@CheckForNull private static DockerConfigFile loadLegacyConfig(String dockerConfigPath) throws IOException { File dockerLegacyCfgFile = new File(dockerConfigPath, DOCKER_LEGACY_CFG); if (!dockerLegacyCfgFile.exists() || !dockerLegacyCfgFile.isFile()) { return null; } //parse legacy auth config file format try { return new DockerConfigFile(MAPPER.<Map<String, AuthConfig>>readValue(dockerLegacyCfgFile, CONFIG_MAP_TYPE)); } catch (IOException e) { // pass } List<String> authFileContent = FileUtils.readLines(dockerLegacyCfgFile, StandardCharsets.UTF_8); if (authFileContent.size() < 2) { throw new IOException("The Auth Config file is empty"); } AuthConfig config = new AuthConfig(); String[] origAuth = authFileContent.get(0).split(" = "); if (origAuth.length != 2) { throw new IOException("Invalid Auth config file"); } config.withAuth(origAuth[1]); String[] origEmail = authFileContent.get(1).split(" = "); if (origEmail.length != 2) { throw new IOException("Invalid Auth config file"); } config.withEmail(origEmail[1]); return new DockerConfigFile(new HashMap<>(Collections.singletonMap(config.getRegistryAddress(), config))); }
public AuthConfig effectiveAuthConfig(String imageName) { // allow docker-java auth config to be used as a fallback AuthConfig fallbackAuthConfig; try { fallbackAuthConfig = delegate.effectiveAuthConfig(imageName); } catch (Exception e) { log.debug("Delegate call to effectiveAuthConfig failed with cause: '{}'. " + "Resolution of auth config will continue using RegistryAuthLocator.", e.getMessage()); fallbackAuthConfig = new AuthConfig(); } // try and obtain more accurate auth config using our resolution final DockerImageName parsed = new DockerImageName(imageName); final AuthConfig effectiveAuthConfig = RegistryAuthLocator.instance() .lookupAuthConfig(parsed, fallbackAuthConfig); log.debug("Effective auth config [{}]", toSafeString(effectiveAuthConfig)); return effectiveAuthConfig; }
log.debug("Credential helper/store provided auth config for: {}", hostName); return new AuthConfig() .withRegistryAddress(helperResponse.at("/ServerURL").asText()) .withUsername(helperResponse.at("/Username").asText())
@Override public AuthConfig authConfig() { checkNotNull(dockerClientConfig.getRegistryUsername(), "Configured username is null."); checkNotNull(dockerClientConfig.getRegistryUrl(), "Configured serverAddress is null."); return new AuthConfig() .withUsername(dockerClientConfig.getRegistryUsername()) .withPassword(dockerClientConfig.getRegistryPassword()) .withEmail(dockerClientConfig.getRegistryEmail()) .withRegistryAddress(dockerClientConfig.getRegistryUrl()); }
@Test public void lookupAuthConfigWithCredentialsNotFound() throws URISyntaxException { Map<String, String> notFoundMessagesReference = new HashMap<>(); final RegistryAuthLocator authLocator = createTestAuthLocator("config-with-store.json", notFoundMessagesReference); DockerImageName dockerImageName = new DockerImageName("registry2.example.com/org/repo"); final AuthConfig authConfig = authLocator.lookupAuthConfig(dockerImageName, new AuthConfig()); assertNull("No username should have been obtained from a credential store", authConfig.getUsername()); assertNull("No secret should have been obtained from a credential store", authConfig.getPassword()); assertEquals("Should have one 'credentials not found' message discovered", 1, notFoundMessagesReference.size()); String discoveredMessage = notFoundMessagesReference.values().iterator().next(); assertEquals( "Not correct message discovered", "Fake credentials not found on credentials store 'https://not.a.real.registry/url'", discoveredMessage); }
@Test public void testThatAuthLocatorIsUsed() throws Exception { final DockerImageName expectedName = new DockerImageName(testImageNameWithTag); final AuthConfig authConfig = new AuthConfig() .withUsername("testuser") .withPassword("notasecret") .withRegistryAddress("http://" + testRegistryAddress); // Replace the RegistryAuthLocator singleton with our mock, for the duration of this test final RegistryAuthLocator mockAuthLocator = Mockito.mock(RegistryAuthLocator.class); RegistryAuthLocator.setInstance(mockAuthLocator); when(mockAuthLocator.lookupAuthConfig(eq(expectedName), any())) .thenReturn(authConfig); // a push will use the auth locator for authentication, although that isn't the goal of this test putImageInRegistry(); // actually start a container, which will require an authenticated pull try (final GenericContainer container = new GenericContainer<>(testImageNameWithTag) .withCommand("/bin/sh", "-c", "sleep 10")) { container.start(); assertTrue("container started following an authenticated pull", container.isRunning()); } }
private AuthConfig getAuthConfig() { AuthConfig authConfig = null; if (getRegistryUsername() != null && getRegistryPassword() != null && getRegistryEmail() != null && getRegistryUrl() != null) { authConfig = new AuthConfig() .withUsername(getRegistryUsername()) .withPassword(getRegistryPassword()) .withEmail(getRegistryEmail()) .withRegistryAddress(getRegistryUrl()); } return authConfig; }
@Test public void lookupAuthConfigWithBasicAuthCredentials() throws URISyntaxException { final RegistryAuthLocator authLocator = createTestAuthLocator("config-basic-auth.json"); final AuthConfig authConfig = authLocator.lookupAuthConfig(new DockerImageName("registry.example.com/org/repo"), new AuthConfig()); assertEquals("Default docker registry URL is set on auth config", "https://registry.example.com", authConfig.getRegistryAddress()); assertEquals("Username is set", "user", authConfig.getUsername()); assertEquals("Password is set", "pass", authConfig.getPassword()); }
@Test public void lookupAuthConfigUsingStore() throws URISyntaxException { final RegistryAuthLocator authLocator = createTestAuthLocator("config-with-store.json"); final AuthConfig authConfig = authLocator.lookupAuthConfig(new DockerImageName("registry.example.com/org/repo"), new AuthConfig()); assertEquals("Correct server URL is obtained from a credential store", "url", authConfig.getRegistryAddress()); assertEquals("Correct username is obtained from a credential store", "username", authConfig.getUsername()); assertEquals("Correct secret is obtained from a credential store", "secret", authConfig.getPassword()); }
@Test public void lookupAuthConfigWithoutCredentials() throws URISyntaxException { final RegistryAuthLocator authLocator = createTestAuthLocator("config-empty.json"); final AuthConfig authConfig = authLocator.lookupAuthConfig(new DockerImageName("unauthenticated.registry.org/org/repo"), new AuthConfig()); assertEquals("Default docker registry URL is set on auth config", "https://index.docker.io/v1/", authConfig.getRegistryAddress()); assertNull("No username is set", authConfig.getUsername()); assertNull("No password is set", authConfig.getPassword()); }
@Test public void lookupUsingHelperEmptyAuth() throws URISyntaxException { final RegistryAuthLocator authLocator = createTestAuthLocator("config-empty-auth-with-helper.json"); final AuthConfig authConfig = authLocator.lookupAuthConfig(new DockerImageName("registry.example.com/org/repo"), new AuthConfig()); assertEquals("Correct server URL is obtained from a credential store", "url", authConfig.getRegistryAddress()); assertEquals("Correct username is obtained from a credential store", "username", authConfig.getUsername()); assertEquals("Correct secret is obtained from a credential store", "secret", authConfig.getPassword()); }
@Test public void lookupAuthConfigUsingHelper() throws URISyntaxException { final RegistryAuthLocator authLocator = createTestAuthLocator("config-with-helper.json"); final AuthConfig authConfig = authLocator.lookupAuthConfig(new DockerImageName("registry.example.com/org/repo"), new AuthConfig()); assertEquals("Correct server URL is obtained from a credential store", "url", authConfig.getRegistryAddress()); assertEquals("Correct username is obtained from a credential store", "username", authConfig.getUsername()); assertEquals("Correct secret is obtained from a credential store", "secret", authConfig.getPassword()); }
@Test public void lookupNonEmptyAuthWithHelper() throws URISyntaxException { final RegistryAuthLocator authLocator = createTestAuthLocator("config-existing-auth-with-helper.json"); final AuthConfig authConfig = authLocator.lookupAuthConfig(new DockerImageName("registry.example.com/org/repo"), new AuthConfig()); assertEquals("Correct server URL is obtained from a credential helper", "url", authConfig.getRegistryAddress()); assertEquals("Correct username is obtained from a credential helper", "username", authConfig.getUsername()); assertEquals("Correct password is obtained from a credential helper", "secret", authConfig.getPassword()); }
public AuthConfig effectiveAuthConfig(String imageName) { // allow docker-java auth config to be used as a fallback AuthConfig fallbackAuthConfig; try { fallbackAuthConfig = delegate.effectiveAuthConfig(imageName); } catch (Exception e) { log.debug("Delegate call to effectiveAuthConfig failed with cause: \'{}\'. Resolution of auth config will continue using RegistryAuthLocator.", e.getMessage()); fallbackAuthConfig = new AuthConfig(); } // try and obtain more accurate auth config using our resolution final DockerImageName parsed = new DockerImageName(imageName); final AuthConfig effectiveAuthConfig = RegistryAuthLocator.instance().lookupAuthConfig(parsed, fallbackAuthConfig); log.debug("Effective auth config [{}]", toSafeString(effectiveAuthConfig)); return effectiveAuthConfig; }
public AuthConfig getAuthConfig(Job<?, ?> project) { if (dockerRegistryEndpoint == null || Strings.isNullOrEmpty(dockerRegistryEndpoint.getCredentialsId())) { return null; } AuthConfig authConfig = new AuthConfig(); authConfig.withRegistryAddress(dockerRegistryEndpoint.getUrl()); DockerRegistryToken token = this.dockerRegistryEndpoint.getToken(project); if (token != null) { String credentials = new String(Base64.decodeBase64(token.getToken()), Charsets.UTF_8); String[] usernamePassword = credentials.split(":"); authConfig.withUsername(usernamePassword[0]); authConfig.withPassword(usernamePassword[1]); authConfig.withEmail(token.getEmail()); } return authConfig; }
private void configureBuildCommand(Map<String, Object> params, BuildImageCmd buildImageCmd) { if (params.containsKey(NO_CACHE)) { buildImageCmd.withNoCache((boolean) params.get(NO_CACHE)); } if (params.containsKey(REMOVE)) { buildImageCmd.withRemove((boolean) params.get(REMOVE)); } if (params.containsKey(DOCKERFILE_NAME)) { buildImageCmd.withDockerfile(new File((String) params.get(DOCKERFILE_NAME))); } if(this.dockerClientConfig.getRegistryUsername() != null && this.dockerClientConfig.getRegistryPassword() != null){ AuthConfig buildAuthConfig = new AuthConfig().withUsername(this.dockerClientConfig.getRegistryUsername()) .withPassword(this.dockerClientConfig.getRegistryPassword()) .withEmail(this.dockerClientConfig.getRegistryEmail()) .withRegistryAddress(this.dockerClientConfig.getRegistryUrl()); final AuthConfigurations authConfigurations = new AuthConfigurations(); authConfigurations.addConfig(buildAuthConfig); buildImageCmd.withBuildAuthConfigs(authConfigurations); } }
@Override public AuthConfig authConfig() { checkNotNull(dockerClientConfig.getRegistryUsername(), "Configured username is null."); checkNotNull(dockerClientConfig.getRegistryUrl(), "Configured serverAddress is null."); return new AuthConfig() .withUsername(dockerClientConfig.getRegistryUsername()) .withPassword(dockerClientConfig.getRegistryPassword()) .withEmail(dockerClientConfig.getRegistryEmail()) .withRegistryAddress(dockerClientConfig.getRegistryUrl()); }
/** * Pull docker image using the docker java client. * * @param imageTag * @param username * @param password * @param host */ public static void pullImage(String imageTag, String username, String password, String host) throws IOException { final AuthConfig authConfig = new AuthConfig(); authConfig.withUsername(username); authConfig.withPassword(password); DockerClient dockerClient = null; try { dockerClient = getDockerClient(host); dockerClient.pullImageCmd(imageTag).withAuthConfig(authConfig).exec(new PullImageResultCallback()).awaitSuccess(); } finally { closeQuietly(dockerClient); } }
/** * Push docker image using the docker java client. * * @param imageTag * @param username * @param password * @param host */ public static void pushImage(String imageTag, String username, String password, String host) throws IOException { final AuthConfig authConfig = new AuthConfig(); authConfig.withUsername(username); authConfig.withPassword(password); DockerClient dockerClient = null; try { dockerClient = getDockerClient(host); dockerClient.pushImageCmd(imageTag).withAuthConfig(authConfig).exec(new PushImageResultCallback()).awaitSuccess(); } finally { closeQuietly(dockerClient); } }
private AuthConfig getAuthConfig() { AuthConfig authConfig = null; if (getRegistryUsername() != null && getRegistryPassword() != null && getRegistryEmail() != null && getRegistryUrl() != null) { authConfig = new AuthConfig() .withUsername(getRegistryUsername()) .withPassword(getRegistryPassword()) .withEmail(getRegistryEmail()) .withRegistryAddress(getRegistryUrl()); } return authConfig; }