kyverno/pkg/registryclient/authn.go

package registryclient

import (
	"github.com/google/go-containerregistry/pkg/authn"
	corev1listers "k8s.io/client-go/listers/core/v1"
)

type autoRefreshSecrets struct {
	lister           corev1listers.SecretNamespaceLister
	imagePullSecrets []string
}

func NewAutoRefreshSecretsKeychain(lister corev1listers.SecretNamespaceLister, imagePullSecrets ...string) (authn.Keychain, error) {
	return &autoRefreshSecrets{
		lister:           lister,
		imagePullSecrets: imagePullSecrets,
	}, nil
}

func (kc *autoRefreshSecrets) Resolve(resource authn.Resource) (authn.Authenticator, error) {
	inner, err := generateKeychainForPullSecrets(kc.lister, kc.imagePullSecrets...)
	if err != nil {
		return nil, err
	}
	return inner.Resolve(resource)
}

type anonymuskc struct{}

var AnonymousKeychain authn.Keychain = anonymuskc{}

func (anonymuskc) Resolve(_ authn.Resource) (authn.Authenticator, error) {
	return authn.Anonymous, nil
}
refactor: remove manual keychain refresh from client (#7806) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-07-11 15:19:44 +02:00			`package registryclient`

			`import (`
			`"github.com/google/go-containerregistry/pkg/authn"`
			`corev1listers "k8s.io/client-go/listers/core/v1"`
			`)`

			`type autoRefreshSecrets struct {`
			`lister corev1listers.SecretNamespaceLister`
			`imagePullSecrets []string`
			`}`

			`func NewAutoRefreshSecretsKeychain(lister corev1listers.SecretNamespaceLister, imagePullSecrets ...string) (authn.Keychain, error) {`
			`return &autoRefreshSecrets{`
			`lister: lister,`
			`imagePullSecrets: imagePullSecrets,`
			`}, nil`
			`}`

			`func (kc *autoRefreshSecrets) Resolve(resource authn.Resource) (authn.Authenticator, error) {`
			`inner, err := generateKeychainForPullSecrets(kc.lister, kc.imagePullSecrets...)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return inner.Resolve(resource)`
			`}`
feat: update default keychain in registry to be empty (#7906) * feat: update default keychain to be empty Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update registryCredentialHelpers description Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> 2023-07-28 06:38:22 +05:30
			`type anonymuskc struct{}`

			`var AnonymousKeychain authn.Keychain = anonymuskc{}`

			`func (anonymuskc) Resolve(_ authn.Resource) (authn.Authenticator, error) {`
			`return authn.Anonymous, nil`
			`}`