Add username and password to lsp func

Author: cdupuis

commands/cmd.go

@@ -120,7 +120,7 @@ func NewRootCmd(name string, isPlugin bool, dockerCli command.Cli) *cobra.Comman
 			var sb *types.Sbom
 
 			if ociDir == "" {
-				sb, err = sbom.IndexImage(image, dockerCli)
+				sb, err = sbom.IndexImage(image, sbom.IndexOptions{Cli: dockerCli})
 			} else {
 				sb, err = sbom.IndexPath(ociDir, image, dockerCli)
 			}
@@ -174,7 +174,7 @@ func NewRootCmd(name string, isPlugin bool, dockerCli command.Cli) *cobra.Comman
 
 			var sb *types.Sbom
 			if ociDir == "" {
-				sb, err = sbom.IndexImage(image, dockerCli)
+				sb, err = sbom.IndexImage(image, sbom.IndexOptions{Cli: dockerCli})
 			} else {
 				sb, err = sbom.IndexPath(ociDir, image, dockerCli)
 			}
@@ -184,7 +184,7 @@ func NewRootCmd(name string, isPlugin bool, dockerCli command.Cli) *cobra.Comman
 			if !includeSbom {
 				sb.Artifacts = nil
 			}
-			return sbom.UploadSbom(sb, workspace, apiKey)
+			return sbom.Upload(sb, workspace, apiKey)
 		},
 	}
 	uploadCommandFlags := uploadCommand.Flags()
@@ -206,7 +206,7 @@ func NewRootCmd(name string, isPlugin bool, dockerCli command.Cli) *cobra.Comman
 			var sb *types.Sbom
 
 			if ociDir == "" {
-				sb, err = sbom.IndexImage(image, dockerCli)
+				sb, err = sbom.IndexImage(image, sbom.IndexOptions{Cli: dockerCli})
 			} else {
 				sb, err = sbom.IndexPath(ociDir, image, dockerCli)
 			}

sbom/lsp.go lsp/lsp.gosbom/lsp.go renamed to lsp/lsp.go

@@ -14,14 +14,15 @@
  * limitations under the License.
  */
 
-package sbom
+package lsp
 
 import (
 	"crypto/sha256"
 	"fmt"
 	"io"
 
 	"github.com/anchore/syft/syft/source"
+	"github.com/docker/index-cli-plugin/sbom"
 	"github.com/pkg/errors"
 
 	"github.com/docker/cli/cli/command"
@@ -30,35 +31,54 @@ import (
 	"github.com/docker/index-cli-plugin/sbom/util"
 )
 
-func Send(image string, tx chan<- string) error {
+type Lsp struct {
+	username string
+	password string
+}
+
+func New() *Lsp {
+	return &Lsp{}
+}
+
+func (l *Lsp) WithAuth(username, password string) *Lsp {
+	l.username = username
+	l.password = password
+	return l
+}
+
+func (l *Lsp) Send(image string, tx chan<- string) error {
 	cmd, err := command.NewDockerCli()
 	if err != nil {
 		return errors.Wrap(err, "failed to create docker cli")
 	}
 	if err := cmd.Initialize(cliflags.NewClientOptions()); err != nil {
 		return errors.Wrap(err, "failed to initialize docker cli")
 	}
-	sbom, err := IndexImage(image, cmd)
+	sb, err := sbom.IndexImage(image, sbom.IndexOptions{
+		Username: l.username,
+		Password: l.password,
+		Cli:      cmd,
+	})
 	if err != nil {
 		return errors.Wrap(err, "failed to create sbom")
 	}
-	err = sendSbom(sbom, tx)
+	err = sbom.Send(sb, tx)
 	if err != nil {
 		return errors.Wrap(err, "failed to send sbom")
 	}
 	close(tx)
 	return nil
 }
 
-func SendFileHashes(image string, tx chan<- string) error {
+func (l *Lsp) SendFileHashes(image string, tx chan<- string) error {
 	cmd, err := command.NewDockerCli()
 	if err != nil {
 		return errors.Wrap(err, "failed to create docker cli")
 	}
 	if err := cmd.Initialize(cliflags.NewClientOptions()); err != nil {
 		return errors.Wrap(err, "failed to initialize docker cli")
 	}
-	cache, err := registry.SaveImage(image, cmd)
+	cache, err := registry.SaveImage(image, l.username, l.password, cmd)
 	if err != nil {
 		return errors.Wrap(err, "failed to copy image")
 	}

sbom/lsp_test.go lsp/lsp_test.gosbom/lsp_test.go renamed to lsp/lsp_test.go

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package sbom
+package lsp
 
 import (
 	"testing"
@@ -24,7 +24,7 @@ func TestSend(t *testing.T) {
 	tx := make(chan string, 10)
 	transactions := make([]string, 0)
 
-	err := Send("alpine@sha256:c0d488a800e4127c334ad20d61d7bc21b4097540327217dfab52262adc02380c", tx)
+	err := New().Send("alpine@sha256:c0d488a800e4127c334ad20d61d7bc21b4097540327217dfab52262adc02380c", tx)
 	if err != nil {
 		t.Fail()
 	}
@@ -40,7 +40,7 @@ func TestSendFileHashes(t *testing.T) {
 	tx := make(chan string, 100)
 	transactions := make([]string, 0)
 
-	err := SendFileHashes("alpine@sha256:c0d488a800e4127c334ad20d61d7bc21b4097540327217dfab52262adc02380c", tx)
+	err := New().SendFileHashes("alpine@sha256:c0d488a800e4127c334ad20d61d7bc21b4097540327217dfab52262adc02380c", tx)
 	if err != nil {
 		t.Fail()
 	}

registry/save.go

@@ -221,7 +221,7 @@ func (c *ImageCache) Cleanup() {
 }
 
 // SaveImage stores the v1.Image at path returned in OCI format
-func SaveImage(image string, cli command.Cli) (*ImageCache, error) {
+func SaveImage(image string, username string, password string, cli command.Cli) (*ImageCache, error) {
 	skill.Log.Infof("Requesting image %s", image)
 	ref, err := name.ParseReference(image)
 	if err != nil {
@@ -288,13 +288,22 @@ func SaveImage(image string, cli command.Cli) (*ImageCache, error) {
 		}, nil
 	}
 	// try remote image next
-	desc, err := remote.Get(ref, withAuth())
+	desc, err := remote.Get(ref, WithAuth(username, password))
 	if err != nil {
 		return nil, errors.Wrapf(err, "failed to pull image: %s", image)
 	}
 	img, err := desc.Image()
 	if err != nil {
-		return nil, errors.Wrapf(err, "failed to pull image: %s", image)
+		ix, err := remote.Index(ref, WithAuth(username, password))
+		if err != nil {
+			return nil, errors.Wrapf(err, "failed to pull index: %s", image)
+		}
+		manifest, err := ix.IndexManifest()
+		imageRef, err := name.ParseReference(fmt.Sprintf("%s@%s", ref.Name(), manifest.Manifests[0].Digest.String()))
+		img, err = remote.Image(imageRef, WithAuth(username, password))
+		if err != nil {
+			return nil, errors.Wrapf(err, "failed to pull image: %s", image)
+		}
 	}
 	var digest string
 	tags := make([]string, 0)
@@ -325,7 +334,14 @@ func SaveImage(image string, cli command.Cli) (*ImageCache, error) {
 	}, nil
 }
 
-func withAuth() remote.Option {
+func WithAuth(username string, password string) remote.Option {
+	// check passed username and password
+	if username != "" && password != "" {
+		return remote.WithAuth(&authn.Basic{
+			Username: username,
+			Password: password,
+		})
+	}
 	// check registry token env var
 	if token, ok := os.LookupEnv("ATOMIST_REGISTRY_TOKEN"); ok {
 		return remote.WithAuth(&authn.Bearer{Token: token})

sbom/diff.go

@@ -32,8 +32,8 @@ func DiffImages(image1 string, image2 string, cli command.Cli, workspace string,
 	resultChan := make(chan ImageIndexResult, 2)
 	var wg sync.WaitGroup
 	wg.Add(2)
-	go indexImageAsync(&wg, image1, cli, resultChan)
-	go indexImageAsync(&wg, image2, cli, resultChan)
+	go indexImageAsync(&wg, image1, IndexOptions{Cli: cli}, resultChan)
+	go indexImageAsync(&wg, image2, IndexOptions{Cli: cli}, resultChan)
 	wg.Wait()
 	close(resultChan)
 

sbom/index.go

@@ -42,14 +42,14 @@ type ImageIndexResult struct {
 	Error error
 }
 
-func indexImageAsync(wg *sync.WaitGroup, image string, cli command.Cli, resultChan chan<- ImageIndexResult) {
+func indexImageAsync(wg *sync.WaitGroup, image string, options IndexOptions, resultChan chan<- ImageIndexResult) {
 	defer wg.Done()
 	var (
 		sbom *types.Sbom
 		cves *types.VulnerabilitiesByPurls
 		err  error
 	)
-	sbom, err = IndexImage(image, cli)
+	sbom, err = IndexImage(image, options)
 	if err == nil {
 		cves, err = query.ForVulnerabilitiesInGraphQL(sbom)
 		if err == nil {
@@ -63,6 +63,13 @@ func indexImageAsync(wg *sync.WaitGroup, image string, cli command.Cli, resultCh
 	}
 }
 
+type IndexOptions struct {
+	Username string
+	Password string
+
+	Cli command.Cli
+}
+
 func IndexPath(path string, name string, cli command.Cli) (*types.Sbom, error) {
 	cache, err := registry.ReadImage(name, path)
 	if err != nil {
@@ -71,19 +78,19 @@ func IndexPath(path string, name string, cli command.Cli) (*types.Sbom, error) {
 	return indexImage(cache, cli)
 }
 
-func IndexImage(image string, cli command.Cli) (*types.Sbom, error) {
+func IndexImage(image string, options IndexOptions) (*types.Sbom, error) {
 	if strings.HasPrefix(image, "sha256:") {
-		configFilePath := cli.ConfigFile().Filename
+		configFilePath := options.Cli.ConfigFile().Filename
 		sbomFilePath := filepath.Join(filepath.Dir(configFilePath), "sbom", "sha256", image[7:], "sbom.json")
 		if sbom := cachedSbom(sbomFilePath); sbom != nil {
 			return sbom, nil
 		}
 	}
-	cache, err := registry.SaveImage(image, cli)
+	cache, err := registry.SaveImage(image, options.Username, options.Password, options.Cli)
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to copy image")
 	}
-	return indexImage(cache, cli)
+	return indexImage(cache, options.Cli)
 }
 
 func indexImage(cache *registry.ImageCache, cli command.Cli) (*types.Sbom, error) {

sbom/monitor.go

@@ -45,7 +45,7 @@ func WatchImages(cli command.Cli) error {
 
 func indexImageWorker(cli command.Cli, indexJobs <-chan types.ImageSummary) {
 	for img := range indexJobs {
-		_, err := IndexImage(img.ID, cli)
+		_, err := IndexImage(img.ID, IndexOptions{Cli: cli})
 		if err != nil {
 			skill.Log.Warnf("Failed to index image %s", img.ID)
 			delete(imageCache, img.ID)

sbom/upload.go

@@ -38,7 +38,7 @@ import (
 type TransactionMaker = func() skill.Transaction
 
 // UploadSbom transact an image and its data into the data plane
-func UploadSbom(sb *types.Sbom, workspace string, apikey string) error {
+func Upload(sb *types.Sbom, workspace string, apikey string) error {
 	correlationId := uuid.NewString()
 	context := skill.RequestContext{
 		Event: skill.EventIncoming{
@@ -65,7 +65,7 @@ func UploadSbom(sb *types.Sbom, workspace string, apikey string) error {
 	return nil
 }
 
-func sendSbom(sb *types.Sbom, entities chan<- string) error {
+func Send(sb *types.Sbom, entities chan<- string) error {
 	correlationId := uuid.NewString()
 	context := skill.RequestContext{
 		Event: skill.EventIncoming{