mirror of https://github.com/k3s-io/k3s
Credential provider Provide takes image (general)
tiffany jernigan
parent
3211bdad3d
commit
5224b94282
|
|
@ -261,11 +261,9 @@ func (dk *BasicDockerKeyring) Lookup(image string) ([]LazyAuthConfiguration, boo
|
|||
for _, k := range dk.index {
|
||||
// both k and image are schemeless URLs because even though schemes are allowed
|
||||
// in the credential configurations, we remove them in Add.
|
||||
if matched, _ := urlsMatchStr(k, image); !matched {
|
||||
continue
|
||||
if matched, _ := urlsMatchStr(k, image); matched {
|
||||
ret = append(ret, dk.creds[k]...)
|
||||
}
|
||||
|
||||
ret = append(ret, dk.creds[k]...)
|
||||
}
|
||||
|
||||
if len(ret) > 0 {
|
||||
|
|
@ -288,7 +286,7 @@ func (dk *lazyDockerKeyring) Lookup(image string) ([]LazyAuthConfiguration, bool
|
|||
keyring := &BasicDockerKeyring{}
|
||||
|
||||
for _, p := range dk.Providers {
|
||||
keyring.Add(p.Provide())
|
||||
keyring.Add(p.Provide(image))
|
||||
}
|
||||
|
||||
return keyring.Lookup(image)
|
||||
|
|
|
|||
|
|
@ -464,12 +464,12 @@ func (d *testProvider) Enabled() bool {
|
|||
}
|
||||
|
||||
// LazyProvide implements dockerConfigProvider. Should never be called.
|
||||
func (d *testProvider) LazyProvide() *DockerConfigEntry {
|
||||
func (d *testProvider) LazyProvide(image string) *DockerConfigEntry {
|
||||
return nil
|
||||
}
|
||||
|
||||
// Provide implements dockerConfigProvider
|
||||
func (d *testProvider) Provide() DockerConfig {
|
||||
func (d *testProvider) Provide(image string) DockerConfig {
|
||||
d.Count += 1
|
||||
return DockerConfig{}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -33,15 +33,23 @@ type DockerConfigProvider interface {
|
|||
Enabled() bool
|
||||
// Provide returns docker configuration.
|
||||
// Implementations can be blocking - e.g. metadata server unavailable.
|
||||
Provide() DockerConfig
|
||||
// LazyProvide() gets called after URL matches have been performed, so the
|
||||
// location used as the key in DockerConfig would be redundant.
|
||||
LazyProvide() *DockerConfigEntry
|
||||
// The image is passed in as context in the event that the
|
||||
// implementation depends on information in the image name to return
|
||||
// credentials; implementations are safe to ignore the image.
|
||||
Provide(image string) DockerConfig
|
||||
// LazyProvide gets called after URL matches have been
|
||||
// performed, so the location used as the key in DockerConfig would be
|
||||
// redundant.
|
||||
// The image is passed in as context in the event that the
|
||||
// implementation depends on information in the image name to return
|
||||
// credentials; implementations are safe to ignore the image.
|
||||
LazyProvide(image string) *DockerConfigEntry
|
||||
}
|
||||
|
||||
func LazyProvide(creds LazyAuthConfiguration) AuthConfig {
|
||||
//LazyProvide returns an Lazy AuthConfig
|
||||
func LazyProvide(creds LazyAuthConfiguration, image string) AuthConfig {
|
||||
if creds.Provider != nil {
|
||||
entry := *creds.Provider.LazyProvide()
|
||||
entry := *creds.Provider.LazyProvide(image)
|
||||
return DockerConfigEntryToLazyAuthConfiguration(entry).AuthConfig
|
||||
}
|
||||
return creds.AuthConfig
|
||||
|
|
@ -77,8 +85,8 @@ func (d *defaultDockerConfigProvider) Enabled() bool {
|
|||
return true
|
||||
}
|
||||
|
||||
// Provide implements dockerConfigProvider
|
||||
func (d *defaultDockerConfigProvider) Provide() DockerConfig {
|
||||
// LazyProvide implements dockerConfigProvider
|
||||
func (d *defaultDockerConfigProvider) Provide(image string) DockerConfig {
|
||||
// Read the standard Docker credentials from .dockercfg
|
||||
if cfg, err := ReadDockerConfigFile(); err == nil {
|
||||
return cfg
|
||||
|
|
@ -89,7 +97,7 @@ func (d *defaultDockerConfigProvider) Provide() DockerConfig {
|
|||
}
|
||||
|
||||
// LazyProvide implements dockerConfigProvider. Should never be called.
|
||||
func (d *defaultDockerConfigProvider) LazyProvide() *DockerConfigEntry {
|
||||
func (d *defaultDockerConfigProvider) LazyProvide(image string) *DockerConfigEntry {
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
@ -99,12 +107,12 @@ func (d *CachingDockerConfigProvider) Enabled() bool {
|
|||
}
|
||||
|
||||
// LazyProvide implements dockerConfigProvider. Should never be called.
|
||||
func (d *CachingDockerConfigProvider) LazyProvide() *DockerConfigEntry {
|
||||
func (d *CachingDockerConfigProvider) LazyProvide(image string) *DockerConfigEntry {
|
||||
return nil
|
||||
}
|
||||
|
||||
// Provide implements dockerConfigProvider
|
||||
func (d *CachingDockerConfigProvider) Provide() DockerConfig {
|
||||
func (d *CachingDockerConfigProvider) Provide(image string) DockerConfig {
|
||||
d.mu.Lock()
|
||||
defer d.mu.Unlock()
|
||||
|
||||
|
|
@ -114,7 +122,7 @@ func (d *CachingDockerConfigProvider) Provide() DockerConfig {
|
|||
}
|
||||
|
||||
klog.V(2).Infof("Refreshing cache for provider: %v", reflect.TypeOf(d.Provider).String())
|
||||
d.cacheDockerConfig = d.Provider.Provide()
|
||||
d.cacheDockerConfig = d.Provider.Provide(image)
|
||||
d.expiration = time.Now().Add(d.Lifetime)
|
||||
return d.cacheDockerConfig
|
||||
}
|
||||
|
|
|
|||
|
|
@ -31,31 +31,33 @@ func TestCachingProvider(t *testing.T) {
|
|||
Lifetime: 1 * time.Second,
|
||||
}
|
||||
|
||||
image := "image"
|
||||
|
||||
if provider.Count != 0 {
|
||||
t.Errorf("Unexpected number of Provide calls: %v", provider.Count)
|
||||
}
|
||||
cache.Provide()
|
||||
cache.Provide()
|
||||
cache.Provide()
|
||||
cache.Provide()
|
||||
cache.Provide(image)
|
||||
cache.Provide(image)
|
||||
cache.Provide(image)
|
||||
cache.Provide(image)
|
||||
if provider.Count != 1 {
|
||||
t.Errorf("Unexpected number of Provide calls: %v", provider.Count)
|
||||
}
|
||||
|
||||
time.Sleep(cache.Lifetime)
|
||||
cache.Provide()
|
||||
cache.Provide()
|
||||
cache.Provide()
|
||||
cache.Provide()
|
||||
cache.Provide(image)
|
||||
cache.Provide(image)
|
||||
cache.Provide(image)
|
||||
cache.Provide(image)
|
||||
if provider.Count != 2 {
|
||||
t.Errorf("Unexpected number of Provide calls: %v", provider.Count)
|
||||
}
|
||||
|
||||
time.Sleep(cache.Lifetime)
|
||||
cache.Provide()
|
||||
cache.Provide()
|
||||
cache.Provide()
|
||||
cache.Provide()
|
||||
cache.Provide(image)
|
||||
cache.Provide(image)
|
||||
cache.Provide(image)
|
||||
cache.Provide(image)
|
||||
if provider.Count != 3 {
|
||||
t.Errorf("Unexpected number of Provide calls: %v", provider.Count)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -344,7 +344,7 @@ func ensureSandboxImageExists(client libdocker.Interface, image string) error {
|
|||
|
||||
var pullErrs []error
|
||||
for _, currentCreds := range creds {
|
||||
authConfig := dockertypes.AuthConfig(credentialprovider.LazyProvide(currentCreds))
|
||||
authConfig := dockertypes.AuthConfig(credentialprovider.LazyProvide(currentCreds, repoToPull))
|
||||
err := client.PullImage(image, authConfig, dockertypes.ImagePullOptions{})
|
||||
// If there was no error, return success
|
||||
if err == nil {
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@ func (m *kubeGenericRuntimeManager) PullImage(image kubecontainer.ImageSpec, pul
|
|||
|
||||
var pullErrs []error
|
||||
for _, currentCreds := range creds {
|
||||
authConfig := credentialprovider.LazyProvide(currentCreds)
|
||||
authConfig := credentialprovider.LazyProvide(currentCreds, repoToPull)
|
||||
auth := &runtimeapi.AuthConfig{
|
||||
Username: authConfig.Username,
|
||||
Password: authConfig.Password,
|
||||
|
|
|
|||
Loading…
Reference in New Issue