Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

implement distribution spec auth interface #13

Open
guacamole opened this issue Aug 12, 2021 · 0 comments
Open

implement distribution spec auth interface #13

guacamole opened this issue Aug 12, 2021 · 0 comments
Labels
enhancement New feature or request needs-triage This label refers to a non-final decision on implementation, when an important feature/bug is added P1 P1 label is used for this that we see of highest priority. Critical bugs, security issues, etc Security Security enhancement related work
Projects
OpenRegistry - Roadmap

Comments

@guacamole
Copy link
Member

AccessController interface in distribution spec which allows us to AuthN/AuthZ. This makes implementing authentication for OpenRegistry simpler and make sure that we don't miss any steps or APIs

Following are the snippets from distribution implementation:

// AccessController controls access to registry resources based on a request
// and required access levels for a request. Implementations can support both
// complete denial and http authorization challenges.
type AccessController interface {
	// Authorized returns a non-nil error if the context is granted access and
	// returns a new authorized context. If one or more Access structs are
	// provided, the requested access will be compared with what is available
	// to the context. The given context will contain a "http.request" key with
	// a `*http.Request` value. If the error is non-nil, access should always
	// be denied. The error may be of type Challenge, in which case the caller
	// may have the Challenge handle the request or choose what action to take
	// based on the Challenge header or response status. The returned context
	// object should have a "auth.user" value set to a UserInfo struct.
	Authorized(ctx context.Context, access ...Access) (context.Context, error)
}

// CredentialAuthenticator is an object which is able to authenticate credentials
type CredentialAuthenticator interface {
	AuthenticateUser(username, password string) error
}

// Challenge is a special error type which is used for HTTP 401 Unauthorized
// responses and is able to write the response with WWW-Authenticate challenge
// header values based on the error.
type Challenge interface {
	error

	// SetHeaders prepares the request to conduct a challenge response by
	// adding the an HTTP challenge header on the response message. Callers
	// are expected to set the appropriate HTTP status code (e.g. 401)
	// themselves.
	SetHeaders(r *http.Request, w http.ResponseWriter)
}

for implementation reference check https://github.com/distribution/distribution/blob/main/registry/auth/auth.go
@guacamole guacamole added enhancement New feature or request P1 P1 label is used for this that we see of highest priority. Critical bugs, security issues, etc labels Aug 12, 2021
@guacamole guacamole added this to To do in OpenRegistry - Roadmap via automation Aug 12, 2021
guacamole added a commit that referenced this issue Sep 30, 2021
@guacamole
fix: work in progress for issue #13 implement distribution spec auth …
3cfa2a9 
…interface

- Added auth/Accesscontroller necessary for enabling differnt auth methods like oauth
- Work in progress, not to be merged

Signed-off-by: guacamole <gunjanwalecha@gmail.com>
guacamole added a commit that referenced this issue Oct 3, 2021
@guacamole
fix: work in progree for issue #13
efaadb9 
implementing accesscontroller interface in order to be able to accept differnt oauth methods

Signed-off-by: guacamole <gunjanwalecha@gmail.com>
@guacamole guacamole moved this from To do to In progress in OpenRegistry - Roadmap Nov 20, 2021
@jay-dee7 jay-dee7 added needs-triage This label refers to a non-final decision on implementation, when an important feature/bug is added Security Security enhancement related work labels Oct 17, 2022
@jay-dee7 jay-dee7 mentioned this issue Oct 25, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request needs-triage This label refers to a non-final decision on implementation, when an important feature/bug is added P1 P1 label is used for this that we see of highest priority. Critical bugs, security issues, etc Security Security enhancement related work
Projects
Containerish Road Map 2023-24
Status: Backlog
OpenRegistry - Roadmap
  
In progress
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jay-dee7 @guacamole