Add a more detailed error message for potential auth fails in docker pull.

2015-02-10 07:23:32 -08:00 · 2015-02-10 07:23:32 -08:00 · 0532c46217
parent e27d534b87
commit 0532c46217
3 changed files with 45 additions and 1 deletions
--- a/pkg/credentialprovider/keyring.go
+++ b/pkg/credentialprovider/keyring.go
@ -143,3 +143,12 @@ func (dk *lazyDockerKeyring) Lookup(image string) (docker.AuthConfiguration, boo

 	return keyring.Lookup(image)
 }
+
+type FakeKeyring struct {
+	auth docker.AuthConfiguration
+	ok   bool
+}
+
+func (f *FakeKeyring) Lookup(image string) (docker.AuthConfiguration, bool) {
+	return f.auth, f.ok
+}
--- a/pkg/kubelet/dockertools/docker.go
+++ b/pkg/kubelet/dockertools/docker.go
@ -222,7 +222,21 @@ func (p dockerPuller) Pull(image string) error {
 		glog.V(1).Infof("Pulling image %s without credentials", image)
 	}

-	return p.client.PullImage(opts, creds)
+	err := p.client.PullImage(opts, creds)
+	// If there was no error, or we had credentials, just return the error.
+	if err == nil || ok {
+		return err
+	}
+	// Image spec: [<registry>/]<repository>/<image>[:<version] so we count '/'
+	explicitRegistry := (strings.Count(image, "/") == 2)
+	glog.Errorf("Foo: %s", explicitRegistry)
+	// Hack, look for a private registry, and decorate the error with the lack of
+	// credentials.  This is heuristic, and really probably could be done better
+	// by talking to the registry API directly from the kubelet here.
+	if explicitRegistry {
+		return fmt.Errorf("image pull failed for %s, this may be because there are no credentials on this request.  details: (%v)", image, err)
+	}
+	return err
 }

 func (p throttledDockerPuller) Pull(image string) error {
--- a/pkg/kubelet/dockertools/docker_test.go
+++ b/pkg/kubelet/dockertools/docker_test.go
@ -196,6 +196,27 @@ func TestParseImageName(t *testing.T) {
 	}
 }

+func TestDockerKeyringLookupFails(t *testing.T) {
+	fakeKeyring := &credentialprovider.FakeKeyring{}
+	fakeClient := &FakeDockerClient{
+		Err: fmt.Errorf("test error"),
+	}
+
+	dp := dockerPuller{
+		client:  fakeClient,
+		keyring: fakeKeyring,
+	}
+
+	err := dp.Pull("host/repository/image:version")
+	if err == nil {
+		t.Errorf("unexpected non-error")
+	}
+	msg := "image pull failed for host/repository/image, this may be because there are no credentials on this request.  details: (test error)"
+	if err.Error() != msg {
+		t.Errorf("expected: %s, saw: %s", msg, err.Error())
+	}
+}
+
 func TestDockerKeyringLookup(t *testing.T) {
 	empty := docker.AuthConfiguration{}