...

Source file src/github.com/chrismellard/docker-credential-acr-env/pkg/registry/registry.go

Documentation: github.com/chrismellard/docker-credential-acr-env/pkg/registry 

     1  /*
     2  Copyright © 2020 Chris Mellard chris.mellard@icloud.com
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  package registry
    17  
    18  import (
    19  	"context"
    20  	"fmt"
    21  	"net/url"
    22  
    23  	"github.com/Azure/azure-sdk-for-go/services/preview/containerregistry/runtime/2019-08-15-preview/containerregistry"
    24  	"github.com/Azure/go-autorest/autorest"
    25  	"github.com/Azure/go-autorest/autorest/adal"
    26  )
    27  
    28  // GetRegistryRefreshTokenFromAADExchange retrieves an OAuth2 refresh token for the registry specified by serverURL
    29  func GetRegistryRefreshTokenFromAADExchange(serverURL string, principalToken *adal.ServicePrincipalToken, tenantID string) (string, error) {
    30  	ctx, cancel := context.WithTimeout(context.Background(), defaultTimeOut)
    31  	defer cancel()
    32  
    33  	// If refreshing fails, don't try again, just fail.
    34  	principalToken.MaxMSIRefreshAttempts = 1
    35  
    36  	if err := principalToken.EnsureFreshWithContext(ctx); err != nil {
    37  		return "", fmt.Errorf("error refreshing sp token - %w", err)
    38  	}
    39  
    40  	registryName, err := getRegistryURL(serverURL)
    41  	if err != nil {
    42  		return "", fmt.Errorf("failed to parse server URL - %w", err)
    43  	}
    44  	refreshTokenClient := containerregistry.NewRefreshTokensClient(registryName.String())
    45  	authorizer := autorest.NewBearerAuthorizer(principalToken)
    46  	refreshTokenClient.Authorizer = authorizer
    47  	rt, err := refreshTokenClient.GetFromExchange(ctx, "access_token", serverURL, tenantID, "", principalToken.Token().AccessToken)
    48  	if err != nil {
    49  		return "", fmt.Errorf("failed to get refresh token for container registry - %w", err)
    50  	}
    51  
    52  	return *rt.RefreshToken, nil
    53  }
    54  
    55  // parseRegistryName parses a serverURL and returns the registry name (i.e. minus transport scheme)
    56  func getRegistryURL(serverURL string) (*url.URL, error) {
    57  	sURL, err := url.Parse(secureScheme + serverURL)
    58  	if err != nil {
    59  		return &url.URL{}, fmt.Errorf("failed to parse server URL - %w", err)
    60  	}
    61  
    62  	return sURL, nil
    63  }
    64  

View as plain text