Add support for registry credentials in container engine

4 files changed, 74 insertions, 9 deletions

diff --git a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/ContainerEngine.java b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/ContainerEngine.java
index 984e1261d63..cd5f208e9e0 100644
--- a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/ContainerEngine.java
+++ b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/ContainerEngine.java
@@ -79,7 +79,7 @@ public interface ContainerEngine {
      * @param image Docker image to pull
      * @return true iff image being pulled, false otherwise
      */
-    boolean pullImageAsyncIfNeeded(DockerImage image);
+    boolean pullImageAsyncIfNeeded(DockerImage image, RegistryCredentials registryCredentials);
 
     boolean noManagedContainersRunning(String manager);
 
diff --git a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerEngine.java b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerEngine.java
index 0322059745d..7d63c66131d 100644
--- a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerEngine.java
+++ b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerEngine.java
@@ -10,6 +10,7 @@ import com.github.dockerjava.api.command.UpdateContainerCmd;
 import com.github.dockerjava.api.exception.DockerClientException;
 import com.github.dockerjava.api.exception.NotFoundException;
 import com.github.dockerjava.api.exception.NotModifiedException;
+import com.github.dockerjava.api.model.AuthConfig;
 import com.github.dockerjava.api.model.HostConfig;
 import com.github.dockerjava.api.model.Image;
 import com.github.dockerjava.api.model.Statistics;
@@ -72,7 +73,7 @@ public class DockerEngine implements ContainerEngine {
     }
 
     @Override
-    public boolean pullImageAsyncIfNeeded(DockerImage image) {
+    public boolean pullImageAsyncIfNeeded(DockerImage image, RegistryCredentials registryCredentials) {
         try {
             synchronized (monitor) {
                 if (scheduledPulls.contains(image)) return true;
@@ -81,7 +82,14 @@ public class DockerEngine implements ContainerEngine {
                 scheduledPulls.add(image);
 
                 logger.log(Level.INFO, "Starting download of " + image.asString());
-
+                if (!registryCredentials.equals(RegistryCredentials.none)) {
+                    AuthConfig authConfig = new AuthConfig().withUsername(registryCredentials.username())
+                                                            .withPassword(registryCredentials.password())
+                                                            .withRegistryAddress(registryCredentials.registryAddress());
+                    dockerClient.authCmd()
+                                .withAuthConfig(authConfig)
+                                .exec();
+                }
                 dockerClient.pullImageCmd(image.asString()).exec(new ImagePullCallback(image));
                 return true;
             }
diff --git a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/RegistryCredentials.java b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/RegistryCredentials.java
new file mode 100644
index 00000000000..39a000a633f
--- /dev/null
+++ b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/RegistryCredentials.java
@@ -0,0 +1,57 @@
+// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.hosted.dockerapi;
+
+import java.util.Objects;
+
+/**
+ * Credentials for a container registry server.
+ *
+ * @author mpolden
+ */
+public class RegistryCredentials {
+
+    public static final RegistryCredentials none = new RegistryCredentials("", "", "");
+
+    private final String username;
+    private final String password;
+    private final String registryAddress;
+
+    public RegistryCredentials(String username, String password, String registryAddress) {
+        this.username = Objects.requireNonNull(username);
+        this.password = Objects.requireNonNull(password);
+        this.registryAddress = Objects.requireNonNull(registryAddress);
+    }
+
+    public String username() {
+        return username;
+    }
+
+    public String password() {
+        return password;
+    }
+
+    public String registryAddress() {
+        return registryAddress;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        RegistryCredentials that = (RegistryCredentials) o;
+        return username.equals(that.username) &&
+               password.equals(that.password) &&
+               registryAddress.equals(that.registryAddress);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(username, password, registryAddress);
+    }
+
+    @Override
+    public String toString() {
+        return "registry credentials for " + registryAddress + " [username=" + username + ",password=" + password + "]";
+    }
+
+}
diff --git a/docker-api/src/test/java/com/yahoo/vespa/hosted/dockerapi/DockerEngineTest.java b/docker-api/src/test/java/com/yahoo/vespa/hosted/dockerapi/DockerEngineTest.java
index 792955ed130..69055e6402c 100644
--- a/docker-api/src/test/java/com/yahoo/vespa/hosted/dockerapi/DockerEngineTest.java
+++ b/docker-api/src/test/java/com/yahoo/vespa/hosted/dockerapi/DockerEngineTest.java
@@ -93,12 +93,12 @@ public class DockerEngineTest {
         when(dockerClient.inspectImageCmd(image.asString())).thenReturn(imageInspectCmd);
         when(dockerClient.pullImageCmd(eq(image.asString()))).thenReturn(pullImageCmd);
 
-        assertTrue("Should return true, we just scheduled the pull", docker.pullImageAsyncIfNeeded(image));
-        assertTrue("Should return true, the pull i still ongoing", docker.pullImageAsyncIfNeeded(image));
+        assertTrue("Should return true, we just scheduled the pull", docker.pullImageAsyncIfNeeded(image, RegistryCredentials.none));
+        assertTrue("Should return true, the pull i still ongoing", docker.pullImageAsyncIfNeeded(image, RegistryCredentials.none));
 
         assertTrue(docker.imageIsDownloaded(image));
         resultCallback.getValue().onComplete();
-        assertFalse(docker.pullImageAsyncIfNeeded(image));
+        assertFalse(docker.pullImageAsyncIfNeeded(image, RegistryCredentials.none));
     }
 
     @Test
@@ -117,15 +117,15 @@ public class DockerEngineTest {
         when(dockerClient.inspectImageCmd(image.asString())).thenReturn(imageInspectCmd);
         when(dockerClient.pullImageCmd(eq(image.asString()))).thenReturn(pullImageCmd);
 
-        assertTrue("Should return true, we just scheduled the pull", docker.pullImageAsyncIfNeeded(image));
-        assertTrue("Should return true, the pull i still ongoing", docker.pullImageAsyncIfNeeded(image));
+        assertTrue("Should return true, we just scheduled the pull", docker.pullImageAsyncIfNeeded(image, RegistryCredentials.none));
+        assertTrue("Should return true, the pull i still ongoing", docker.pullImageAsyncIfNeeded(image, RegistryCredentials.none));
 
         try {
             resultCallback.getValue().onComplete();
         } catch (Exception ignored) { }
 
         assertFalse(docker.imageIsDownloaded(image));
-        assertTrue("Should return true, new pull scheduled", docker.pullImageAsyncIfNeeded(image));
+        assertTrue("Should return true, new pull scheduled", docker.pullImageAsyncIfNeeded(image, RegistryCredentials.none));
     }
 
 }