add docker authorization for docker operations

cmd/release/cmd/generate.go

@@ -30,6 +30,8 @@ var (
 	ignoreImages                        []string
 	checkImages                         []string
 	registry                            string
+	username                            string
+	password                            string
 	rancherMissingImagesJSONOutput      bool
 	rke2PrevMilestone                   string
 	rke2Milestone                       string
@@ -140,7 +142,7 @@ var rancherGenerateMissingImagesListSubCmd = &cobra.Command{
 		if len(checkImages) == 0 && imagesListURL == "" {
 			return errors.New("either --images-list-url or --check-images must be provided")
 		}
-		missingImages, err := rancher.GenerateMissingImagesList(imagesListURL, registry, concurrencyLimit, checkImages, ignoreImages, verbose)
+		missingImages, err := rancher.GenerateMissingImagesList(imagesListURL, registry, username, password, concurrencyLimit, checkImages, ignoreImages, verbose)
 		if err != nil {
 			return err
 		}
@@ -163,7 +165,7 @@ var rancherGenerateDockerImagesDigestsSubCmd = &cobra.Command{
 	Use:   "docker-images-digests",
 	Short: "Generate a file with images digests from an images list",
 	RunE: func(cmd *cobra.Command, args []string) error {
-		return rancher.GenerateDockerImageDigests(rancherImagesDigestsOutputFile, rancherImagesDigestsImagesURL, rancherImagesDigestsRegistry, verbose)
+		return rancher.GenerateDockerImageDigests(rancherImagesDigestsOutputFile, rancherImagesDigestsImagesURL, rancherImagesDigestsRegistry, username, password, verbose)
 	},
 }
 
@@ -303,9 +305,13 @@ func init() {
 	rancherGenerateMissingImagesListSubCmd.Flags().StringSliceVarP(&ignoreImages, "ignore-images", "g", make([]string, 0), "Images to ignore when checking for missing images without the version. e.g: rancher/rancher")
 	rancherGenerateMissingImagesListSubCmd.Flags().StringSliceVarP(&checkImages, "check-images", "k", make([]string, 0), "Images to check for when checking for missing images with the version. e.g: rancher/rancher-agent:v2.9.0")
 	rancherGenerateMissingImagesListSubCmd.Flags().StringVarP(&registry, "registry", "r", "registry.rancher.com", "Registry where the images should be located at")
+	rancherGenerateMissingImagesListSubCmd.Flags().StringVarP(&username, "username", "u", "", "Docker registry username")
+	rancherGenerateMissingImagesListSubCmd.Flags().StringVarP(&password, "password", "p", "", "Docker registry password")
 
 	// rancher generate docker-images-digests
 	rancherGenerateDockerImagesDigestsSubCmd.Flags().StringVarP(&rancherImagesDigestsOutputFile, "output-file", "o", "", "Output file with images digests")
+	rancherGenerateDockerImagesDigestsSubCmd.Flags().StringVarP(&username, "username", "u", "", "Docker registry username")
+	rancherGenerateDockerImagesDigestsSubCmd.Flags().StringVarP(&password, "password", "p", "", "Docker registry password")
 	if err := rancherGenerateDockerImagesDigestsSubCmd.MarkFlagRequired("output-file"); err != nil {
 		fmt.Println(err.Error())
 		os.Exit(1)

release/rancher/rancher.go

@@ -435,7 +435,7 @@ func formatContentLine(line string) string {
 	return strings.TrimSpace(line)
 }
 
-func GenerateMissingImagesList(imagesListURL, registry string, concurrencyLimit int, checkImages, ignoreImages []string, verbose bool) ([]string, error) {
+func GenerateMissingImagesList(imagesListURL, registry, username, password string, concurrencyLimit int, checkImages, ignoreImages []string, verbose bool) ([]string, error) {
 	if len(checkImages) == 0 {
 		if imagesListURL == "" {
 			return nil, errors.New("if no images are provided, an images list URL must be provided")
@@ -479,7 +479,7 @@ func GenerateMissingImagesList(imagesListURL, registry string, concurrencyLimit
 			continue
 		}
 
-		func(ctx context.Context, missingImagesChan chan string, image, imageVersion string, repositoryAuths map[string]string, mu *sync.RWMutex) {
+		func(ctx context.Context, missingImagesChan chan string, image, imageVersion, username, password string, repositoryAuths map[string]string, mu *sync.RWMutex) {
 			errGroup.Go(func() error {
 				// if any other check failed, stop running to prevent wasting resources
 				// this doesn't include 404's since it is expected it does include any other errors
@@ -495,7 +495,7 @@ func GenerateMissingImagesList(imagesListURL, registry string, concurrencyLimit
 
 					auth, ok = repositoryAuths[image]
 					if !ok {
-						auth, err = registryAuth(rgInfo.AuthURL, rgInfo.Service, image)
+						auth, err = registryAuth(rgInfo.AuthURL, rgInfo.Service, image, username, password)
 						if err != nil {
 							cancel()
 							return err
@@ -517,7 +517,7 @@ func GenerateMissingImagesList(imagesListURL, registry string, concurrencyLimit
 					return nil
 				}
 			})
-		}(ctx, missingImagesChan, image, imageVersion, repositoryAuths, &mu)
+		}(ctx, missingImagesChan, image, imageVersion, username, password, repositoryAuths, &mu)
 
 	}
 	if err := errGroup.Wait(); err != nil {
@@ -632,15 +632,15 @@ func validateRepoImage(repoImage string) error {
 	return nil
 }
 
-func GenerateDockerImageDigests(outputFile, imagesFileURL, registry string, verbose bool) error {
-	imagesDigests, err := dockerImagesDigests(imagesFileURL, registry)
+func GenerateDockerImageDigests(outputFile, imagesFileURL, registry, username, password string, verbose bool) error {
+	imagesDigests, err := dockerImagesDigests(imagesFileURL, registry, username, password)
 	if err != nil {
 		return err
 	}
 	return createAssetFile(outputFile, imagesDigests)
 }
 
-func dockerImagesDigests(imagesFileURL, registry string) (imageDigest, error) {
+func dockerImagesDigests(imagesFileURL, registry, username, password string) (imageDigest, error) {
 	imagesList, err := artifactImageList(imagesFileURL, registry)
 	if err != nil {
 		return nil, err
@@ -652,7 +652,7 @@ func dockerImagesDigests(imagesFileURL, registry string) (imageDigest, error) {
 	}
 
 	imagesDigests := make(imageDigest)
-	var repositoryAuths = make(map[string]string)
+	repositoryAuths := make(map[string]string)
 
 	for _, imageAndVersion := range imagesList {
 		if imageAndVersion == "" || imageAndVersion == " " {
@@ -666,7 +666,7 @@ func dockerImagesDigests(imagesFileURL, registry string) (imageDigest, error) {
 		imageVersion := splitImage[1]
 
 		if _, ok := repositoryAuths[image]; !ok {
-			auth, err := registryAuth(rgInfo.AuthURL, rgInfo.Service, image)
+			auth, err := registryAuth(rgInfo.AuthURL, rgInfo.Service, image, username, password)
 			if err != nil {
 				return nil, err
 			}
@@ -804,19 +804,25 @@ func checkIfImageExists(registryBaseURL, img, imgVersion, auth string) (bool, er
 	return true, nil
 }
 
-func registryAuth(authURL, service, image string) (string, error) {
+func registryAuth(authURL, service, image, username, password string) (string, error) {
 	httpClient := ecmHTTP.NewClient(time.Second * 15)
 	scope := "repository:" + image + ":pull"
 	url := authURL + "?scope=" + scope + "&service=" + service
-	res, err := httpClient.Get(url)
+	req, err := http.NewRequest(http.MethodGet, url, nil)
+	if err != nil {
+		return "", err
+	}
+	if len(username) > 1 && len(password) > 1 {
+		req.SetBasicAuth(username, password)
+	}
+	res, err := httpClient.Do(req)
 	if err != nil {
 		return "", err
 	}
-	defer res.Body.Close()
-
 	if res.StatusCode != http.StatusOK {
 		return "", errors.New("expected status code to be 200, got: " + strconv.Itoa(res.StatusCode))
 	}
+	defer res.Body.Close()
 
 	var auth registryAuthToken
 	if err := json.NewDecoder(res.Body).Decode(&auth); err != nil {