Add support for Basic Authentication to proxyingRegistry

Signed-off-by: oliver-goetz <o.goetz@sap.com>

registry/proxy/proxyauth.go

@@ -12,19 +12,28 @@ import (
 
 const challengeHeader = "Docker-Distribution-Api-Version"
 
-type userpass struct {
+type basicAuth struct {
 	username string
 	password string
 }
 
+func (b basicAuth) Basic(u *url.URL) (string, string) {
+	return b.username, b.password
+}
+
+func (b basicAuth) RefreshToken(u *url.URL, service string) string {
+	return ""
+}
+
+func (b basicAuth) SetRefreshToken(u *url.URL, service, token string) {
+}
+
 type credentials struct {
-	creds map[string]userpass
+	creds map[string]basicAuth
 }
 
 func (c credentials) Basic(u *url.URL) (string, string) {
-	up := c.creds[u.String()]
-
-	return up.username, up.password
+	return c.creds[u.String()].Basic(u)
 }
 
 func (c credentials) RefreshToken(u *url.URL, service string) string {
@@ -35,23 +44,23 @@ func (c credentials) SetRefreshToken(u *url.URL, service, token string) {
 }
 
 // configureAuth stores credentials for challenge responses
-func configureAuth(username, password, remoteURL string) (auth.CredentialStore, error) {
-	creds := map[string]userpass{}
+func configureAuth(username, password, remoteURL string) (auth.CredentialStore, *basicAuth, error) {
+	creds := map[string]basicAuth{}
 
 	authURLs, err := getAuthURLs(remoteURL)
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 
 	for _, url := range authURLs {
 		dcontext.GetLogger(dcontext.Background()).Infof("Discovered token authentication URL: %s", url)
-		creds[url] = userpass{
+		creds[url] = basicAuth{
 			username: username,
 			password: password,
 		}
 	}
 
-	return credentials{creds: creds}, nil
+	return credentials{creds: creds}, &basicAuth{username: username, password: password}, nil
 }
 
 func getAuthURLs(remoteURL string) ([]string, error) {

registry/proxy/proxyregistry.go

@@ -8,6 +8,8 @@ import (
 	"sync"
 	"time"
 
+	"github.com/distribution/reference"
+
 	"github.com/distribution/distribution/v3"
 	"github.com/distribution/distribution/v3/configuration"
 	"github.com/distribution/distribution/v3/internal/client"
@@ -18,7 +20,6 @@ import (
 	"github.com/distribution/distribution/v3/registry/proxy/scheduler"
 	"github.com/distribution/distribution/v3/registry/storage"
 	"github.com/distribution/distribution/v3/registry/storage/driver"
-	"github.com/distribution/reference"
 )
 
 var repositoryTTL = 24 * 7 * time.Hour
@@ -30,6 +31,7 @@ type proxyingRegistry struct {
 	ttl            *time.Duration
 	remoteURL      url.URL
 	authChallenger authChallenger
+	basicAuth      *basicAuth
 }
 
 // NewRegistryPullThroughCache creates a registry acting as a pull through cache
@@ -112,7 +114,7 @@ func NewRegistryPullThroughCache(ctx context.Context, registry distribution.Name
 		}
 	}
 
-	cs, err := configureAuth(config.Username, config.Password, config.RemoteURL)
+	cs, b, err := configureAuth(config.Username, config.Password, config.RemoteURL)
 	if err != nil {
 		return nil, err
 	}
@@ -127,6 +129,7 @@ func NewRegistryPullThroughCache(ctx context.Context, registry distribution.Name
 			cm:        challenge.NewSimpleManager(),
 			cs:        cs,
 		},
+		basicAuth: b,
 	}, nil
 }
 
@@ -155,7 +158,8 @@ func (pr *proxyingRegistry) Repository(ctx context.Context, name reference.Named
 
 	tr := transport.NewTransport(http.DefaultTransport,
 		auth.NewAuthorizer(c.challengeManager(),
-			auth.NewTokenHandlerWithOptions(tkopts)))
+			auth.NewTokenHandlerWithOptions(tkopts),
+			auth.NewBasicHandler(pr.basicAuth)))
 
 	localRepo, err := pr.embedded.Repository(ctx, name)
 	if err != nil {