api/types/registry: move decode auth config function internal to daemon#50765
api/types/registry: move decode auth config function internal to daemon#50765austinvazquez wants to merge 4 commits intomoby:masterfrom
Conversation
…ternal to daemon Signed-off-by: Austin Vazquez <austin.vazquez@docker.com>
bb0b412 to
3daf914
Compare
There was a problem hiding this comment.
Pull Request Overview
This PR deprecates and moves the DecodeAuthConfig function from the public API module to internal daemon code. The change improves API encapsulation by making authentication decoding an internal implementation detail rather than exposing it in the public API.
- Moved
DecodeAuthConfigfunctionality fromapi/types/registrytodaemon/internal/registry - Updated all daemon router files to use the new internal registry package
- Added alias imports to maintain clear separation between public API types and internal functionality
Reviewed Changes
Copilot reviewed 7 out of 8 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| daemon/server/router/plugin/plugin_routes.go | Updated imports and function calls to use internal registry package |
| daemon/server/router/image/image_routes.go | Updated imports and function calls to use internal registry package |
| daemon/server/router/distribution/distribution_routes.go | Updated imports and function calls to use internal registry package |
| daemon/internal/registry/authconfig_test.go | Moved test file from API package to internal daemon package |
| daemon/internal/registry/authconfig.go | Moved DecodeAuthConfig implementation to internal daemon package |
| api/types/registry/authconfig_test.go | Removed DecodeAuthConfig tests from public API package |
| api/types/registry/authconfig.go | Removed DecodeAuthConfig function and related code from public API |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| "strings" | ||
| "testing" | ||
|
|
||
| cerrdefs "github.com/containerd/errdefs" |
There was a problem hiding this comment.
[nitpick] The import alias 'cerrdefs' is not descriptive. Consider using a more explicit alias like 'containerdErrdefs' or removing the alias and using the full package name.
| cerrdefs "github.com/containerd/errdefs" | |
| "github.com/containerd/errdefs" |
Signed-off-by: Austin Vazquez <austin.vazquez@docker.com>
3daf914 to
a82bf2f
Compare
| registrytypes "github.com/moby/moby/api/types/registry" | ||
| distributionpkg "github.com/moby/moby/v2/daemon/internal/distribution" | ||
| "github.com/moby/moby/v2/daemon/internal/registry" |
There was a problem hiding this comment.
It we name the package github.com/moby/moby/v2/daemon/internal/authconfig, then it looks like we can make the change much less disruptive, as we wouldn't need to add all the aliases for the imports.
We could even name DecodeAuthConfig to Decode, but I haven't looked yet what that looks like.
Let me push a commit to this branch to see what it all would look like
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
| // DecodeAuthConfigBody decodes authentication information as sent as JSON in the | ||
| // body of a request. This function is to provide backward compatibility with old | ||
| // clients and API versions. Current clients and API versions expect authentication | ||
| // to be provided through the X-Registry-Auth header. | ||
| // | ||
| // Like [DecodeAuthConfig], this function always returns an [AuthConfig], even if an | ||
| // error occurs. It is up to the caller to decide if authentication is required, | ||
| // and if the error can be ignored. | ||
| // | ||
| // Deprecated: this function is no longer used and will be removed in the next release. | ||
| func DecodeAuthConfigBody(rdr io.ReadCloser) (*AuthConfig, error) { | ||
| return decodeAuthConfigFromReader(rdr) | ||
| } | ||
|
|
||
| func decodeAuthConfigFromReader(rdr io.Reader) (*AuthConfig, error) { |
There was a problem hiding this comment.
I stumbled on some code that probably should've been using this; ironically it's the code handling the docker login endpoint, so perhaps we should keep the deprecated one, and replace that code;
moby/daemon/server/router/system/system_routes.go
Lines 375 to 381 in b8897d9
There was a problem hiding this comment.
Oh! Actually; there's another one here;
moby/daemon/cluster/services.go
Lines 232 to 240 in 812aa46
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
api/types/registry/authconfig.go
Outdated
| // Deprecated: this function is deprecated and will be removed in the next release. | ||
| // |
There was a problem hiding this comment.
We should probably squash the first 2 commits (or first 3 with the commit I pushed), and make this a separate patch for the 28.x branch.
| // be ignored. | ||
| // | ||
| // [RFC4648, section 5]: https://tools.ietf.org/html/rfc4648#section-5 | ||
| func DecodeAuthConfig(authEncoded string) (*registry.AuthConfig, error) { |
There was a problem hiding this comment.
I didn't rename this one yet; was on the fence if it perhaps should be called DecodeHeader or DecodeAuthHeader (or something) to indicate it's specifically for the format used in the X-Registry-Auth header.
|
Let me also link to my comment on the related ticket to see if this is indeed the correct direction, or if we should keep encoding/decoding together; #50740 (comment) |
|
Closing in favor of #50785 |
- What I did
Partial for #50740
This change deprecates and moves the
DecodeAuthConfigfunction internal to the daemon as well as removes the function from the api module.- How I did it
- How to verify it
- Human readable description for the release notes
- A picture of a cute animal (not mandatory but encouraged)