feat(registry): Add ProGet registry type EE-703 (#5196)

* intermediate commit * feat(registry): backport ProGet registry to CE (#954) * backport EE changes * label updates and remove auth-toggle Co-authored-by: Dennis Buduev <dennis.buduev@portainer.io>
2025-07-24 15:59:41 +02:00 · 2021-07-01 14:57:15 +12:00 · 2021-07-01 14:57:15 +12:00 · 90a472c08b
commit 90a472c08b
parent 8b80eb1731
14 changed files with 405 additions and 36 deletions
--- a/api/http/handler/registries/handler.go
+++ b/api/http/handler/registries/handler.go
@ -5,7 +5,7 @@ import (

 	"github.com/gorilla/mux"
 	httperror "github.com/portainer/libhttp/error"
-	"github.com/portainer/portainer/api"
+	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/http/proxy"
 	"github.com/portainer/portainer/api/http/security"
 )
@ -18,19 +18,28 @@ func hideFields(registry *portainer.Registry) {
 // Handler is the HTTP handler used to handle registry operations.
 type Handler struct {
 	*mux.Router
-	requestBouncer *security.RequestBouncer
-	DataStore      portainer.DataStore
-	FileService    portainer.FileService
-	ProxyManager   *proxy.Manager
+	requestBouncer       *security.RequestBouncer
+	DataStore         portainer.DataStore
+	FileService       portainer.FileService
+	ProxyManager      *proxy.Manager
 }

 // NewHandler creates a handler to manage registry operations.
 func NewHandler(bouncer *security.RequestBouncer) *Handler {
-	h := &Handler{
-		Router:         mux.NewRouter(),
-		requestBouncer: bouncer,
-	}
+	h := newHandler(bouncer)
+	h.initRouter(bouncer)

+	return h
+}
+
+func newHandler(bouncer *security.RequestBouncer) *Handler {
+	return &Handler{
+		Router:               mux.NewRouter(),
+		requestBouncer:       bouncer,
+	}
+}
+
+func (h *Handler) initRouter(bouncer accessGuard) {
 	h.Handle("/registries",
 		bouncer.AdminAccess(httperror.LoggerHandler(h.registryCreate))).Methods(http.MethodPost)
 	h.Handle("/registries",
@ -45,5 +54,10 @@ func NewHandler(bouncer *security.RequestBouncer) *Handler {
 		bouncer.AdminAccess(httperror.LoggerHandler(h.registryDelete))).Methods(http.MethodDelete)
 	h.PathPrefix("/registries/proxies/gitlab").Handler(
 		bouncer.AdminAccess(httperror.LoggerHandler(h.proxyRequestsToGitlabAPIWithoutRegistry)))
-	return h
 }
+
+type accessGuard interface {
+	AdminAccess(h http.Handler) http.Handler
+	RestrictedAccess(h http.Handler) http.Handler
+	AuthenticatedAccess(h http.Handler) http.Handler
+}
--- a/api/http/handler/registries/registry_create.go
+++ b/api/http/handler/registries/registry_create.go
@ -2,6 +2,7 @@ package registries

 import (
 	"errors"
+	"fmt"
 	"net/http"

 	"github.com/asaskevich/govalidator"
@ -14,10 +15,12 @@ import (
 type registryCreatePayload struct {
 	// Name that will be used to identify this registry
 	Name string `example:"my-registry" validate:"required"`
-	// Registry Type. Valid values are: 1 (Quay.io), 2 (Azure container registry), 3 (custom registry) or 4 (Gitlab registry)
-	Type portainer.RegistryType `example:"1" validate:"required" enums:"1,2,3,4"`
+	// Registry Type. Valid values are: 1 (Quay.io), 2 (Azure container registry), 3 (custom registry), 4 (Gitlab registry) or 5 (ProGet registry)
+	Type portainer.RegistryType `example:"1" validate:"required" enums:"1,2,3,4,5"`
 	// URL or IP address of the Docker registry
-	URL string `example:"registry.mydomain.tld:2375" validate:"required"`
+	URL string `example:"registry.mydomain.tld:2375/feed" validate:"required"`
+	// BaseURL required for ProGet registry
+	BaseURL string `example:"registry.mydomain.tld:2375"`
 	// Is authentication against this registry enabled
 	Authentication bool `example:"false" validate:"required"`
 	// Username used to authenticate against this registry. Required when Authentication is true
@ -30,7 +33,7 @@ type registryCreatePayload struct {
 	Quay portainer.QuayRegistryData
 }

-func (payload *registryCreatePayload) Validate(r *http.Request) error {
+func (payload *registryCreatePayload) Validate(_ *http.Request) error {
 	if govalidator.IsNull(payload.Name) {
 		return errors.New("Invalid registry name")
 	}
@ -40,9 +43,17 @@ func (payload *registryCreatePayload) Validate(r *http.Request) error {
 	if payload.Authentication && (govalidator.IsNull(payload.Username) || govalidator.IsNull(payload.Password)) {
 		return errors.New("Invalid credentials. Username and password must be specified when authentication is enabled")
 	}
-	if payload.Type != portainer.QuayRegistry && payload.Type != portainer.AzureRegistry && payload.Type != portainer.CustomRegistry && payload.Type != portainer.GitlabRegistry {
-		return errors.New("Invalid registry type. Valid values are: 1 (Quay.io), 2 (Azure container registry), 3 (custom registry) or 4 (Gitlab registry)")
+
+	switch payload.Type {
+	case portainer.QuayRegistry, portainer.AzureRegistry, portainer.CustomRegistry, portainer.GitlabRegistry, portainer.ProGetRegistry:
+	default:
+		return errors.New("invalid registry type. Valid values are: 1 (Quay.io), 2 (Azure container registry), 3 (custom registry), 4 (Gitlab registry) or 5 (ProGet registry)")
 	}
+
+	if payload.Type == portainer.ProGetRegistry && payload.BaseURL == "" {
+		return fmt.Errorf("BaseURL is required for registry type %d (ProGet)", portainer.ProGetRegistry)
+	}
+
 	return nil
 }

@ -70,6 +81,7 @@ func (handler *Handler) registryCreate(w http.ResponseWriter, r *http.Request) *
 		Type:               portainer.RegistryType(payload.Type),
 		Name:               payload.Name,
 		URL:                payload.URL,
+		BaseURL:            payload.BaseURL,
 		Authentication:     payload.Authentication,
 		Username:           payload.Username,
 		Password:           payload.Password,
--- a/api/http/handler/registries/registry_create_test.go
+++ b/api/http/handler/registries/registry_create_test.go
@ -0,0 +1,104 @@
+package registries
+
+import (
+	"bytes"
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	portainer "github.com/portainer/portainer/api"
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_registryCreatePayload_Validate(t *testing.T) {
+	basePayload := registryCreatePayload{Name: "Test registry", URL: "http://example.com"}
+	t.Run("Can't create a ProGet registry if BaseURL is empty", func(t *testing.T) {
+		payload := basePayload
+		payload.Type = portainer.ProGetRegistry
+		err := payload.Validate(nil)
+		assert.Error(t, err)
+	})
+	t.Run("Can create a GitLab registry if BaseURL is empty", func(t *testing.T) {
+		payload := basePayload
+		payload.Type = portainer.GitlabRegistry
+		err := payload.Validate(nil)
+		assert.NoError(t, err)
+	})
+	t.Run("Can create a ProGet registry if BaseURL is not empty", func(t *testing.T) {
+		payload := basePayload
+		payload.Type = portainer.ProGetRegistry
+		payload.BaseURL = "http://example.com"
+		err := payload.Validate(nil)
+		assert.NoError(t, err)
+	})
+}
+
+type testRegistryService struct {
+	portainer.RegistryService
+	createRegistry func(r *portainer.Registry) error
+	updateRegistry func(ID portainer.RegistryID, r *portainer.Registry) error
+	getRegistry    func(ID portainer.RegistryID) (*portainer.Registry, error)
+}
+
+type testDataStore struct {
+	portainer.DataStore
+	registry *testRegistryService
+}
+
+func (t testDataStore) Registry() portainer.RegistryService {
+	return t.registry
+}
+
+func (t testRegistryService) CreateRegistry(r *portainer.Registry) error {
+	return t.createRegistry(r)
+}
+
+func (t testRegistryService) UpdateRegistry(ID portainer.RegistryID, r *portainer.Registry) error {
+	return t.updateRegistry(ID, r)
+}
+
+func (t testRegistryService) Registry(ID portainer.RegistryID) (*portainer.Registry, error) {
+	return t.getRegistry(ID)
+}
+
+func (t testRegistryService) Registries() ([]portainer.Registry, error) {
+	return nil, nil
+}
+
+func TestHandler_registryCreate(t *testing.T) {
+	payload := registryCreatePayload{
+		Name:           "Test registry",
+		Type:           portainer.ProGetRegistry,
+		URL:            "http://example.com",
+		BaseURL:        "http://example.com",
+		Authentication: false,
+		Username:       "username",
+		Password:       "password",
+		Gitlab:         portainer.GitlabRegistryData{},
+	}
+	payloadBytes, err := json.Marshal(payload)
+	assert.NoError(t, err)
+	r := httptest.NewRequest(http.MethodPost, "/", bytes.NewReader(payloadBytes))
+	w := httptest.NewRecorder()
+
+	registry := portainer.Registry{}
+	handler := Handler{}
+	handler.DataStore = testDataStore{
+		registry: &testRegistryService{
+			createRegistry: func(r *portainer.Registry) error {
+				registry = *r
+				return nil
+			},
+		},
+	}
+	handlerError := handler.registryCreate(w, r)
+	assert.Nil(t, handlerError)
+	assert.Equal(t, payload.Name, registry.Name)
+	assert.Equal(t, payload.Type, registry.Type)
+	assert.Equal(t, payload.URL, registry.URL)
+	assert.Equal(t, payload.BaseURL, registry.BaseURL)
+	assert.Equal(t, payload.Authentication, registry.Authentication)
+	assert.Equal(t, payload.Username, registry.Username)
+	assert.Equal(t, payload.Password, registry.Password)
+}
--- a/api/http/handler/registries/registry_update.go
+++ b/api/http/handler/registries/registry_update.go
@ -12,18 +12,14 @@ import (
 )

 type registryUpdatePayload struct {
-	// Name that will be used to identify this registry
-	Name *string `validate:"required" example:"my-registry"`
-	// URL or IP address of the Docker registry
-	URL *string `validate:"required" example:"registry.mydomain.tld:2375"`
-	// Is authentication against this registry enabled
-	Authentication *bool `example:"false" validate:"required"`
-	// Username used to authenticate against this registry. Required when Authentication is true
-	Username *string `example:"registry_user"`
-	// Password used to authenticate against this registry. required when Authentication is true
-	Password           *string `example:"registry_password"`
-	UserAccessPolicies portainer.UserAccessPolicies
-	TeamAccessPolicies portainer.TeamAccessPolicies
+	Name               *string                      `json:",omitempty" example:"my-registry" validate:"required"`
+	URL                *string                      `json:",omitempty" example:"registry.mydomain.tld:2375/feed" validate:"required"`
+	BaseURL            *string                      `json:",omitempty" example:"registry.mydomain.tld:2375"`
+	Authentication     *bool                        `json:",omitempty" example:"false" validate:"required"`
+	Username           *string                      `json:",omitempty" example:"registry_user"`
+	Password           *string                      `json:",omitempty" example:"registry_password"`
+	UserAccessPolicies portainer.UserAccessPolicies `json:",omitempty"`
+	TeamAccessPolicies portainer.TeamAccessPolicies `json:",omitempty"`
 	Quay               *portainer.QuayRegistryData
 }

@ -84,6 +80,10 @@ func (handler *Handler) registryUpdate(w http.ResponseWriter, r *http.Request) *
 		registry.URL = *payload.URL
 	}

+	if registry.Type == portainer.ProGetRegistry && payload.BaseURL != nil {
+		registry.BaseURL = *payload.BaseURL
+	}
+
 	if payload.Authentication != nil {
 		if *payload.Authentication {
 			registry.Authentication = true
--- a/api/http/handler/registries/registry_update_test.go
+++ b/api/http/handler/registries/registry_update_test.go
@ -0,0 +1,79 @@
+package registries
+
+import (
+	"bytes"
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	portainer "github.com/portainer/portainer/api"
+	"github.com/stretchr/testify/assert"
+)
+
+func ps(s string) *string {
+	return &s
+}
+
+func pb(b bool) *bool {
+	return &b
+}
+
+type TestBouncer struct{}
+
+func (t TestBouncer) AdminAccess(h http.Handler) http.Handler {
+	return h
+}
+
+func (t TestBouncer) RestrictedAccess(h http.Handler) http.Handler {
+	return h
+}
+
+func (t TestBouncer) AuthenticatedAccess(h http.Handler) http.Handler {
+	return h
+}
+
+func TestHandler_registryUpdate(t *testing.T) {
+	payload := registryUpdatePayload{
+		Name:           ps("Updated test registry"),
+		URL:            ps("http://example.org/feed"),
+		BaseURL:        ps("http://example.org"),
+		Authentication: pb(true),
+		Username:       ps("username"),
+		Password:       ps("password"),
+	}
+	payloadBytes, err := json.Marshal(payload)
+	assert.NoError(t, err)
+	registry := portainer.Registry{Type: portainer.ProGetRegistry, ID: 5}
+	r := httptest.NewRequest(http.MethodPut, "/registries/5", bytes.NewReader(payloadBytes))
+	w := httptest.NewRecorder()
+
+	updatedRegistry := portainer.Registry{}
+	handler := newHandler(nil)
+	handler.initRouter(TestBouncer{})
+	handler.DataStore = testDataStore{
+		registry: &testRegistryService{
+			getRegistry: func(_ portainer.RegistryID) (*portainer.Registry, error) {
+				return &registry, nil
+			},
+			updateRegistry: func(ID portainer.RegistryID, r *portainer.Registry) error {
+				assert.Equal(t, ID, r.ID)
+				updatedRegistry = *r
+				return nil
+			},
+		},
+	}
+
+	handler.Router.ServeHTTP(w, r)
+	assert.Equal(t, http.StatusOK, w.Code)
+	// Registry type should remain intact
+	assert.Equal(t, registry.Type, updatedRegistry.Type)
+
+	assert.Equal(t, *payload.Name, updatedRegistry.Name)
+	assert.Equal(t, *payload.URL, updatedRegistry.URL)
+	assert.Equal(t, *payload.BaseURL, updatedRegistry.BaseURL)
+	assert.Equal(t, *payload.Authentication, updatedRegistry.Authentication)
+	assert.Equal(t, *payload.Username, updatedRegistry.Username)
+	assert.Equal(t, *payload.Password, updatedRegistry.Password)
+
+}