public void setupCredentials(AbstractBuild build) throws IOException, InterruptedException { this.dockerEnv = dockerHost.newKeyMaterialFactory(build) .plus( registryEndpoint.newKeyMaterialFactory(build)) .materialize(); }
@Nonnull protected synchronized KeyMaterialContext getContext() { checkContextualized(); return context; }
/** * Create a {@link KeyMaterialFactory} for connecting to the docker server/host. */ public KeyMaterialFactory newKeyMaterialFactory(FilePath dir, @Nullable DockerServerCredentials credentials) throws IOException, InterruptedException { return (uri == null ? KeyMaterialFactory.NULL : new ServerHostKeyMaterialFactory(uri)) .plus(AuthenticationTokens.convert(KeyMaterialFactory.class, credentials)) .contextualize(new KeyMaterialContext(dir)); }
public DockerHostConfig(DockerServerEndpoint endpoint, Item context) throws IOException, InterruptedException { this.endpoint = endpoint; try (ACLContext oldContext = ACL.as(ACL.SYSTEM)) { keys = endpoint.newKeyMaterialFactory(context, FilePath.localChannel).materialize(); } }
@Override public synchronized KeyMaterialFactory contextualize(@Nonnull KeyMaterialContext context) { KeyMaterialFactory contextualized = super.contextualize(context); assert contextualized == this; for (KeyMaterialFactory factory : factories) { factory.contextualize(context); } return this; }
/** * Creates a read-protected directory inside {@link KeyMaterialContext#getBaseDir} suitable for storing secret files. * Be sure to {@link FilePath#deleteRecursive} this in {@link KeyMaterial#close}. */ protected final FilePath createSecretsDirectory() throws IOException, InterruptedException { FilePath dir = new FilePath(getContext().getBaseDir(), UUID.randomUUID().toString()); dir.mkdirs(); dir.chmod(0700); return dir; }
public DockerHostConfig(DockerServerEndpoint endpoint, Item context) throws IOException, InterruptedException { this.endpoint = endpoint; final SecurityContext impersonate = ACL.impersonate(ACL.SYSTEM); try { keys = endpoint.newKeyMaterialFactory(context, FilePath.localChannel).materialize(); } finally { SecurityContextHolder.setContext(impersonate); } }
@Override public synchronized KeyMaterialFactory contextualize(@Nonnull KeyMaterialContext context) { KeyMaterialFactory contextualized = super.contextualize(context); assert contextualized == this; for (KeyMaterialFactory factory : factories) { factory.contextualize(context); } return this; }
try { for (int index = 0; index < factories.length; index++) { keyMaterials[index] = factories[index].materialize(); env.putAll(keyMaterials[index].env());
/** * Create a {@link KeyMaterialFactory} for connecting to the docker server/host. */ public KeyMaterialFactory newKeyMaterialFactory(FilePath dir, @Nullable DockerServerCredentials credentials) throws IOException, InterruptedException { return (uri == null ? KeyMaterialFactory.NULL : new ServerHostKeyMaterialFactory(uri)) .plus(AuthenticationTokens.convert(KeyMaterialFactory.class, credentials)) .contextualize(new KeyMaterialContext(dir)); }
@Nonnull protected synchronized KeyMaterialContext getContext() { checkContextualized(); return context; }
try { for (int index = 0; index < factories.length; index++) { keyMaterials[index] = factories[index].materialize(); env.putAll(keyMaterials[index].env());
@Override public boolean perform(AbstractBuild build, Launcher launcher, BuildListener listener) throws IOException, InterruptedException { // TODO could maybe use Docker REST API, need first to check Java can talk with linux sockets // TODO maybe use DockerHost API int status = 0; KeyMaterial key = null; final EnvVars env = build.getEnvironment(listener); String expandedImage = env.expand(image); try { // get Docker registry credentials key = registry.newKeyMaterialFactory(build).materialize(); status = launcher.launch() .cmds("docker", "pull", registry.imageName(expandedImage)).envs(key.env()) .writeStdin().stdout(listener.getLogger()).stderr(listener.getLogger()).join(); if (status != 0) { throw new RuntimeException("Failed to pull docker image"); } } catch (IOException e) { throw new RuntimeException("Failed to pull docker image", e); } catch (InterruptedException e) { throw new RuntimeException("Failed to pull docker image", e); } finally { if (key != null) { key.close(); } } listener.getLogger().println("docker pull " + image); return true; }
@Override public final boolean start() throws Exception { KeyMaterialFactory keyMaterialFactory = newKeyMaterialFactory(); KeyMaterial material = keyMaterialFactory.materialize(); getContext().newBodyInvoker(). withContext(EnvironmentExpander.merge(getContext().get(EnvironmentExpander.class), new Expander(material))). withCallback(new Callback(material)). start(); return false; }