c8d/resolver: Use hosts from daemon configuration
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com> Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
This commit is contained in:
Nicolas De Loof
Djordje Lukic
parent
3a3f98b32b
commit
c83fce86d4
4 changed files with 56 additions and 29 deletions
|
|
@ -44,7 +44,7 @@ func (i *ImageService) PullImage(ctx context.Context, image, tagOrDigest string,
|
|||
}
|
||||
}
|
||||
|
||||
resolver, _ := newResolverFromAuthConfig(authConfig)
|
||||
resolver, _ := i.newResolverFromAuthConfig(authConfig)
|
||||
opts = append(opts, containerd.WithResolver(resolver))
|
||||
|
||||
jobs := newJobs()
|
||||
|
|
|
|||
|
|
@ -8,32 +8,52 @@ import (
|
|||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
func newResolverFromAuthConfig(authConfig *registrytypes.AuthConfig) (remotes.Resolver, docker.StatusTracker) {
|
||||
opts := []docker.RegistryOpt{}
|
||||
|
||||
if authConfig != nil {
|
||||
cfgHost := registry.ConvertToHostname(authConfig.ServerAddress)
|
||||
if cfgHost == registry.IndexHostname {
|
||||
cfgHost = registry.DefaultRegistryHost
|
||||
}
|
||||
authorizer := docker.NewDockerAuthorizer(docker.WithAuthCreds(func(host string) (string, string, error) {
|
||||
if cfgHost != host {
|
||||
logrus.WithField("host", host).WithField("cfgHost", cfgHost).Warn("Host doesn't match")
|
||||
return "", "", nil
|
||||
}
|
||||
if authConfig.IdentityToken != "" {
|
||||
return "", authConfig.IdentityToken, nil
|
||||
}
|
||||
return authConfig.Username, authConfig.Password, nil
|
||||
}))
|
||||
|
||||
opts = append(opts, docker.WithAuthorizer(authorizer))
|
||||
}
|
||||
func (i *ImageService) newResolverFromAuthConfig(authConfig *registrytypes.AuthConfig) (remotes.Resolver, docker.StatusTracker) {
|
||||
hostsFn := i.registryHosts.RegistryHosts()
|
||||
hosts := hostsAuthorizerWrapper(hostsFn, authConfig)
|
||||
|
||||
tracker := docker.NewInMemoryTracker()
|
||||
|
||||
return docker.NewResolver(docker.ResolverOptions{
|
||||
Hosts: docker.ConfigureDefaultRegistries(opts...),
|
||||
Hosts: hosts,
|
||||
Tracker: tracker,
|
||||
}), tracker
|
||||
}
|
||||
|
||||
func hostsAuthorizerWrapper(hostsFn docker.RegistryHosts, authConfig *registrytypes.AuthConfig) docker.RegistryHosts {
|
||||
return docker.RegistryHosts(func(n string) ([]docker.RegistryHost, error) {
|
||||
hosts, err := hostsFn(n)
|
||||
if err == nil {
|
||||
for idx, host := range hosts {
|
||||
if host.Authorizer == nil {
|
||||
var opts []docker.AuthorizerOpt
|
||||
if authConfig != nil {
|
||||
opts = append(opts, authorizationCredsFromAuthConfig(*authConfig))
|
||||
}
|
||||
host.Authorizer = docker.NewDockerAuthorizer(opts...)
|
||||
hosts[idx] = host
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return hosts, err
|
||||
})
|
||||
}
|
||||
|
||||
func authorizationCredsFromAuthConfig(authConfig registrytypes.AuthConfig) docker.AuthorizerOpt {
|
||||
cfgHost := registry.ConvertToHostname(authConfig.ServerAddress)
|
||||
if cfgHost == registry.IndexHostname {
|
||||
cfgHost = registry.DefaultRegistryHost
|
||||
}
|
||||
|
||||
return docker.WithAuthCreds(func(host string) (string, string, error) {
|
||||
if cfgHost != host {
|
||||
logrus.WithField("host", host).WithField("cfgHost", cfgHost).Warn("Host doesn't match")
|
||||
return "", "", nil
|
||||
}
|
||||
if authConfig.IdentityToken != "" {
|
||||
return "", authConfig.IdentityToken, nil
|
||||
}
|
||||
return authConfig.Username, authConfig.Password, nil
|
||||
})
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ import (
|
|||
|
||||
"github.com/containerd/containerd"
|
||||
"github.com/containerd/containerd/plugin"
|
||||
"github.com/containerd/containerd/remotes/docker"
|
||||
"github.com/containerd/containerd/snapshots"
|
||||
"github.com/docker/docker/container"
|
||||
"github.com/docker/docker/daemon/images"
|
||||
|
|
@ -16,15 +17,21 @@ import (
|
|||
|
||||
// ImageService implements daemon.ImageService
|
||||
type ImageService struct {
|
||||
client *containerd.Client
|
||||
snapshotter string
|
||||
client *containerd.Client
|
||||
snapshotter string
|
||||
registryHosts RegistryHostsProvider
|
||||
}
|
||||
|
||||
type RegistryHostsProvider interface {
|
||||
RegistryHosts() docker.RegistryHosts
|
||||
}
|
||||
|
||||
// NewService creates a new ImageService.
|
||||
func NewService(c *containerd.Client, snapshotter string) *ImageService {
|
||||
func NewService(c *containerd.Client, snapshotter string, hostsProvider RegistryHostsProvider) *ImageService {
|
||||
return &ImageService{
|
||||
client: c,
|
||||
snapshotter: snapshotter,
|
||||
client: c,
|
||||
snapshotter: snapshotter,
|
||||
registryHosts: hostsProvider,
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -994,7 +994,7 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
|
|||
if err := configureKernelSecuritySupport(config, driverName); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
d.imageService = ctrd.NewService(d.containerdCli, driverName)
|
||||
d.imageService = ctrd.NewService(d.containerdCli, driverName, d)
|
||||
} else {
|
||||
layerStore, err := layer.NewStoreFromOptions(layer.StoreOptions{
|
||||
Root: config.Root,
|
||||
|
|
|
|||
Loading…
Reference in a new issue