Problem

I need to use rules_minidock with a registry where the service returned in the authentication challenge is not the registry base name, but rather a logical service name "Authentication". The header returned by the registry is like:

www-authenticate: Bearer realm="https://registry.example.com/auth/token/",service="Authentication"

I want to provide an authentication helper script to respond to this challenge, but it's never picked up by puller_app, etc. because the current logic always does matching based on the bearer service; so I believe there's an assumption here that service will be the registry base name (such as registry.example.com) but this is not necessarily true.

Solution

We maintain the current matching logic, but if no matching authentication helper is found based on service, we try to match based on the registry parameter sent to puller_app or pusher_app.

Note

Content here is exactly the same as #479 but looks like CI doesn't get triggered for forks, so had to recreate as a branch on the main repo.