diff options
author | Valerij Fredriksen <valerijf@oath.com> | 2018-03-01 09:33:53 +0100 |
---|---|---|
committer | Valerij Fredriksen <valerijf@oath.com> | 2018-03-01 12:38:42 +0100 |
commit | 54e05b2bf1dd64229a9233fdef87fe3b7fe7ba5b (patch) | |
tree | 4cbf3de0ca5535cef305c0810055347a52e74902 /docker-api/src | |
parent | df358608e3b15b12e49ebb93eef8b990b0700d87 (diff) |
Set AuthConfig for image pull if credentials supplier is set
Diffstat (limited to 'docker-api/src')
4 files changed, 61 insertions, 1 deletions
diff --git a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/Docker.java b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/Docker.java index 331779fb81c..2039d0adfc9 100644 --- a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/Docker.java +++ b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/Docker.java @@ -115,4 +115,10 @@ public interface Docker { ProcessResult executeInContainerAsRoot(ContainerName containerName, Long timeoutSeconds, String... command); String getGlobalIPv6Address(ContainerName name); + + /** + * If set, the supplier will we called every time before a pull/push request is made to get the credentials + */ + void setDockerRegistryCredentialsSupplier(DockerRegistryCredentialsSupplier dockerRegistryCredentialsSupplier); + } diff --git a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java index 5facbc7104e..f6588512e2d 100644 --- a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java +++ b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java @@ -8,9 +8,11 @@ import com.github.dockerjava.api.command.InspectContainerCmd; import com.github.dockerjava.api.command.InspectContainerResponse; import com.github.dockerjava.api.command.InspectExecResponse; import com.github.dockerjava.api.command.InspectImageResponse; +import com.github.dockerjava.api.command.PullImageCmd; import com.github.dockerjava.api.exception.DockerClientException; import com.github.dockerjava.api.exception.NotFoundException; import com.github.dockerjava.api.exception.NotModifiedException; +import com.github.dockerjava.api.model.AuthConfig; import com.github.dockerjava.api.model.Image; import com.github.dockerjava.api.model.Network; import com.github.dockerjava.api.model.Statistics; @@ -67,6 +69,8 @@ public class DockerImpl implements Docker { @GuardedBy("monitor") private final Set<DockerImage> scheduledPulls = new HashSet<>(); + private volatile Optional<DockerRegistryCredentialsSupplier> dockerRegistryCredentialsSupplier = Optional.empty(); + private DockerClient dockerClient; @Inject @@ -150,7 +154,17 @@ public class DockerImpl implements Docker { if (imageIsDownloaded(image)) return false; scheduledPulls.add(image); - dockerClient.pullImageCmd(image.asString()).exec(new ImagePullCallback(image)); + PullImageCmd pullImageCmd = dockerClient.pullImageCmd(image.asString()); + + dockerRegistryCredentialsSupplier + .flatMap(credentialsSupplier -> credentialsSupplier.getCredentials(image)) + .map(credentials -> new AuthConfig() + .withRegistryAddress(credentials.registry.toString()) + .withUsername(credentials.username) + .withPassword(credentials.password)) + .ifPresent(pullImageCmd::withAuthConfig); + + pullImageCmd.exec(new ImagePullCallback(image)); return true; } } catch (RuntimeException e) { @@ -364,6 +378,11 @@ public class DockerImpl implements Docker { return cmd.exec().getNetworkSettings().getGlobalIPv6Address(); } + @Override + public void setDockerRegistryCredentialsSupplier(DockerRegistryCredentialsSupplier dockerRegistryCredentialsSupplier) { + this.dockerRegistryCredentialsSupplier = Optional.of(dockerRegistryCredentialsSupplier); + } + private Stream<Container> asContainer(String container) { return inspectContainerCmd(container) .map(response -> diff --git a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerRegistryCredentials.java b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerRegistryCredentials.java new file mode 100644 index 00000000000..c9603e9e53a --- /dev/null +++ b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerRegistryCredentials.java @@ -0,0 +1,19 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.dockerapi; + +import java.net.URI; + +/** + * @author freva + */ +public class DockerRegistryCredentials { + public final URI registry; + public final String username; + public final String password; + + public DockerRegistryCredentials(URI registry, String username, String password) { + this.registry = registry; + this.username = username; + this.password = password; + } +} diff --git a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerRegistryCredentialsSupplier.java b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerRegistryCredentialsSupplier.java new file mode 100644 index 00000000000..6f16a6cd545 --- /dev/null +++ b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerRegistryCredentialsSupplier.java @@ -0,0 +1,16 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.dockerapi; + +import java.util.Optional; + +/** + * @author freva + */ +public interface DockerRegistryCredentialsSupplier { + + /** + * Returns credentials to docker registry needed to be able to pull/push given + * docker image. + */ + Optional<DockerRegistryCredentials> getCredentials(DockerImage dockerImage); +} |