Skip to content

Commit

Permalink
Merge pull request #818 from flatironinstitute/regauth
Browse files Browse the repository at this point in the history
Support basic (htpasswd) authentication for registry
  • Loading branch information
betatim authored Apr 2, 2019
2 parents 6b2908d + 612ade7 commit 1835d07
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 19 deletions.
44 changes: 25 additions & 19 deletions binderhub/registry.py
Original file line number Diff line number Diff line change
Expand Up @@ -188,26 +188,32 @@ def _default_password(self):
@gen.coroutine
def get_image_manifest(self, image, tag):
client = httpclient.AsyncHTTPClient()
url = "{}/v2/{}/manifests/{}".format(self.url, image, tag)
# first, get a token to perform the manifest request
if not self.token_url:
raise ValueError("No token URL for authenticating with {}".format(self.url))
auth_req = httpclient.HTTPRequest(
url_concat(self.token_url, {"scope": "repository:{}:pull".format(image)}),
auth_username=self.username,
auth_password=self.password,
)
auth_resp = yield client.fetch(auth_req)
response_body = json.loads(auth_resp.body.decode("utf-8", "replace"))

if "token" in response_body.keys():
token = response_body["token"]
elif "access_token" in response_body.keys():
token = response_body["access_token"]

req = httpclient.HTTPRequest(
"{}/v2/{}/manifests/{}".format(self.url, image, tag),
headers={"Authorization": "Bearer {}".format(token)},
)
if self.token_url:
auth_req = httpclient.HTTPRequest(
url_concat(self.token_url, {"scope": "repository:{}:pull".format(image)}),
auth_username=self.username,
auth_password=self.password,
)
auth_resp = yield client.fetch(auth_req)
response_body = json.loads(auth_resp.body.decode("utf-8", "replace"))

if "token" in response_body.keys():
token = response_body["token"]
elif "access_token" in response_body.keys():
token = response_body["access_token"]

req = httpclient.HTTPRequest(url,
headers={"Authorization": "Bearer {}".format(token)},
)
else:
# Use basic HTTP auth (htpasswd)
req = httpclient.HTTPRequest(url,
auth_username=self.username,
auth_password=self.password,
)

try:
resp = yield client.fetch(req)
except httpclient.HTTPError as e:
Expand Down
4 changes: 4 additions & 0 deletions doc/setup-binderhub.rst
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,10 @@ Second, you will need to instruct BinderHub about the token URL::
DockerRegistry:
token_url: "https://myregistry.io/v2/token?service="

If you setup your own local registry using
`native basic HTTP authentication <https://docs.docker.com/registry/deploying/#native-basic-auth>`__
(htpasswd), you can set ``token_url`` to ``None``.

.. note::

There is one additional URL to set in the unlikely event that docker config.json
Expand Down

0 comments on commit 1835d07

Please sign in to comment.