Handle registry auth config (#411)

Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com>

docs/faq.md

@@ -26,6 +26,31 @@ Or within a container:
 docker-compose exec diun diun notif test
 ```
 
+## Authentication against the registry
+
+You can authenticate against the registry through the [`regopts` settings](config/regopts.md) or you can mount
+your docker config file `$HOME/.docker/config.json` if you are already connected to the registry with `docker login`:
+
+```yaml
+version: "3.5"
+
+services:
+  diun:
+    image: crazymax/diun:latest
+    container_name: diun
+    command: serve
+    volumes:
+      - "./data:/data"
+      - "/root/.docker/config.json:/root/.docker/config.json:ro"
+      - "/var/run/docker.sock:/var/run/docker.sock"
+    environment:
+      - "TZ=Europe/Paris"
+      - "DIUN_WATCH_SCHEDULE=0 */6 * * *"
+      - "DIUN_PROVIDERS_DOCKER=true"
+      - "DIUN_PROVIDERS_DOCKER_WATCHBYDEFAULT=true"
+    restart: always
+```
+
 ## field docker|swarm uses unsupported type: invalid
 
 If you have the error `failed to decode configuration from file: field docker uses unsupported type: invalid` that's

internal/app/job.go

@@ -4,6 +4,8 @@ import (
 	"fmt"
 	"regexp"
 
+	"github.com/containers/image/v5/pkg/docker/config"
+	"github.com/containers/image/v5/types"
 	"github.com/crazy-max/diun/v4/internal/model"
 	"github.com/crazy-max/diun/v4/pkg/registry"
 	"github.com/crazy-max/diun/v4/pkg/utl"
@@ -81,9 +83,21 @@ func (di *Diun) createJob(job model.Job) {
 		}
 	}
 
+	var auth types.DockerAuthConfig
+	if len(regUser) > 0 {
+		auth = types.DockerAuthConfig{
+			Username: regUser,
+			Password: regPassword,
+		}
+	} else {
+		auth, err = config.GetCredentials(nil, job.RegImage.Domain)
+		if err != nil {
+			sublog.Warn().Err(err).Msg("Error seeking Docker credentials")
+		}
+	}
+
 	job.Registry, err = registry.New(registry.Options{
-		Username:      regUser,
-		Password:      regPassword,
+		Auth:          auth,
 		Timeout:       *reg.Timeout,
 		InsecureTLS:   *reg.InsecureTLS,
 		UserAgent:     di.meta.UserAgent,

pkg/registry/registry.go

@@ -15,8 +15,7 @@ type Client struct {
 
 // Options holds docker registry object options
 type Options struct {
-	Username      string
-	Password      string
+	Auth          types.DockerAuthConfig
 	InsecureTLS   bool
 	Timeout       time.Duration
 	UserAgent     string
@@ -28,39 +27,17 @@ type Options struct {
 
 // New creates new docker registry client instance
 func New(opts Options) (*Client, error) {
-	// Auth
-	var auth *types.DockerAuthConfig
-	if opts.Username != "" {
-		auth = &types.DockerAuthConfig{
-			Username: opts.Username,
-			Password: opts.Password,
-		}
-	}
-
-	if auth == nil {
-		auth = &types.DockerAuthConfig{}
-		// TODO: Seek credentials
-		//auth, err := config.GetCredentials(c.sysCtx, reference.Domain(ref.DockerReference()))
-		//if err != nil {
-		//	return nil, errors.Wrap(err, "Cannot get registry credentials")
-		//}
-		//*c.sysCtx.DockerAuthConfig = auth
-	}
-
-	// Sys context
-	sysCtx := &types.SystemContext{
-		DockerAuthConfig:                  auth,
-		DockerDaemonInsecureSkipTLSVerify: opts.InsecureTLS,
-		DockerInsecureSkipTLSVerify:       types.NewOptionalBool(opts.InsecureTLS),
-		DockerRegistryUserAgent:           opts.UserAgent,
-		OSChoice:                          opts.ImageOs,
-		ArchitectureChoice:                opts.ImageArch,
-		VariantChoice:                     opts.ImageVariant,
-	}
-
 	return &Client{
-		opts:   opts,
-		sysCtx: sysCtx,
+		opts: opts,
+		sysCtx: &types.SystemContext{
+			DockerAuthConfig:                  &opts.Auth,
+			DockerDaemonInsecureSkipTLSVerify: opts.InsecureTLS,
+			DockerInsecureSkipTLSVerify:       types.NewOptionalBool(opts.InsecureTLS),
+			DockerRegistryUserAgent:           opts.UserAgent,
+			OSChoice:                          opts.ImageOs,
+			ArchitectureChoice:                opts.ImageArch,
+			VariantChoice:                     opts.ImageVariant,
+		},
 	}, nil
 }