diff --git a/docs/faq.md b/docs/faq.md index 149f5cf9..8b9f8d96 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -26,6 +26,31 @@ Or within a container: docker-compose exec diun diun notif test ``` +## Authentication against the registry + +You can authenticate against the registry through the [`regopts` settings](config/regopts.md) or you can mount +your docker config file `$HOME/.docker/config.json` if you are already connected to the registry with `docker login`: + +```yaml +version: "3.5" + +services: + diun: + image: crazymax/diun:latest + container_name: diun + command: serve + volumes: + - "./data:/data" + - "/root/.docker/config.json:/root/.docker/config.json:ro" + - "/var/run/docker.sock:/var/run/docker.sock" + environment: + - "TZ=Europe/Paris" + - "DIUN_WATCH_SCHEDULE=0 */6 * * *" + - "DIUN_PROVIDERS_DOCKER=true" + - "DIUN_PROVIDERS_DOCKER_WATCHBYDEFAULT=true" + restart: always +``` + ## field docker|swarm uses unsupported type: invalid If you have the error `failed to decode configuration from file: field docker uses unsupported type: invalid` that's diff --git a/internal/app/job.go b/internal/app/job.go index bd48fd0d..59aa3dab 100644 --- a/internal/app/job.go +++ b/internal/app/job.go @@ -4,6 +4,8 @@ import ( "fmt" "regexp" + "github.com/containers/image/v5/pkg/docker/config" + "github.com/containers/image/v5/types" "github.com/crazy-max/diun/v4/internal/model" "github.com/crazy-max/diun/v4/pkg/registry" "github.com/crazy-max/diun/v4/pkg/utl" @@ -81,9 +83,21 @@ func (di *Diun) createJob(job model.Job) { } } + var auth types.DockerAuthConfig + if len(regUser) > 0 { + auth = types.DockerAuthConfig{ + Username: regUser, + Password: regPassword, + } + } else { + auth, err = config.GetCredentials(nil, job.RegImage.Domain) + if err != nil { + sublog.Warn().Err(err).Msg("Error seeking Docker credentials") + } + } + job.Registry, err = registry.New(registry.Options{ - Username: regUser, - Password: regPassword, + Auth: auth, Timeout: *reg.Timeout, InsecureTLS: *reg.InsecureTLS, UserAgent: di.meta.UserAgent, diff --git a/pkg/registry/registry.go b/pkg/registry/registry.go index f1ade4dd..30a7f01b 100644 --- a/pkg/registry/registry.go +++ b/pkg/registry/registry.go @@ -15,8 +15,7 @@ type Client struct { // Options holds docker registry object options type Options struct { - Username string - Password string + Auth types.DockerAuthConfig InsecureTLS bool Timeout time.Duration UserAgent string @@ -28,39 +27,17 @@ type Options struct { // New creates new docker registry client instance func New(opts Options) (*Client, error) { - // Auth - var auth *types.DockerAuthConfig - if opts.Username != "" { - auth = &types.DockerAuthConfig{ - Username: opts.Username, - Password: opts.Password, - } - } - - if auth == nil { - auth = &types.DockerAuthConfig{} - // TODO: Seek credentials - //auth, err := config.GetCredentials(c.sysCtx, reference.Domain(ref.DockerReference())) - //if err != nil { - // return nil, errors.Wrap(err, "Cannot get registry credentials") - //} - //*c.sysCtx.DockerAuthConfig = auth - } - - // Sys context - sysCtx := &types.SystemContext{ - DockerAuthConfig: auth, - DockerDaemonInsecureSkipTLSVerify: opts.InsecureTLS, - DockerInsecureSkipTLSVerify: types.NewOptionalBool(opts.InsecureTLS), - DockerRegistryUserAgent: opts.UserAgent, - OSChoice: opts.ImageOs, - ArchitectureChoice: opts.ImageArch, - VariantChoice: opts.ImageVariant, - } - return &Client{ - opts: opts, - sysCtx: sysCtx, + opts: opts, + sysCtx: &types.SystemContext{ + DockerAuthConfig: &opts.Auth, + DockerDaemonInsecureSkipTLSVerify: opts.InsecureTLS, + DockerInsecureSkipTLSVerify: types.NewOptionalBool(opts.InsecureTLS), + DockerRegistryUserAgent: opts.UserAgent, + OSChoice: opts.ImageOs, + ArchitectureChoice: opts.ImageArch, + VariantChoice: opts.ImageVariant, + }, }, nil }