Passing registry auth token for service create and update

Signed-off-by: Nishant Totla <nishanttotla@gmail.com>
(cherry picked from commit 93ec5cda55)
This commit is contained in:
Nishant Totla 2016-06-15 11:50:49 -07:00 committed by Tibor Vass
parent 88cb79d400
commit c5ddd5bb7f
7 changed files with 104 additions and 12 deletions

View file

@ -13,6 +13,7 @@ import (
"golang.org/x/net/context"
"github.com/docker/docker/pkg/term"
"github.com/docker/docker/reference"
"github.com/docker/docker/registry"
"github.com/docker/engine-api/types"
registrytypes "github.com/docker/engine-api/types/registry"
@ -148,6 +149,34 @@ func (cli *DockerCli) ConfigureAuth(flUser, flPassword, serverAddress string, is
return authconfig, nil
}
// ResolveAuthConfigFromImage retrieves that AuthConfig using the image string
func (cli *DockerCli) ResolveAuthConfigFromImage(ctx context.Context, image string) (types.AuthConfig, error) {
registryRef, err := reference.ParseNamed(image)
if err != nil {
return types.AuthConfig{}, err
}
repoInfo, err := registry.ParseRepositoryInfo(registryRef)
if err != nil {
return types.AuthConfig{}, err
}
authConfig := cli.ResolveAuthConfig(ctx, repoInfo.Index)
return authConfig, nil
}
// RetrieveAuthTokenFromImage retrieves an encoded auth token given a complete image
func (cli *DockerCli) RetrieveAuthTokenFromImage(ctx context.Context, image string) (string, error) {
// Retrieve encoded auth token from the image reference
authConfig, err := cli.ResolveAuthConfigFromImage(ctx, image)
if err != nil {
return "", err
}
encodedAuth, err := EncodeAuthToBase64(authConfig)
if err != nil {
return "", err
}
return encodedAuth, nil
}
func readInput(in io.Reader, out io.Writer) string {
reader := bufio.NewReader(in)
line, _, err := reader.ReadLine()

View file

@ -32,14 +32,25 @@ func newCreateCommand(dockerCli *client.DockerCli) *cobra.Command {
}
func runCreate(dockerCli *client.DockerCli, opts *serviceOptions) error {
client := dockerCli.Client()
apiClient := dockerCli.Client()
service, err := opts.ToService()
if err != nil {
return err
}
response, err := client.ServiceCreate(context.Background(), service)
ctx := context.Background()
// Retrieve encoded auth token from the image reference
encodedAuth, err := dockerCli.RetrieveAuthTokenFromImage(ctx, opts.image)
if err != nil {
return err
}
headers := map[string][]string{
"x-registry-auth": {encodedAuth},
}
response, err := apiClient.ServiceCreate(ctx, service, headers)
if err != nil {
return err
}

View file

@ -60,6 +60,7 @@ func runScale(dockerCli *client.DockerCli, args []string) error {
func runServiceScale(dockerCli *client.DockerCli, serviceID string, scale string) error {
client := dockerCli.Client()
ctx := context.Background()
headers := map[string][]string{}
service, _, err := client.ServiceInspectWithRaw(ctx, serviceID)
@ -67,6 +68,19 @@ func runServiceScale(dockerCli *client.DockerCli, serviceID string, scale string
return err
}
// TODO(nishanttotla): Is this the best way to get the image?
image := service.Spec.TaskTemplate.ContainerSpec.Image
if image != "" {
// Retrieve encoded auth token from the image reference
encodedAuth, err := dockerCli.RetrieveAuthTokenFromImage(ctx, image)
if err != nil {
return err
}
headers = map[string][]string{
"x-registry-auth": {encodedAuth},
}
}
serviceMode := &service.Spec.Mode
if serviceMode.Replicated == nil {
return fmt.Errorf("scale can only be used with replicated mode")
@ -77,7 +91,7 @@ func runServiceScale(dockerCli *client.DockerCli, serviceID string, scale string
}
serviceMode.Replicated.Replicas = &uintScale
err = client.ServiceUpdate(ctx, service.ID, service.Version, service.Spec)
err = client.ServiceUpdate(ctx, service.ID, service.Version, service.Spec, headers)
if err != nil {
return err
}

View file

@ -37,10 +37,28 @@ func newUpdateCommand(dockerCli *client.DockerCli) *cobra.Command {
}
func runUpdate(dockerCli *client.DockerCli, flags *pflag.FlagSet, serviceID string) error {
client := dockerCli.Client()
apiClient := dockerCli.Client()
ctx := context.Background()
headers := map[string][]string{}
service, _, err := client.ServiceInspectWithRaw(ctx, serviceID)
// TODO(nishanttotla): Is this the best way to get the new image?
image, err := flags.GetString("image")
if err != nil {
return err
}
if image != "" {
// Retrieve encoded auth token from the image reference
// only do this if a new image has been provided as part of the udpate
encodedAuth, err := dockerCli.RetrieveAuthTokenFromImage(ctx, image)
if err != nil {
return err
}
headers = map[string][]string{
"x-registry-auth": {encodedAuth},
}
}
service, _, err := apiClient.ServiceInspectWithRaw(ctx, serviceID)
if err != nil {
return err
}
@ -49,7 +67,8 @@ func runUpdate(dockerCli *client.DockerCli, flags *pflag.FlagSet, serviceID stri
if err != nil {
return err
}
err = client.ServiceUpdate(ctx, service.ID, service.Version, service.Spec)
err = apiClient.ServiceUpdate(ctx, service.ID, service.Version, service.Spec, headers)
if err != nil {
return err
}

View file

@ -14,8 +14,8 @@ type Backend interface {
Update(uint64, types.Spec) error
GetServices(basictypes.ServiceListOptions) ([]types.Service, error)
GetService(string) (types.Service, error)
CreateService(types.ServiceSpec) (string, error)
UpdateService(string, uint64, types.ServiceSpec) error
CreateService(types.ServiceSpec, string) (string, error)
UpdateService(string, uint64, types.ServiceSpec, string) error
RemoveService(string) error
GetNodes(basictypes.NodeListOptions) ([]types.Node, error)
GetNode(string) (types.Node, error)

View file

@ -107,7 +107,12 @@ func (sr *swarmRouter) createService(ctx context.Context, w http.ResponseWriter,
return err
}
id, err := sr.backend.CreateService(service)
encodedAuth := ""
if auth, ok := r.Header["x-registry-auth"]; ok {
encodedAuth = auth[0]
}
id, err := sr.backend.CreateService(service, encodedAuth)
if err != nil {
logrus.Errorf("Error creating service %s: %v", id, err)
return err
@ -130,7 +135,12 @@ func (sr *swarmRouter) updateService(ctx context.Context, w http.ResponseWriter,
return fmt.Errorf("Invalid service version '%s': %s", rawVersion, err.Error())
}
if err := sr.backend.UpdateService(vars["id"], version, service); err != nil {
encodedAuth := ""
if auth, ok := r.Header["x-registry-auth"]; ok {
encodedAuth = auth[0]
}
if err := sr.backend.UpdateService(vars["id"], version, service, encodedAuth); err != nil {
logrus.Errorf("Error updating service %s: %v", vars["id"], err)
return err
}

View file

@ -663,7 +663,7 @@ func (c *Cluster) GetServices(options apitypes.ServiceListOptions) ([]types.Serv
}
// CreateService creates a new service in a managed swarm cluster.
func (c *Cluster) CreateService(s types.ServiceSpec) (string, error) {
func (c *Cluster) CreateService(s types.ServiceSpec, encodedAuth string) (string, error) {
c.RLock()
defer c.RUnlock()
@ -682,6 +682,11 @@ func (c *Cluster) CreateService(s types.ServiceSpec) (string, error) {
if err != nil {
return "", err
}
if encodedAuth != "" {
serviceSpec.Task.Runtime.(*swarmapi.TaskSpec_Container).Container.PullOptions = &swarmapi.ContainerSpec_PullOptions{RegistryAuth: encodedAuth}
}
r, err := c.client.CreateService(ctx, &swarmapi.CreateServiceRequest{Spec: &serviceSpec})
if err != nil {
return "", err
@ -707,7 +712,7 @@ func (c *Cluster) GetService(input string) (types.Service, error) {
}
// UpdateService updates existing service to match new properties.
func (c *Cluster) UpdateService(serviceID string, version uint64, spec types.ServiceSpec) error {
func (c *Cluster) UpdateService(serviceID string, version uint64, spec types.ServiceSpec, encodedAuth string) error {
c.RLock()
defer c.RUnlock()
@ -720,6 +725,10 @@ func (c *Cluster) UpdateService(serviceID string, version uint64, spec types.Ser
return err
}
if encodedAuth != "" {
serviceSpec.Task.Runtime.(*swarmapi.TaskSpec_Container).Container.PullOptions = &swarmapi.ContainerSpec_PullOptions{RegistryAuth: encodedAuth}
}
_, err = c.client.UpdateService(
c.getRequestContext(),
&swarmapi.UpdateServiceRequest{