diff options
Diffstat (limited to 'docker-api')
5 files changed, 71 insertions, 6 deletions
diff --git a/docker-api/pom.xml b/docker-api/pom.xml index fc3407d08be..e2ddd8dbcc9 100644 --- a/docker-api/pom.xml +++ b/docker-api/pom.xml @@ -69,7 +69,6 @@ <groupId>org.apache.httpcomponents</groupId> <artifactId>httpcore</artifactId> </exclusion> - <exclusion> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpclient</artifactId> @@ -77,22 +76,28 @@ </exclusions> </dependency> <dependency> + <groupId>commons-codec</groupId> + <artifactId>commons-codec</artifactId> + <version>1.10</version> + <scope>compile</scope> + </dependency> + <dependency> <groupId>net.jpountz.lz4</groupId> <artifactId>lz4</artifactId> </dependency> <dependency> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpcore</artifactId> - <!-- We explicitly specify the version of httpcore to be used by - docker-java so the dependency is declared closer to the root of maven and + <!-- We explicitly specify the version of httpcore to be used by + docker-java so the dependency is declared closer to the root of maven and more likely be the version that is finally being used. --> <version>4.4.1</version> </dependency> <dependency> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpclient</artifactId> - <!-- We explicitly specify the version of httpclient to be used by - docker-java so the dependency is declared closer to the root of maven and + <!-- We explicitly specify the version of httpclient to be used by + docker-java so the dependency is declared closer to the root of maven and more likely be the version that is finally being used. --> <version>4.5</version> </dependency> diff --git a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/Docker.java b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/Docker.java index 331779fb81c..2039d0adfc9 100644 --- a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/Docker.java +++ b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/Docker.java @@ -115,4 +115,10 @@ public interface Docker { ProcessResult executeInContainerAsRoot(ContainerName containerName, Long timeoutSeconds, String... command); String getGlobalIPv6Address(ContainerName name); + + /** + * If set, the supplier will we called every time before a pull/push request is made to get the credentials + */ + void setDockerRegistryCredentialsSupplier(DockerRegistryCredentialsSupplier dockerRegistryCredentialsSupplier); + } diff --git a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java index 5facbc7104e..f6588512e2d 100644 --- a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java +++ b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java @@ -8,9 +8,11 @@ import com.github.dockerjava.api.command.InspectContainerCmd; import com.github.dockerjava.api.command.InspectContainerResponse; import com.github.dockerjava.api.command.InspectExecResponse; import com.github.dockerjava.api.command.InspectImageResponse; +import com.github.dockerjava.api.command.PullImageCmd; import com.github.dockerjava.api.exception.DockerClientException; import com.github.dockerjava.api.exception.NotFoundException; import com.github.dockerjava.api.exception.NotModifiedException; +import com.github.dockerjava.api.model.AuthConfig; import com.github.dockerjava.api.model.Image; import com.github.dockerjava.api.model.Network; import com.github.dockerjava.api.model.Statistics; @@ -67,6 +69,8 @@ public class DockerImpl implements Docker { @GuardedBy("monitor") private final Set<DockerImage> scheduledPulls = new HashSet<>(); + private volatile Optional<DockerRegistryCredentialsSupplier> dockerRegistryCredentialsSupplier = Optional.empty(); + private DockerClient dockerClient; @Inject @@ -150,7 +154,17 @@ public class DockerImpl implements Docker { if (imageIsDownloaded(image)) return false; scheduledPulls.add(image); - dockerClient.pullImageCmd(image.asString()).exec(new ImagePullCallback(image)); + PullImageCmd pullImageCmd = dockerClient.pullImageCmd(image.asString()); + + dockerRegistryCredentialsSupplier + .flatMap(credentialsSupplier -> credentialsSupplier.getCredentials(image)) + .map(credentials -> new AuthConfig() + .withRegistryAddress(credentials.registry.toString()) + .withUsername(credentials.username) + .withPassword(credentials.password)) + .ifPresent(pullImageCmd::withAuthConfig); + + pullImageCmd.exec(new ImagePullCallback(image)); return true; } } catch (RuntimeException e) { @@ -364,6 +378,11 @@ public class DockerImpl implements Docker { return cmd.exec().getNetworkSettings().getGlobalIPv6Address(); } + @Override + public void setDockerRegistryCredentialsSupplier(DockerRegistryCredentialsSupplier dockerRegistryCredentialsSupplier) { + this.dockerRegistryCredentialsSupplier = Optional.of(dockerRegistryCredentialsSupplier); + } + private Stream<Container> asContainer(String container) { return inspectContainerCmd(container) .map(response -> diff --git a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerRegistryCredentials.java b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerRegistryCredentials.java new file mode 100644 index 00000000000..c9603e9e53a --- /dev/null +++ b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerRegistryCredentials.java @@ -0,0 +1,19 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.dockerapi; + +import java.net.URI; + +/** + * @author freva + */ +public class DockerRegistryCredentials { + public final URI registry; + public final String username; + public final String password; + + public DockerRegistryCredentials(URI registry, String username, String password) { + this.registry = registry; + this.username = username; + this.password = password; + } +} diff --git a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerRegistryCredentialsSupplier.java b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerRegistryCredentialsSupplier.java new file mode 100644 index 00000000000..6f16a6cd545 --- /dev/null +++ b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerRegistryCredentialsSupplier.java @@ -0,0 +1,16 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.dockerapi; + +import java.util.Optional; + +/** + * @author freva + */ +public interface DockerRegistryCredentialsSupplier { + + /** + * Returns credentials to docker registry needed to be able to pull/push given + * docker image. + */ + Optional<DockerRegistryCredentials> getCredentials(DockerImage dockerImage); +} |