diff --git a/api/agent/drivers/docker/registry.go b/api/agent/drivers/docker/registry.go index e55555912..332b70039 100644 --- a/api/agent/drivers/docker/registry.go +++ b/api/agent/drivers/docker/registry.go @@ -14,12 +14,9 @@ var ( ) func registryFromEnv() (map[string]driverAuthConfig, error) { - drvAuths := make(map[string]driverAuthConfig) - var auths *docker.AuthConfigurations var err error - if reg := os.Getenv("DOCKER_AUTH"); reg != "" { - // TODO docker does not use this itself, we should get rid of env docker config (nor is this documented..) + if reg := os.Getenv("FN_DOCKER_AUTH"); reg != "" { auths, err = docker.NewAuthConfigurations(strings.NewReader(reg)) } else { auths, err = docker.NewAuthConfigurationsFromDockerCfg() @@ -27,9 +24,15 @@ func registryFromEnv() (map[string]driverAuthConfig, error) { if err != nil { logrus.WithError(err).Info("no docker auths from config files found (this is fine)") - return drvAuths, nil + return map[string]driverAuthConfig{}, nil } + return preprocessAuths(auths) +} + +func preprocessAuths(auths *docker.AuthConfigurations) (map[string]driverAuthConfig, error) { + drvAuths := make(map[string]driverAuthConfig) + for key, v := range auths.Configs { u, err := url.Parse(v.ServerAddress) @@ -42,7 +45,6 @@ func registryFromEnv() (map[string]driverAuthConfig, error) { subdomains: getSubdomains(u.Host), } } - return drvAuths, nil } diff --git a/api/agent/drivers/docker/registry_test.go b/api/agent/drivers/docker/registry_test.go index ba5104f70..7583191d4 100644 --- a/api/agent/drivers/docker/registry_test.go +++ b/api/agent/drivers/docker/registry_test.go @@ -1,7 +1,10 @@ package docker import ( + "strings" "testing" + + "github.com/fsouza/go-dockerclient" ) func verify(expected []string, checks map[string]bool) bool { @@ -57,3 +60,54 @@ func TestRegistrySubDomains(t *testing.T) { t.Fatalf("subdomain results failed expected[%+v] != results[%+v]", exp, res) } } + +func TestRegistryEnv(t *testing.T) { + + testCfg := `{ + "auths":{ + "https://my.registry.com":{"auth":"Y29jbzpjaGVlc2UK"}, + "https://my.registry.com:5000":{"auth":"Y29jbzpjaGVlc2UK"}, + "https://index.docker.io/v2/":{"auth":"Y29jbzpjaGVlc2UK"} + }}` + + auths, err := docker.NewAuthConfigurations(strings.NewReader(testCfg)) + if err != nil { + t.Fatalf("parsing test cfg failed: %s", err) + } + + drvAuths, err := preprocessAuths(auths) + if err != nil { + t.Fatalf("preprocess test cfg failed: %s", err) + } + + res := findRegistryConfig("", drvAuths) + if res == nil || res.ServerAddress != "https://index.docker.io/v2/" { + t.Fatalf("empty registry should pickup docker %v", res) + } + + res = findRegistryConfig("docker.io", drvAuths) + if res == nil || res.ServerAddress != "https://index.docker.io/v2/" { + t.Fatalf("docker.io registry should pickup docker %v", res) + } + + res = findRegistryConfig("localhost", drvAuths) + if res == nil || res.ServerAddress != "" { + t.Fatalf("localhost registry should pickup a default (empty) cfg %v", res) + } + + res = findRegistryConfig("registry.com", drvAuths) + if res == nil || res.ServerAddress != "https://my.registry.com" { + t.Fatalf("registry.com registry should pickup my.registry.com cfg %v", res) + } + + res = findRegistryConfig("my.registry.com", drvAuths) + if res == nil || res.ServerAddress != "https://my.registry.com" { + t.Fatalf("my.registry.com registry should pickup my.registry.com cfg %v", res) + } + + res = findRegistryConfig("registry.com:5000", drvAuths) + if res == nil || res.ServerAddress != "https://my.registry.com:5000" { + t.Fatalf("registry.com:5000 registry should pickup my.registry.com:5000 cfg %v", res) + } + +} diff --git a/docs/operating/private_registries.md b/docs/operating/private_registries.md index 38812cd12..75b16fd6c 100644 --- a/docs/operating/private_registries.md +++ b/docs/operating/private_registries.md @@ -4,10 +4,10 @@ For local development, or a team that wishes to keep their images off of the pub registry may be useful. This can be hosted on your own server or local machine. See the Docker docs [here](https://docs.docker.com/registry/) for information on setting this up. A registry on localhost may greatly speed up iterative development in environments where the network is constrained. To set up your fn service with authentication for any registry, you must -provide fn with `DOCKER_AUTH` env var: +provide fn with `FN_DOCKER_AUTH` env var: ``` -DOCKER_AUTH='{"auths":{"http://my.registry.com:80":{"auth":"yourauthbase64here"}}}' +FN_DOCKER_AUTH='{"auths":{"http://my.registry.com:80":{"auth":"yourauthbase64here"}}}' ``` You may provide multiple auths in this way, it's also possible to run the `fn`