/** * Sets up an environment logged in to the specified Docker registry. * @param dockerExecutable as in {@link DockerTool#getExecutable}, with a 1.8+ client */ public KeyMaterialFactory newKeyMaterialFactory(@Nonnull URL endpoint, @Nonnull FilePath workspace, @Nonnull Launcher launcher, @Nonnull EnvVars env, @Nonnull TaskListener listener, @Nonnull String dockerExecutable) throws InterruptedException, IOException { if (!USE_CUSTOM_LOGIN) { try { // see UsernamePasswordDockerRegistryTokenSource for example String usernameColonPassword = new String(Base64.getDecoder().decode(token), StandardCharsets.UTF_8); int colon = usernameColonPassword.indexOf(':'); if (colon > 0) { return new RegistryKeyMaterialFactory(usernameColonPassword.substring(0, colon), usernameColonPassword.substring(colon + 1), endpoint, launcher, env, listener, dockerExecutable). contextualize(new KeyMaterialContext(WorkspaceList.tempDir(workspace))); } } catch (IllegalArgumentException x) { // not Base64-encoded } listener.getLogger().println("Warning: authentication token does not look like a username:password; falling back to direct manipulation of Docker configuration files"); } return newKeyMaterialFactory(endpoint, workspace.getChannel(), launcher, listener); }
/** * Creates a read-protected directory inside {@link KeyMaterialContext#getBaseDir} suitable for storing secret files. * Be sure to {@link FilePath#deleteRecursive} this in {@link KeyMaterial#close}. */ protected final FilePath createSecretsDirectory() throws IOException, InterruptedException { FilePath dir = new FilePath(getContext().getBaseDir(), UUID.randomUUID().toString()); dir.mkdirs(); dir.chmod(0700); return dir; }
/** * Create a {@link KeyMaterialFactory} for connecting to the docker server/host. */ public KeyMaterialFactory newKeyMaterialFactory(FilePath dir, @Nullable DockerServerCredentials credentials) throws IOException, InterruptedException { return (uri == null ? KeyMaterialFactory.NULL : new ServerHostKeyMaterialFactory(uri)) .plus(AuthenticationTokens.convert(KeyMaterialFactory.class, credentials)) .contextualize(new KeyMaterialContext(dir)); }
@Override public KeyMaterial materialize() throws IOException, InterruptedException { EnvVars e = new EnvVars(); if (key != null && cert != null && ca != null) { final FilePath tempCredsDir = new FilePath(getContext().getBaseDir(), UUID.randomUUID().toString()); // protect this information from prying eyes tempCredsDir.chmod(0600); // these file names are defined by convention by docker copyInto(tempCredsDir, "key.pem", key); copyInto(tempCredsDir,"cert.pem", cert); copyInto(tempCredsDir,"ca.pem", ca); e.put("DOCKER_TLS_VERIFY", "1"); e.put("DOCKER_CERT_PATH", tempCredsDir.getRemote()); return new ServerKeyMaterial(e, tempCredsDir); } return new ServerKeyMaterial(e); }
/** * Create a {@link KeyMaterialFactory} for connecting to the docker server/host. */ public KeyMaterialFactory newKeyMaterialFactory(FilePath dir, @Nullable DockerServerCredentials credentials) throws IOException, InterruptedException { return (uri == null ? KeyMaterialFactory.NULL : new ServerHostKeyMaterialFactory(uri)) .plus(AuthenticationTokens.convert(KeyMaterialFactory.class, credentials)) .contextualize(new KeyMaterialContext(dir)); }