Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

implement distribution spec auth interface #13

Open
guacamole opened this issue Aug 12, 2021 · 0 comments
Open

implement distribution spec auth interface #13

guacamole opened this issue Aug 12, 2021 · 0 comments
Labels
enhancement New feature or request needs-triage This label refers to a non-final decision on implementation, when an important feature/bug is added P1 P1 label is used for this that we see of highest priority. Critical bugs, security issues, etc Security Security enhancement related work

Comments

@guacamole
Copy link
Member

AccessController interface in distribution spec which allows us to AuthN/AuthZ. This makes implementing authentication for OpenRegistry simpler and make sure that we don't miss any steps or APIs

Following are the snippets from distribution implementation:

// AccessController controls access to registry resources based on a request
// and required access levels for a request. Implementations can support both
// complete denial and http authorization challenges.
type AccessController interface {
	// Authorized returns a non-nil error if the context is granted access and
	// returns a new authorized context. If one or more Access structs are
	// provided, the requested access will be compared with what is available
	// to the context. The given context will contain a "http.request" key with
	// a `*http.Request` value. If the error is non-nil, access should always
	// be denied. The error may be of type Challenge, in which case the caller
	// may have the Challenge handle the request or choose what action to take
	// based on the Challenge header or response status. The returned context
	// object should have a "auth.user" value set to a UserInfo struct.
	Authorized(ctx context.Context, access ...Access) (context.Context, error)
}

// CredentialAuthenticator is an object which is able to authenticate credentials
type CredentialAuthenticator interface {
	AuthenticateUser(username, password string) error
}

// Challenge is a special error type which is used for HTTP 401 Unauthorized
// responses and is able to write the response with WWW-Authenticate challenge
// header values based on the error.
type Challenge interface {
	error

	// SetHeaders prepares the request to conduct a challenge response by
	// adding the an HTTP challenge header on the response message. Callers
	// are expected to set the appropriate HTTP status code (e.g. 401)
	// themselves.
	SetHeaders(r *http.Request, w http.ResponseWriter)
}

for implementation reference check https://github.com/distribution/distribution/blob/main/registry/auth/auth.go

@guacamole guacamole added enhancement New feature or request P1 P1 label is used for this that we see of highest priority. Critical bugs, security issues, etc labels Aug 12, 2021
guacamole added a commit that referenced this issue Sep 30, 2021
…interface

- Added auth/Accesscontroller necessary for enabling differnt auth methods like oauth
- Work in progress, not to be merged

Signed-off-by: guacamole <[email protected]>
guacamole added a commit that referenced this issue Oct 3, 2021
implementing accesscontroller interface in order to be able to accept differnt oauth methods

Signed-off-by: guacamole <[email protected]>
@jay-dee7 jay-dee7 moved this from Done to Todo in Containerish Road Map 2023-24 Jan 19, 2022
@jay-dee7 jay-dee7 moved this from Todo to Backlog in Containerish Road Map 2023-24 Feb 17, 2022
@jay-dee7 jay-dee7 added needs-triage This label refers to a non-final decision on implementation, when an important feature/bug is added Security Security enhancement related work labels Oct 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request needs-triage This label refers to a non-final decision on implementation, when an important feature/bug is added P1 P1 label is used for this that we see of highest priority. Critical bugs, security issues, etc Security Security enhancement related work
Projects
Status: Backlog
Development

No branches or pull requests

2 participants