diff options
author | Martin Polden <mpolden@mpolden.no> | 2020-10-23 11:21:27 +0200 |
---|---|---|
committer | Martin Polden <mpolden@mpolden.no> | 2020-10-26 11:10:27 +0100 |
commit | 95dbd3f6d126e87fc22f90eab6980eb67d6e5ac5 (patch) | |
tree | bb19a541c1b6bed9b07407d73d641b57759e7a41 /docker-api | |
parent | 24fe152948851e1f11c63e86b96a78db91343a61 (diff) |
Add support for registry credentials in container engine
Diffstat (limited to 'docker-api')
4 files changed, 74 insertions, 9 deletions
diff --git a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/ContainerEngine.java b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/ContainerEngine.java index 984e1261d63..cd5f208e9e0 100644 --- a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/ContainerEngine.java +++ b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/ContainerEngine.java @@ -79,7 +79,7 @@ public interface ContainerEngine { * @param image Docker image to pull * @return true iff image being pulled, false otherwise */ - boolean pullImageAsyncIfNeeded(DockerImage image); + boolean pullImageAsyncIfNeeded(DockerImage image, RegistryCredentials registryCredentials); boolean noManagedContainersRunning(String manager); diff --git a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerEngine.java b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerEngine.java index 0322059745d..7d63c66131d 100644 --- a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerEngine.java +++ b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerEngine.java @@ -10,6 +10,7 @@ import com.github.dockerjava.api.command.UpdateContainerCmd; import com.github.dockerjava.api.exception.DockerClientException; import com.github.dockerjava.api.exception.NotFoundException; import com.github.dockerjava.api.exception.NotModifiedException; +import com.github.dockerjava.api.model.AuthConfig; import com.github.dockerjava.api.model.HostConfig; import com.github.dockerjava.api.model.Image; import com.github.dockerjava.api.model.Statistics; @@ -72,7 +73,7 @@ public class DockerEngine implements ContainerEngine { } @Override - public boolean pullImageAsyncIfNeeded(DockerImage image) { + public boolean pullImageAsyncIfNeeded(DockerImage image, RegistryCredentials registryCredentials) { try { synchronized (monitor) { if (scheduledPulls.contains(image)) return true; @@ -81,7 +82,14 @@ public class DockerEngine implements ContainerEngine { scheduledPulls.add(image); logger.log(Level.INFO, "Starting download of " + image.asString()); - + if (!registryCredentials.equals(RegistryCredentials.none)) { + AuthConfig authConfig = new AuthConfig().withUsername(registryCredentials.username()) + .withPassword(registryCredentials.password()) + .withRegistryAddress(registryCredentials.registryAddress()); + dockerClient.authCmd() + .withAuthConfig(authConfig) + .exec(); + } dockerClient.pullImageCmd(image.asString()).exec(new ImagePullCallback(image)); return true; } diff --git a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/RegistryCredentials.java b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/RegistryCredentials.java new file mode 100644 index 00000000000..39a000a633f --- /dev/null +++ b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/RegistryCredentials.java @@ -0,0 +1,57 @@ +// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.dockerapi; + +import java.util.Objects; + +/** + * Credentials for a container registry server. + * + * @author mpolden + */ +public class RegistryCredentials { + + public static final RegistryCredentials none = new RegistryCredentials("", "", ""); + + private final String username; + private final String password; + private final String registryAddress; + + public RegistryCredentials(String username, String password, String registryAddress) { + this.username = Objects.requireNonNull(username); + this.password = Objects.requireNonNull(password); + this.registryAddress = Objects.requireNonNull(registryAddress); + } + + public String username() { + return username; + } + + public String password() { + return password; + } + + public String registryAddress() { + return registryAddress; + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + RegistryCredentials that = (RegistryCredentials) o; + return username.equals(that.username) && + password.equals(that.password) && + registryAddress.equals(that.registryAddress); + } + + @Override + public int hashCode() { + return Objects.hash(username, password, registryAddress); + } + + @Override + public String toString() { + return "registry credentials for " + registryAddress + " [username=" + username + ",password=" + password + "]"; + } + +} diff --git a/docker-api/src/test/java/com/yahoo/vespa/hosted/dockerapi/DockerEngineTest.java b/docker-api/src/test/java/com/yahoo/vespa/hosted/dockerapi/DockerEngineTest.java index 792955ed130..69055e6402c 100644 --- a/docker-api/src/test/java/com/yahoo/vespa/hosted/dockerapi/DockerEngineTest.java +++ b/docker-api/src/test/java/com/yahoo/vespa/hosted/dockerapi/DockerEngineTest.java @@ -93,12 +93,12 @@ public class DockerEngineTest { when(dockerClient.inspectImageCmd(image.asString())).thenReturn(imageInspectCmd); when(dockerClient.pullImageCmd(eq(image.asString()))).thenReturn(pullImageCmd); - assertTrue("Should return true, we just scheduled the pull", docker.pullImageAsyncIfNeeded(image)); - assertTrue("Should return true, the pull i still ongoing", docker.pullImageAsyncIfNeeded(image)); + assertTrue("Should return true, we just scheduled the pull", docker.pullImageAsyncIfNeeded(image, RegistryCredentials.none)); + assertTrue("Should return true, the pull i still ongoing", docker.pullImageAsyncIfNeeded(image, RegistryCredentials.none)); assertTrue(docker.imageIsDownloaded(image)); resultCallback.getValue().onComplete(); - assertFalse(docker.pullImageAsyncIfNeeded(image)); + assertFalse(docker.pullImageAsyncIfNeeded(image, RegistryCredentials.none)); } @Test @@ -117,15 +117,15 @@ public class DockerEngineTest { when(dockerClient.inspectImageCmd(image.asString())).thenReturn(imageInspectCmd); when(dockerClient.pullImageCmd(eq(image.asString()))).thenReturn(pullImageCmd); - assertTrue("Should return true, we just scheduled the pull", docker.pullImageAsyncIfNeeded(image)); - assertTrue("Should return true, the pull i still ongoing", docker.pullImageAsyncIfNeeded(image)); + assertTrue("Should return true, we just scheduled the pull", docker.pullImageAsyncIfNeeded(image, RegistryCredentials.none)); + assertTrue("Should return true, the pull i still ongoing", docker.pullImageAsyncIfNeeded(image, RegistryCredentials.none)); try { resultCallback.getValue().onComplete(); } catch (Exception ignored) { } assertFalse(docker.imageIsDownloaded(image)); - assertTrue("Should return true, new pull scheduled", docker.pullImageAsyncIfNeeded(image)); + assertTrue("Should return true, new pull scheduled", docker.pullImageAsyncIfNeeded(image, RegistryCredentials.none)); } } |