diff --git a/auth_server/authn/data/github_auth_result.tmpl b/auth_server/authn/data/github_auth_result.tmpl index 2619d0cd..513034ea 100644 --- a/auth_server/authn/data/github_auth_result.tmpl +++ b/auth_server/authn/data/github_auth_result.tmpl @@ -43,9 +43,11 @@

You are successfully authenticated for the Docker Registry{{if .Organization}} with the @{{.Organization}} Github organization{{end}}. - Use the following username and password to login into the registry: + Log into the registry using one of these commands: 

$ docker login -u {{.Username}} -p {{.Password}} {{if .RegistryUrl}}{{.RegistryUrl}}{{else}}docker.example.com{{end}}
+ 
$ podman login -u {{.Username}} -p {{.Password}} {{if .RegistryUrl}}{{.RegistryUrl}}{{else}}docker.example.com{{end}}
+ 
$ nerdctl login -u {{.Username}} -p {{.Password}} {{if .RegistryUrl}}{{.RegistryUrl}}{{else}}docker.example.com{{end}}
diff --git a/auth_server/authn/data/gitlab_auth_result.tmpl b/auth_server/authn/data/gitlab_auth_result.tmpl index 554cef23..cb53fcf8 100644 --- a/auth_server/authn/data/gitlab_auth_result.tmpl +++ b/auth_server/authn/data/gitlab_auth_result.tmpl @@ -43,9 +43,11 @@

You are successfully authenticated to the Docker Registry. - Use the following username and password to login into the registry: + Log into the registry using one of these commands: 

$ docker login -u {{.Username}} -p {{.Password}} {{if .RegistryUrl}}{{.RegistryUrl}}{{else}}docker.example.com{{end}}
+ 
$ podman login -u {{.Username}} -p {{.Password}} {{if .RegistryUrl}}{{.RegistryUrl}}{{else}}docker.example.com{{end}}
+ 
$ nerdctl login -u {{.Username}} -p {{.Password}} {{if .RegistryUrl}}{{.RegistryUrl}}{{else}}docker.example.com{{end}}
diff --git a/auth_server/authn/data/oidc_auth_result.tmpl b/auth_server/authn/data/oidc_auth_result.tmpl index e2c5fe0b..86021bc0 100644 --- a/auth_server/authn/data/oidc_auth_result.tmpl +++ b/auth_server/authn/data/oidc_auth_result.tmpl @@ -9,9 +9,11 @@

You are successfully authenticated for the Docker Registry. - Use the following username and password to login into the registry: + Log into the registry using one of these commands: 

$ docker login -u {{.Username}} -p {{.Password}} {{if .RegistryUrl}}{{.RegistryUrl}}{{else}}docker.example.com{{end}}
+ 
$ podman login -u {{.Username}} -p {{.Password}} {{if .RegistryUrl}}{{.RegistryUrl}}{{else}}docker.example.com{{end}}
+ 
$ nerdctl login -u {{.Username}} -p {{.Password}} {{if .RegistryUrl}}{{.RegistryUrl}}{{else}}docker.example.com{{end}}
diff --git a/auth_server/authz/acl_xorm.go b/auth_server/authz/acl_xorm.go index f60af213..559b4bc7 100644 --- a/auth_server/authz/acl_xorm.go +++ b/auth_server/authz/acl_xorm.go @@ -43,7 +43,7 @@ type XormAuthzConfig struct { type XormACL []XormACLEntry type XormACLEntry struct { - ACLEntry `xorm:"'acl_entry'"` + ACLEntry `xorm:"'acl_entry' JSON"` Seq int64 } @@ -138,8 +138,10 @@ func (xa *aclXormAuthz) updateACLCache() error { // Get ACL from Xorm.io database connection var newACL []XormACLEntry - xa.engine.OrderBy("seq").Find(&newACL) - + err := xa.engine.OrderBy("seq").Find(&newACL) + if err != nil { + return err + } var retACL ACL for _, e := range newACL { retACL = append(retACL, e.ACLEntry) diff --git a/docs/auth-methods.md b/docs/auth-methods.md index 6ca07759..1cc67572 100644 --- a/docs/auth-methods.md +++ b/docs/auth-methods.md @@ -15,6 +15,8 @@ github_auth: client_secret: "..." # or client_secret_file level_token_db: path: /data/tokens.db + # Optional token hash cost for bcrypt hashing + # token_hash_cost: 5 ``` Then specify what teams can do via acls diff --git a/examples/reference.yml b/examples/reference.yml index 03ac2e84..bc4576a4 100644 --- a/examples/reference.yml +++ b/examples/reference.yml @@ -117,6 +117,8 @@ google_auth: # Where to store server tokens. Required. level_token_db: path: "/somewhere/to/put/google_tokens.ldb" + # Optional token hash cost for bcrypt hashing + # token_hash_cost: 5 # How long to wait when talking to Google servers. Optional. http_timeout: "10s" @@ -136,9 +138,11 @@ github_auth: # want to have sensitive information checked in. # client_secret: "verysecret" client_secret_file: "/path/to/client_secret.txt" - # Either token_db file for storing of server tokens. + # Either level_token_db file for storing of server tokens. level_token_db: path: "/somewhere/to/put/github_tokens.ldb" + # Optional token hash cost for bcrypt hashing + # token_hash_cost: 5 # or google cloud storage for storing of the sensitive information, gcs_token_db: bucket: "tokenBucket" @@ -185,6 +189,8 @@ oidc_auth: # a file in which the tokens should be stored. Does not have to exist, it will be generated in this case level_token_db: path: "/path/to/tokens.ldb" + # Optional token hash cost for bcrypt hashing + # token_hash_cost: 5 # --- optional --- # How long to wait when talking to the OIDC provider. http_timeout: "10s" @@ -213,9 +219,11 @@ gitlab_auth: # want to have sensitive information checked in. # client_secret: "verysecret" client_secret_file: "/path/to/client_secret.txt" - # Either token_db file for storing of server tokens. + # Either level_token_db file for storing of server tokens. level_token_db: path: "/somewhere/to/put/gitlab_tokens.ldb" + # Optional token hash cost for bcrypt hashing + # token_hash_cost: 5 # or google cloud storage for storing of the sensitive information, gcs_token_db: bucket: "tokenBucket"