mirror of
https://github.com/fnproject/fn.git
synced 2022-10-28 21:29:17 +03:00
make docker auth interface docker lib agnostic
This commit is contained in:
Reed Allman
@@ -22,7 +22,6 @@ import (
|
||||
"github.com/fnproject/fn/api/models"
|
||||
"github.com/fnproject/fn/fnext"
|
||||
"github.com/fsnotify/fsnotify"
|
||||
docker "github.com/fsouza/go-dockerclient"
|
||||
"github.com/sirupsen/logrus"
|
||||
"go.opencensus.io/plugin/ochttp"
|
||||
"go.opencensus.io/stats"
|
||||
@@ -1459,14 +1458,14 @@ func (c *container) GetEvictChan() chan struct{} {
|
||||
var _ dockerdriver.Auther = new(container)
|
||||
|
||||
// DockerAuth implements the docker.AuthConfiguration interface.
|
||||
func (c *container) DockerAuth(ctx context.Context, image string) (*docker.AuthConfiguration, error) {
|
||||
func (c *container) DockerAuth(ctx context.Context, image string) (*dockerdriver.AuthConfiguration, error) {
|
||||
if c.dockerAuth != nil {
|
||||
return c.dockerAuth.DockerAuth(ctx, image)
|
||||
}
|
||||
|
||||
registryToken := c.authToken
|
||||
if registryToken != "" {
|
||||
return &docker.AuthConfiguration{
|
||||
return &dockerdriver.AuthConfiguration{
|
||||
RegistryToken: registryToken,
|
||||
}, nil
|
||||
}
|
||||
|
||||
@@ -392,7 +392,7 @@ func (c *cookie) Unfreeze(ctx context.Context) error {
|
||||
return err
|
||||
}
|
||||
|
||||
func (c *cookie) authImage(ctx context.Context) (*docker.AuthConfiguration, error) {
|
||||
func (c *cookie) authImage(ctx context.Context) (*AuthConfiguration, error) {
|
||||
ctx, log := common.LoggerWithFields(ctx, logrus.Fields{"stack": "AuthImage"})
|
||||
log.WithFields(logrus.Fields{"call_id": c.task.Id()}).Debug("docker auth image")
|
||||
|
||||
|
||||
@@ -39,7 +39,24 @@ type Auther interface {
|
||||
// certain restrictions on images or if credentials must be acquired right
|
||||
// before runtime and there's an error doing so. If these credentials don't
|
||||
// work, the docker pull will fail and the task will be set to error status.
|
||||
DockerAuth(ctx context.Context, image string) (*docker.AuthConfiguration, error)
|
||||
DockerAuth(ctx context.Context, image string) (*AuthConfiguration, error)
|
||||
}
|
||||
|
||||
// AuthConfiguration matches underlying docker auth configuration, to decouple from
|
||||
// underlying types
|
||||
type AuthConfiguration struct {
|
||||
Username string `json:"username,omitempty"`
|
||||
Password string `json:"password,omitempty"`
|
||||
Email string `json:"email,omitempty"`
|
||||
ServerAddress string `json:"serveraddress,omitempty"`
|
||||
|
||||
// IdentityToken can be supplied with the identitytoken response of the AuthCheck call
|
||||
// see https://godoc.org/github.com/docker/docker/api/types#AuthConfig
|
||||
// It can be used in place of password not in conjunction with it
|
||||
IdentityToken string `json:"identitytoken,omitempty"`
|
||||
|
||||
// RegistryToken can be supplied with the registrytoken
|
||||
RegistryToken string `json:"registrytoken,omitempty"`
|
||||
}
|
||||
|
||||
type runResult struct {
|
||||
@@ -48,7 +65,7 @@ type runResult struct {
|
||||
}
|
||||
|
||||
type driverAuthConfig struct {
|
||||
auth docker.AuthConfiguration
|
||||
auth AuthConfiguration
|
||||
subdomains map[string]bool
|
||||
}
|
||||
|
||||
|
||||
@@ -292,7 +292,15 @@ func (pool *dockerPool) prepareImage(ctx context.Context, driver *DockerDriver,
|
||||
log.WithError(err).Fatal("prefork pool image inspect failed")
|
||||
}
|
||||
|
||||
err = driver.docker.PullImage(opts, *config)
|
||||
cfg := docker.AuthConfiguration{
|
||||
Username: config.Username,
|
||||
Password: config.Password,
|
||||
Email: config.Email,
|
||||
ServerAddress: config.ServerAddress,
|
||||
IdentityToken: config.IdentityToken,
|
||||
RegistryToken: config.RegistryToken,
|
||||
}
|
||||
err = driver.docker.PullImage(opts, cfg)
|
||||
if err == nil {
|
||||
return
|
||||
}
|
||||
|
||||
@@ -23,7 +23,7 @@ import (
|
||||
// any new requests are added as listeners to the ongoing docker-pull requests.
|
||||
|
||||
type ImagePuller interface {
|
||||
PullImage(ctx context.Context, cfg *docker.AuthConfiguration, img, repo, tag string) chan error
|
||||
PullImage(ctx context.Context, cfg *AuthConfiguration, img, repo, tag string) chan error
|
||||
SetRetryPolicy(policy common.BackOffConfig, checker drivers.RetryErrorChecker) error
|
||||
}
|
||||
|
||||
@@ -32,7 +32,7 @@ type transfer struct {
|
||||
|
||||
key string
|
||||
|
||||
cfg *docker.AuthConfiguration
|
||||
cfg *AuthConfiguration
|
||||
img string
|
||||
repo string
|
||||
tag string
|
||||
@@ -68,7 +68,7 @@ func (i *imagePuller) SetRetryPolicy(policy common.BackOffConfig, checker driver
|
||||
}
|
||||
|
||||
// newTransfer initiates a new docker-pull if there's no active docker-pull present for the same image.
|
||||
func (i *imagePuller) newTransfer(ctx context.Context, cfg *docker.AuthConfiguration, img, repo, tag string) chan error {
|
||||
func (i *imagePuller) newTransfer(ctx context.Context, cfg *AuthConfiguration, img, repo, tag string) chan error {
|
||||
|
||||
key := fmt.Sprintf("%s %s %+v", repo, tag, cfg)
|
||||
|
||||
@@ -106,8 +106,18 @@ func (i *imagePuller) pullWithRetry(trx *transfer) error {
|
||||
timer := common.NewTimer(time.Duration(i.backOffCfg.MinDelay) * time.Millisecond)
|
||||
defer timer.Stop()
|
||||
|
||||
pmo := docker.PullImageOptions{Repository: trx.repo, Tag: trx.tag, Context: trx.ctx}
|
||||
cfg := docker.AuthConfiguration{
|
||||
Username: trx.cfg.Username,
|
||||
Password: trx.cfg.Password,
|
||||
Email: trx.cfg.Email,
|
||||
ServerAddress: trx.cfg.ServerAddress,
|
||||
IdentityToken: trx.cfg.IdentityToken,
|
||||
RegistryToken: trx.cfg.RegistryToken,
|
||||
}
|
||||
|
||||
for {
|
||||
err := i.docker.PullImage(docker.PullImageOptions{Repository: trx.repo, Tag: trx.tag, Context: trx.ctx}, *trx.cfg)
|
||||
err := i.docker.PullImage(pmo, cfg)
|
||||
ok, reason := i.isRetriable(err)
|
||||
if !ok {
|
||||
return err
|
||||
@@ -166,7 +176,7 @@ func (i *imagePuller) startTransfer(trx *transfer) {
|
||||
delete(i.transfers, trx.key)
|
||||
}
|
||||
|
||||
func (i *imagePuller) PullImage(ctx context.Context, cfg *docker.AuthConfiguration, img, repo, tag string) chan error {
|
||||
func (i *imagePuller) PullImage(ctx context.Context, cfg *AuthConfiguration, img, repo, tag string) chan error {
|
||||
return i.newTransfer(ctx, cfg, img, repo, tag)
|
||||
}
|
||||
|
||||
|
||||
@@ -48,7 +48,14 @@ func preprocessAuths(auths *docker.AuthConfigurations) (map[string]driverAuthCon
|
||||
}
|
||||
|
||||
drvAuths[key] = driverAuthConfig{
|
||||
auth: v,
|
||||
auth: AuthConfiguration{
|
||||
Username: v.Username,
|
||||
Password: v.Password,
|
||||
Email: v.Email,
|
||||
ServerAddress: v.ServerAddress,
|
||||
IdentityToken: v.IdentityToken,
|
||||
RegistryToken: v.RegistryToken,
|
||||
},
|
||||
subdomains: getSubdomains(u.Host),
|
||||
}
|
||||
}
|
||||
@@ -72,8 +79,8 @@ func getSubdomains(hostname string) map[string]bool {
|
||||
return subdomains
|
||||
}
|
||||
|
||||
func findRegistryConfig(reg string, configs map[string]driverAuthConfig) *docker.AuthConfiguration {
|
||||
var config docker.AuthConfiguration
|
||||
func findRegistryConfig(reg string, configs map[string]driverAuthConfig) *AuthConfiguration {
|
||||
var config AuthConfiguration
|
||||
|
||||
if reg != "" {
|
||||
res := lookupRegistryConfig(reg, configs)
|
||||
@@ -92,7 +99,7 @@ func findRegistryConfig(reg string, configs map[string]driverAuthConfig) *docker
|
||||
return &config
|
||||
}
|
||||
|
||||
func lookupRegistryConfig(reg string, configs map[string]driverAuthConfig) *docker.AuthConfiguration {
|
||||
func lookupRegistryConfig(reg string, configs map[string]driverAuthConfig) *AuthConfiguration {
|
||||
|
||||
// if any configured host auths match task registry, try them (task docker auth can override)
|
||||
for _, v := range configs {
|
||||
|
||||
Reference in New Issue
Block a user