- .devcontainer
- .github
- api
- builder
- cli
-
client
-
buildkit
-
testdata
- README.md
- build_cancel.go
- build_prune.go
- checkpoint_create.go
- checkpoint_create_test.go
- checkpoint_delete.go
- checkpoint_delete_test.go
- checkpoint_list.go
- checkpoint_list_test.go
- client.go
- client_deprecated.go
- client_mock_test.go
- client_test.go
- client_unix.go
- client_windows.go
- config_create.go
- config_create_test.go
- config_inspect.go
- config_inspect_test.go
- config_list.go
- config_list_test.go
- config_remove.go
- config_remove_test.go
- config_update.go
- config_update_test.go
- container_attach.go
- container_commit.go
- container_commit_test.go
- container_copy.go
- container_copy_test.go
- container_create.go
- container_create_test.go
- container_diff.go
- container_diff_test.go
- container_exec.go
- container_exec_test.go
- container_export.go
- container_export_test.go
- container_inspect.go
- container_inspect_test.go
- container_kill.go
- container_kill_test.go
- container_list.go
- container_list_test.go
- container_logs.go
- container_logs_test.go
- container_pause.go
- container_pause_test.go
- container_prune.go
- container_prune_test.go
- container_remove.go
- container_remove_test.go
- container_rename.go
- container_rename_test.go
- container_resize.go
- container_resize_test.go
- container_restart.go
- container_restart_test.go
- container_start.go
- container_start_test.go
- container_stats.go
- container_stats_test.go
- container_stop.go
- container_stop_test.go
- container_top.go
- container_top_test.go
- container_unpause.go
- container_unpause_test.go
- container_update.go
- container_update_test.go
- container_wait.go
- container_wait_test.go
- disk_usage.go
- disk_usage_test.go
- distribution_inspect.go
- distribution_inspect_test.go
- envvars.go
- errors.go
- events.go
- events_test.go
- hijack.go
- hijack_test.go
- image_build.go
- image_build_test.go
- image_create.go
- image_create_test.go
- image_history.go
- image_history_test.go
- image_import.go
- image_import_test.go
- image_inspect.go
- image_inspect_test.go
- image_list.go
- image_list_test.go
- image_load.go
- image_load_test.go
- image_prune.go
- image_prune_test.go
- image_pull.go
- image_pull_test.go
- image_push.go
- image_push_test.go
- image_remove.go
- image_remove_test.go
- image_save.go
- image_save_test.go
- image_search.go
- image_search_test.go
- image_tag.go
- image_tag_test.go
- info.go
- info_test.go
- interface.go
- interface_experimental.go
- interface_stable.go
- login.go
- network_connect.go
- network_connect_test.go
- network_create.go
- network_create_test.go
- network_disconnect.go
- network_disconnect_test.go
- network_inspect.go
- network_inspect_test.go
- network_list.go
- network_list_test.go
- network_prune.go
- network_prune_test.go
- network_remove.go
- network_remove_test.go
- node_inspect.go
- node_inspect_test.go
- node_list.go
- node_list_test.go
- node_remove.go
- node_remove_test.go
- node_update.go
- node_update_test.go
- options.go
- options_test.go
- ping.go
- ping_test.go
- plugin_create.go
- plugin_disable.go
- plugin_disable_test.go
- plugin_enable.go
- plugin_enable_test.go
- plugin_inspect.go
- plugin_inspect_test.go
- plugin_install.go
- plugin_list.go
- plugin_list_test.go
- plugin_push.go
- plugin_push_test.go
- plugin_remove.go
- plugin_remove_test.go
- plugin_set.go
- plugin_set_test.go
- plugin_upgrade.go
- request.go
- request_test.go
- secret_create.go
- secret_create_test.go
- secret_inspect.go
- secret_inspect_test.go
- secret_list.go
- secret_list_test.go
- secret_remove.go
- secret_remove_test.go
- secret_update.go
- secret_update_test.go
- service_create.go
- service_create_test.go
- service_inspect.go
- service_inspect_test.go
- service_list.go
- service_list_test.go
- service_logs.go
- service_logs_test.go
- service_remove.go
- service_remove_test.go
- service_update.go
- service_update_test.go
- swarm_get_unlock_key.go
- swarm_get_unlock_key_test.go
- swarm_init.go
- swarm_init_test.go
- swarm_inspect.go
- swarm_inspect_test.go
- swarm_join.go
- swarm_join_test.go
- swarm_leave.go
- swarm_leave_test.go
- swarm_unlock.go
- swarm_unlock_test.go
- swarm_update.go
- swarm_update_test.go
- task_inspect.go
- task_inspect_test.go
- task_list.go
- task_list_test.go
- task_logs.go
- utils.go
- version.go
- volume_create.go
- volume_create_test.go
- volume_inspect.go
- volume_inspect_test.go
- volume_list.go
- volume_list_test.go
- volume_prune.go
- volume_remove.go
- volume_remove_test.go
- volume_update.go
- volume_update_test.go
-
buildkit
- cmd
-
container
-
stream
- archive_windows.go
- attach_context.go
- container.go
- container_unit_test.go
- container_unix.go
- container_windows.go
- env.go
- env_test.go
- exec.go
- health.go
- history.go
- memory_store.go
- memory_store_test.go
- monitor.go
- mounts_unix.go
- mounts_windows.go
- state.go
- state_test.go
- store.go
- view.go
- view_test.go
-
stream
-
contrib
-
apparmor
-
busybox
-
gitdm
-
httpserver
-
init
-
nnp-test
-
syntax
-
syscall-test
-
udev
- README.md
- check-config.sh
- dockerd-rootless-setuptool.sh
- dockerd-rootless.sh
- dockerize-disk.sh
- download-frozen-image-v2.sh
- editorconfig
- mac-install-bundle.sh
- mkimage-alpine.sh
- mkimage-arch-pacman.conf
- mkimage-arch.sh
- mkimage-archarm-pacman.conf
- mkimage-crux.sh
- mkimage-pld.sh
- mkimage-yum.sh
- nuke-graph-directory.sh
-
apparmor
-
daemon
-
cluster
-
config
-
containerd
-
events
-
graphdriver
-
images
-
initlayer
-
links
-
listeners
-
logger
-
names
-
network
-
snapshotter
-
stats
-
testdata
- apparmor_default.go
- apparmor_default_unsupported.go
- archive.go
- archive_tarcopyoptions.go
- archive_tarcopyoptions_unix.go
- archive_tarcopyoptions_windows.go
- archive_unix.go
- archive_windows.go
- attach.go
- auth.go
- cdi.go
- changes.go
- checkpoint.go
- cluster.go
- commit.go
- configs.go
- configs_linux.go
- configs_unsupported.go
- configs_windows.go
- container.go
- container_linux.go
- container_operations.go
- container_operations_test.go
- container_operations_unix.go
- container_operations_windows.go
- container_unix_test.go
- container_windows.go
- containerfs_linux.go
- content.go
- create.go
- create_unix.go
- create_windows.go
- daemon.go
- daemon_linux.go
- daemon_linux_test.go
- daemon_test.go
- daemon_unix.go
- daemon_unix_test.go
- daemon_unsupported.go
- daemon_windows.go
- daemon_windows_test.go
- debugtrap_unix.go
- debugtrap_unsupported.go
- debugtrap_windows.go
- delete.go
- delete_test.go
- dependency.go
- devices.go
- disk_usage.go
- errors.go
- errors_test.go
- events.go
- events_test.go
- exec.go
- exec_linux.go
- exec_linux_test.go
- exec_windows.go
- export.go
- health.go
- health_test.go
- id.go
- image_service.go
- info.go
- info_unix.go
- info_unix_test.go
- info_windows.go
- inspect.go
- inspect_linux.go
- inspect_test.go
- inspect_windows.go
- keys.go
- keys_unsupported.go
- kill.go
- licensing.go
- licensing_test.go
- links.go
- list.go
- list_test.go
- list_unix.go
- list_windows.go
- logdrivers_linux.go
- logdrivers_windows.go
- logs.go
- logs_test.go
- metrics.go
- metrics_unix.go
- metrics_unsupported.go
- monitor.go
- mounts.go
- names.go
- network.go
- network_windows.go
- nvidia_linux.go
- oci_linux.go
- oci_linux_test.go
- oci_opts.go
- oci_utils.go
- oci_windows.go
- oci_windows_test.go
- pause.go
- prune.go
- reload.go
- reload_test.go
- reload_unix.go
- reload_windows.go
- rename.go
- resize.go
- resize_test.go
- restart.go
- runtime_unix.go
- runtime_unix_test.go
- runtime_windows.go
- seccomp_linux.go
- seccomp_linux_test.go
- seccomp_unsupported.go
- secrets.go
- secrets_linux.go
- secrets_unsupported.go
- secrets_windows.go
- start.go
- start_linux.go
- start_notlinux.go
- start_unix.go
- start_windows.go
- stats.go
- stats_collector.go
- stats_unix.go
- stats_windows.go
- stop.go
- top_unix.go
- top_unix_test.go
- top_windows.go
- unpause.go
- update.go
- update_linux.go
- update_linux_test.go
- update_windows.go
- volumes.go
- volumes_linux.go
- volumes_linux_test.go
- volumes_unit_test.go
- volumes_unix.go
- volumes_windows.go
- wait.go
- workdir.go
-
cluster
- distribution
- dockerversion
- docs
- errdefs
- hack
- image
- integration
-
integration-cli
-
checker
-
cli
-
daemon
-
environment
-
fixtures
-
requirement
-
testdata
- benchmark_test.go
- check_test.go
- daemon_swarm_hack_test.go
- docker_api_attach_test.go
- docker_api_build_test.go
- docker_api_build_windows_test.go
- docker_api_containers_test.go
- docker_api_containers_unix_test.go
- docker_api_containers_windows_test.go
- docker_api_exec_resize_test.go
- docker_api_exec_test.go
- docker_api_images_test.go
- docker_api_inspect_test.go
- docker_api_logs_test.go
- docker_api_network_test.go
- docker_api_stats_test.go
- docker_api_swarm_node_test.go
- docker_api_swarm_service_test.go
- docker_api_swarm_test.go
- docker_api_test.go
- docker_cli_attach_test.go
- docker_cli_attach_unix_test.go
- docker_cli_build_test.go
- docker_cli_build_unix_test.go
- docker_cli_by_digest_test.go
- docker_cli_commit_test.go
- docker_cli_cp_from_container_test.go
- docker_cli_cp_test.go
- docker_cli_cp_to_container_test.go
- docker_cli_cp_to_container_unix_test.go
- docker_cli_cp_utils_test.go
- docker_cli_create_test.go
- docker_cli_daemon_plugins_test.go
- docker_cli_daemon_test.go
- docker_cli_events_test.go
- docker_cli_events_unix_test.go
- docker_cli_exec_test.go
- docker_cli_exec_unix_test.go
- docker_cli_external_volume_driver_test.go
- docker_cli_health_test.go
- docker_cli_history_test.go
- docker_cli_images_test.go
- docker_cli_import_test.go
- docker_cli_info_test.go
- docker_cli_info_unix_test.go
- docker_cli_inspect_test.go
- docker_cli_links_test.go
- docker_cli_login_test.go
- docker_cli_logout_test.go
- docker_cli_logs_test.go
- docker_cli_netmode_test.go
- docker_cli_network_test.go
- docker_cli_network_unix_test.go
- docker_cli_plugins_logdriver_test.go
- docker_cli_plugins_test.go
- docker_cli_port_test.go
- docker_cli_proxy_test.go
- docker_cli_prune_test.go
- docker_cli_prune_unix_test.go
- docker_cli_ps_test.go
- docker_cli_pull_local_test.go
- docker_cli_pull_test.go
- docker_cli_push_test.go
- docker_cli_registry_user_agent_test.go
- docker_cli_restart_test.go
- docker_cli_rmi_test.go
- docker_cli_run_test.go
- docker_cli_run_unix_test.go
- docker_cli_save_load_test.go
- docker_cli_save_load_unix_test.go
- docker_cli_search_test.go
- docker_cli_service_create_test.go
- docker_cli_service_health_test.go
- docker_cli_service_logs_test.go
- docker_cli_service_scale_test.go
- docker_cli_sni_test.go
- docker_cli_start_test.go
- docker_cli_stats_test.go
- docker_cli_swarm_test.go
- docker_cli_swarm_unix_test.go
- docker_cli_top_test.go
- docker_cli_update_test.go
- docker_cli_update_unix_test.go
- docker_cli_userns_test.go
- docker_cli_v2_only_test.go
- docker_cli_volume_test.go
- docker_hub_pull_suite_test.go
- docker_utils_test.go
- events_utils_test.go
- fixtures_linux_daemon_test.go
- requirements_test.go
- requirements_unix_test.go
- requirements_windows_test.go
- test_vars_test.go
- test_vars_unix_test.go
- test_vars_windows_test.go
- utils_test.go
- utils_unix_test.go
- utils_windows_test.go
-
checker
- internal
- layer
- libcontainerd
-
libnetwork
-
bitmap
-
cluster
-
cmd
-
config
-
datastore
-
diagnostic
-
discoverapi
-
docs
-
driverapi
-
drivers
-
drvregistry
-
etchosts
-
internal
-
ipam
-
ipamapi
-
ipams
-
ipamutils
-
ipbits
-
iptables
-
netlabel
-
netutils
-
networkdb
-
ns
-
options
-
osl
-
portallocator
-
portmapper
-
resolvconf
-
scope
-
support
-
types
- .dockerignore
- .gitignore
- README.md
- agent.go
- agent.pb.go
- agent.proto
- controller.go
- controller_linux.go
- controller_others.go
- default_gateway.go
- default_gateway_freebsd.go
- default_gateway_linux.go
- default_gateway_windows.go
- drivers_freebsd.go
- drivers_ipam.go
- drivers_linux.go
- drivers_unsupported.go
- drivers_windows.go
- endpoint.go
- endpoint_cnt.go
- endpoint_info.go
- endpoint_info_unix.go
- endpoint_info_windows.go
- endpoint_test.go
- endpoint_unix_test.go
- error.go
- errors_test.go
- firewall_linux.go
- firewall_linux_test.go
- firewall_others.go
- libnetwork_internal_test.go
- libnetwork_linux_test.go
- libnetwork_unix_test.go
- libnetwork_windows_test.go
- network.go
- network_unix.go
- network_windows.go
- resolver.go
- resolver_test.go
- resolver_unix.go
- resolver_unix_test.go
- resolver_windows.go
- sandbox.go
- sandbox_dns_unix.go
- sandbox_dns_unix_test.go
- sandbox_dns_windows.go
- sandbox_externalkey_unix.go
- sandbox_externalkey_unsupported.go
- sandbox_linux.go
- sandbox_options.go
- sandbox_store.go
- sandbox_unix_test.go
- sandbox_unsupported.go
- service.go
- service_common.go
- service_common_unix_test.go
- service_linux.go
- service_unsupported.go
- service_windows.go
- store.go
- store_linux_test.go
- store_test.go
-
bitmap
- oci
- opts
-
pkg
-
archive
-
authorization
-
broadcaster
-
capabilities
-
chrootarchive
-
containerfs
-
directory
-
dmesg
-
fileutils
-
homedir
-
idtools
-
ioutils
-
jsonmessage
-
longpath
-
meminfo
-
namesgenerator
-
parsers
-
pidfile
-
platform
-
plugingetter
-
plugins
-
pools
-
process
-
progress
-
reexec
-
rootless
-
stack
-
stdcopy
-
streamformatter
-
stringid
-
sysinfo
-
system
-
tailfile
-
tarsum
-
useragent
- README.md
-
archive
- plugin
- profiles
- project
- quota
- reference
- registry
- reports
- restartmanager
- runconfig
- testutil
- vendor
- volume
- .dockerignore
- .gitattributes
- .gitignore
- .golangci.yml
- .mailmap
- AUTHORS
- CONTRIBUTING.md
- Dockerfile
- Dockerfile.simple
- Dockerfile.windows
- Jenkinsfile
- LICENSE
- MAINTAINERS
- Makefile
- NOTICE
- README.md
- ROADMAP.md
- SECURITY.md
- TESTING.md
- VENDORING.md
- codecov.yml
- docker-bake.hcl
- vendor.mod
- vendor.sum
Explanation
The code you provided is a function called newRepository from the distribution package in the moby repository. This function is responsible for creating a new distribution.Repository object, which represents a Docker registry repository.
Here’s a breakdown of the code:
1. Function Signature:
func newRepository(
ctx context.Context, repoInfo *registry.RepositoryInfo, endpoint registry.APIEndpoint,
metaHeaders http.Header, authConfig *registrytypes.AuthConfig, actions ...string,
) (distribution.Repository, error)
The function takes several arguments:
ctx: Acontext.Contextfor cancellation and request-scoped values.repoInfo: Aregistry.RepositoryInfostruct containing information about the repository.endpoint: Aregistry.APIEndpointstruct containing the URL and TLS configuration for the registry.metaHeaders: Anhttp.Headercontaining any custom headers to send with the request.authConfig: Aregistrytypes.AuthConfigstruct containing the authentication credentials for the registry.actions: A variadic list of strings specifying the actions allowed on the repository (e.g.,pull,push).
The function returns a distribution.Repository interface and an error.
2. Setting up the Repository Name:
repoName := repoInfo.Name.Name()
// If endpoint does not support CanonicalName, use the RemoteName instead
if endpoint.TrimHostname {
repoName = reference.Path(repoInfo.Name)
}
This code extracts the repository name from the repoInfo struct. If the endpoint specifies that it doesn’t support canonical names, it uses the remote name instead.
3. Creating the HTTP Transport:
direct := &net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
}
// TODO(dmcgowan): Call close idle connections when complete, use keep alive
base := &http.Transport{
Proxy: http.ProxyFromEnvironment,
DialContext: direct.DialContext,
TLSHandshakeTimeout: 10 * time.Second,
TLSClientConfig: endpoint.TLSConfig,
// TODO(dmcgowan): Call close idle connections when complete and use keep alive
DisableKeepAlives: true,
}
This code creates a new http.Transport with the following settings:
DialContext: Uses a custom dialer (direct) with timeouts and keep-alive settings.TLSHandshakeTimeout: Sets a timeout for the TLS handshake.TLSClientConfig: Uses the TLS configuration from theendpointstruct.DisableKeepAlives: Disables keep-alive connections (this is marked as a TODO and should be fixed).
4. Adding Request Modifiers:
modifiers := registry.Headers(dockerversion.DockerUserAgent(ctx), metaHeaders)
authTransport := transport.NewTransport(base, modifiers...)
This code creates a list of request modifiers (modifiers) that will be applied to all requests made through the transport. These modifiers include:
dockerversion.DockerUserAgent(ctx): Adds a user-agent header indicating the Docker version.metaHeaders: Adds any custom headers provided in themetaHeadersargument.
The authTransport is then created using the transport.NewTransport function, which takes the base transport and the list of modifiers.
5. Verifying the Registry API Version:
challengeManager, err := registry.PingV2Registry(endpoint.URL, authTransport)
if err != nil {
transportOK := false
if responseErr, ok := err.(registry.PingResponseError); ok {
transportOK = true
err = responseErr.Err
}
return nil, fallbackError{
err: err,
transportOK: transportOK,
}
}
This code pings the registry to verify that it supports the v2 API. It uses the registry.PingV2Registry function, which sends a request to the registry and checks for a specific response indicating support for the v2 API.
If there’s an error, it checks if the error is a registry.PingResponseError. If it is, it extracts the underlying error and wraps it in a fallbackError struct.
6. Adding Authentication:
if authConfig.RegistryToken != "" {
modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, &passThruTokenHandler{token: authConfig.RegistryToken}))
} else {
creds := registry.NewStaticCredentialStore(authConfig)
tokenHandler := auth.NewTokenHandlerWithOptions(auth.TokenHandlerOptions{
Transport: authTransport,
Credentials: creds,
Scopes: []auth.Scope{auth.RepositoryScope{
Repository: repoName,
Actions: actions,
Class: repoInfo.Class,
}},
ClientID: registry.AuthClientID,
})
basicHandler := auth.NewBasicHandler(creds)
modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, tokenHandler, basicHandler))
}
tr := transport.NewTransport(base, modifiers...)
This code adds authentication to the transport. If a registry token is provided, it creates a passThruTokenHandler and adds an auth.Authorizer to the modifiers.
Otherwise, it creates a registry.StaticCredentialStore from the authConfig and uses it to create a auth.TokenHandler. The TokenHandler is then used to create a new auth.Authorizer that handles both token-based and basic authentication.
The tr variable is then created using the modified transport.
7. Creating the Repository Object:
repoNameRef, err := reference.WithName(repoName)
if err != nil {
return nil, fallbackError{
err: err,
transportOK: true,
}
}
repo, err := client.NewRepository(repoNameRef, endpoint.URL.String(), tr)
if err != nil {
return nil, fallbackError{
err: err,
transportOK: true,
}
}
return repo, nil
This code creates a new distribution.Repository object using the client.NewRepository function. It takes the repository name, the registry URL, and the authenticated transport as arguments.
If there’s an error, it’s wrapped in a fallbackError struct.
8. passThruTokenHandler Struct:
The passThruTokenHandler struct implements the auth.TokenHandler interface. It’s used to handle authentication using a registry token.
9. Summary:
In summary, the newRepository function creates a new distribution.Repository object for a given Docker registry repository. It handles:
- Setting up the repository name.
- Creating an HTTP transport with timeouts, TLS, and request modifiers.
- Verifying the registry API version.
- Adding authentication (token-based or basic).
- Creating the actual repository object.
This function is a key component of the distribution package and is used by other parts of the moby codebase to interact with Docker registries.
Graph
The graph shows the usage of functions within the codebase.
Select a code symbol to view it's graph
