public ContainerRegistryAuthSupplier build() { final GoogleCredentials credentials = this.credentials.createScoped(scopes); // log some sort of identifier for the credentials, which requires looking at the // instance type if (credentials instanceof ServiceAccountCredentials) { final String clientEmail = ((ServiceAccountCredentials) credentials).getClientEmail(); log.info("loaded credentials for service account with clientEmail={}", clientEmail); } else if (credentials instanceof UserCredentials) { final String clientId = ((UserCredentials) credentials).getClientId(); log.info("loaded credentials for user account with clientId={}", clientId); } final Clock clock = Clock.systemDefaultZone(); final DefaultCredentialRefresher refresher = new DefaultCredentialRefresher(); return new ContainerRegistryAuthSupplier(credentials, clock, minimumExpiryMillis, refresher); } }
@Override public RegistryAuth authForSwarm() throws DockerException { final AccessToken accessToken; try { accessToken = getAccessToken(); } catch (IOException e) { // ignore the exception, as the user may not care if swarm is authenticated to use GCR log.warn("unable to get access token for Google Container Registry due to exception, " + "configuration for Swarm will not contain RegistryAuth for GCR", e); return null; } return authForAccessToken(accessToken); }
return ContainerRegistryAuthSupplier.forCredentials(credentials).build();
/** * Get an accessToken to use, possibly refreshing the token if it expires within the * minimumExpiryMillis. */ private AccessToken getAccessToken() throws IOException { // synchronize attempts to refresh the accessToken synchronized (credentials) { if (needsRefresh(credentials.getAccessToken())) { credentialRefresher.refresh(credentials); } } return credentials.getAccessToken(); }
/** * Get an accessToken to use, possibly refreshing the token if it expires within the * minimumExpiryMillis. */ private AccessToken getAccessToken() throws IOException { // synchronize attempts to refresh the accessToken synchronized (credentials) { if (needsRefresh(credentials.getAccessToken())) { credentialRefresher.refresh(credentials); } } return credentials.getAccessToken(); }
@Override public RegistryAuth authFor(final String imageName) throws DockerException { final String[] imageParts = imageName.split("/", 2); if (imageParts.length < 2 || !GCR_REGISTRIES.contains(imageParts[0])) { // not an image on GCR return null; } final AccessToken accessToken; try { accessToken = getAccessToken(); } catch (IOException e) { throw new DockerException(e); } return authForAccessToken(accessToken); }
public ContainerRegistryAuthSupplier build() { final GoogleCredentials credentials = this.credentials.createScoped(scopes); // log some sort of identifier for the credentials, which requires looking at the // instance type if (credentials instanceof ServiceAccountCredentials) { final String clientEmail = ((ServiceAccountCredentials) credentials).getClientEmail(); log.info("loaded credentials for service account with clientEmail={}", clientEmail); } else if (credentials instanceof UserCredentials) { final String clientId = ((UserCredentials) credentials).getClientId(); log.info("loaded credentials for user account with clientId={}", clientId); } final Clock clock = Clock.SYSTEM; final DefaultCredentialRefresher refresher = new DefaultCredentialRefresher(); return new ContainerRegistryAuthSupplier(credentials, clock, minimumExpiryMillis, refresher); } }
private DockerClient createDockerClient(final AgentConfig config) throws IOException { final DefaultDockerClient.Builder builder = DefaultDockerClient.builder() .uri(config.getDockerHost().uri()); if (config.getConnectionPoolSize() != -1) { builder.connectionPoolSize(config.getConnectionPoolSize()); } if (!isNullOrEmpty(config.getDockerHost().dockerCertPath())) { final Path dockerCertPath = java.nio.file.Paths.get(config.getDockerHost().dockerCertPath()); final DockerCertificates dockerCertificates; try { dockerCertificates = new DockerCertificates(dockerCertPath); } catch (DockerCertificateException e) { throw new RuntimeException(e); } builder.dockerCertificates(dockerCertificates); } if (config.getGoogleCredentials() != null) { builder.registryAuthSupplier( ContainerRegistryAuthSupplier .forCredentials(config.getGoogleCredentials()) .build() ); } return new PollingDockerClient(builder); }
@Override public RegistryConfigs authForBuild() throws DockerException { final AccessToken accessToken; try { accessToken = getAccessToken(); } catch (IOException e) { // do not fail as the GCR access token may not be necessary for building the image currently // being built log.warn("unable to get access token for Google Container Registry, " + "configuration for building image will not contain RegistryAuth for GCR", e); return RegistryConfigs.empty(); } final Map<String, RegistryAuth> configs = new HashMap<>(GCR_REGISTRIES.size()); for (String serverName : GCR_REGISTRIES) { configs.put(serverName, authForAccessToken(accessToken)); } return RegistryConfigs.create(configs); } }
@Override public RegistryAuth authForSwarm() throws DockerException { final AccessToken accessToken; try { accessToken = getAccessToken(); } catch (IOException e) { // ignore the exception, as the user may not care if swarm is authenticated to use GCR log.warn("unable to get access token for Google Container Registry due to exception, " + "configuration for Swarm will not contain RegistryAuth for GCR", e); return null; } return authForAccessToken(accessToken); }
@Override public RegistryAuth authFor(final String imageName) throws DockerException { final String[] imageParts = imageName.split("/", 2); if (imageParts.length < 2 || !GCR_REGISTRIES.contains(imageParts[0])) { // not an image on GCR return null; } final AccessToken accessToken; try { accessToken = getAccessToken(); } catch (IOException e) { throw new DockerException(e); } return authForAccessToken(accessToken); }
@Override public RegistryConfigs authForBuild() throws DockerException { final AccessToken accessToken; try { accessToken = getAccessToken(); } catch (IOException e) { // do not fail as the GCR access token may not be necessary for building the image currently // being built log.warn("unable to get access token for Google Container Registry, " + "configuration for building image will not contain RegistryAuth for GCR", e); return RegistryConfigs.empty(); } final Map<String, RegistryAuth> configs = new HashMap<>(GCR_REGISTRIES.size()); for (String serverName : GCR_REGISTRIES) { configs.put(serverName, authForAccessToken(accessToken)); } return RegistryConfigs.create(configs); } }