7 @@ func (r *Runtime) searchImageInRegistry(ctx context.Context, term, registry stri
 		sys.DockerCertPath = options.CertDirPath
 	}
 
-	authConf := &types.DockerAuthConfig{}
+	authConf := &types.DockerAuthConfig{IdentityToken: options.IdentityToken}
 	if options.Username != "" {
 		if options.Credentials != "" {
 			return nil, errors.New("username/password cannot be used with credentials")
@@ -235,7 +238,11 @@ func (r *Runtime) searchImageInRegistry(ctx context.Context, term, registry stri
 			authConf.Password = split[1]
 		}
 	}
-	sys.DockerAuthConfig = authConf
+	// We should set the authConf unless a token was set.  That's especially
+	// useful for Podman's remote API.
+	if options.IdentityToken != "" {
+		sys.DockerAuthConfig = authConf
+	}
 
 	if options.ListTags {
 		results, err := searchRepositoryTags(ctx, sys, registry, term, options)