NewResolver sets up an OCI Resolver based on docker/cli config to provide registry credentials. When transport is non-nil it is used as the HTTP transport for both registry calls and the authorizer's token fetches (e.g. to route both through Docker Desktop's PAC-aware proxy); nil falls back to conta
(config *configfile.ConfigFile, transport http.RoundTripper, insecureRegistries ...string)
| 42 | // (e.g. to route both through Docker Desktop's PAC-aware proxy); nil falls |
| 43 | // back to containerd's default transport. |
| 44 | func NewResolver(config *configfile.ConfigFile, transport http.RoundTripper, insecureRegistries ...string) remotes.Resolver { |
| 45 | authOpts := []docker.AuthorizerOpt{ |
| 46 | docker.WithAuthCreds(func(host string) (string, string, error) { |
| 47 | host = registry.GetAuthConfigKey(host) |
| 48 | auth, err := config.GetAuthConfig(host) |
| 49 | if err != nil { |
| 50 | return "", "", err |
| 51 | } |
| 52 | if auth.IdentityToken != "" { |
| 53 | return "", auth.IdentityToken, nil |
| 54 | } |
| 55 | return auth.Username, auth.Password, nil |
| 56 | }), |
| 57 | } |
| 58 | if transport != nil { |
| 59 | authOpts = append(authOpts, docker.WithAuthClient(&http.Client{Transport: transport})) |
| 60 | } |
| 61 | opts := []docker.RegistryOpt{ |
| 62 | docker.WithAuthorizer(docker.NewDockerAuthorizer(authOpts...)), |
| 63 | docker.WithPlainHTTP(func(domain string) (bool, error) { |
| 64 | // Should be used for testing **only** |
| 65 | return slices.Contains(insecureRegistries, domain), nil |
| 66 | }), |
| 67 | } |
| 68 | if transport != nil { |
| 69 | opts = append(opts, docker.WithClient(&http.Client{Transport: transport})) |
| 70 | } |
| 71 | return docker.NewResolver(docker.ResolverOptions{ |
| 72 | Hosts: docker.ConfigureDefaultRegistries(opts...), |
| 73 | }) |
| 74 | } |
| 75 | |
| 76 | // Get retrieves a Named OCI resource and returns OCI Descriptor and Manifest |
| 77 | func Get(ctx context.Context, resolver remotes.Resolver, ref reference.Named) (spec.Descriptor, []byte, error) { |