mirror of
https://github.com/kyverno/kyverno.git
synced 2025-01-20 18:52:16 +00:00
0e2cbf8a01
* feat: update default keychain to be empty Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update registryCredentialHelpers description Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
34 lines
927 B
Go
34 lines
927 B
Go
package registryclient
|
|
|
|
import (
|
|
"github.com/google/go-containerregistry/pkg/authn"
|
|
corev1listers "k8s.io/client-go/listers/core/v1"
|
|
)
|
|
|
|
type autoRefreshSecrets struct {
|
|
lister corev1listers.SecretNamespaceLister
|
|
imagePullSecrets []string
|
|
}
|
|
|
|
func NewAutoRefreshSecretsKeychain(lister corev1listers.SecretNamespaceLister, imagePullSecrets ...string) (authn.Keychain, error) {
|
|
return &autoRefreshSecrets{
|
|
lister: lister,
|
|
imagePullSecrets: imagePullSecrets,
|
|
}, nil
|
|
}
|
|
|
|
func (kc *autoRefreshSecrets) Resolve(resource authn.Resource) (authn.Authenticator, error) {
|
|
inner, err := generateKeychainForPullSecrets(kc.lister, kc.imagePullSecrets...)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return inner.Resolve(resource)
|
|
}
|
|
|
|
type anonymuskc struct{}
|
|
|
|
var AnonymousKeychain authn.Keychain = anonymuskc{}
|
|
|
|
func (anonymuskc) Resolve(_ authn.Resource) (authn.Authenticator, error) {
|
|
return authn.Anonymous, nil
|
|
}
|