mirror of https://github.com/k3s-io/k3s
Credential provider Provide takes image (general)
parent
3211bdad3d
commit
5224b94282
|
@ -261,12 +261,10 @@ func (dk *BasicDockerKeyring) Lookup(image string) ([]LazyAuthConfiguration, boo
|
||||||
for _, k := range dk.index {
|
for _, k := range dk.index {
|
||||||
// both k and image are schemeless URLs because even though schemes are allowed
|
// both k and image are schemeless URLs because even though schemes are allowed
|
||||||
// in the credential configurations, we remove them in Add.
|
// in the credential configurations, we remove them in Add.
|
||||||
if matched, _ := urlsMatchStr(k, image); !matched {
|
if matched, _ := urlsMatchStr(k, image); matched {
|
||||||
continue
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = append(ret, dk.creds[k]...)
|
ret = append(ret, dk.creds[k]...)
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if len(ret) > 0 {
|
if len(ret) > 0 {
|
||||||
return ret, true
|
return ret, true
|
||||||
|
@ -288,7 +286,7 @@ func (dk *lazyDockerKeyring) Lookup(image string) ([]LazyAuthConfiguration, bool
|
||||||
keyring := &BasicDockerKeyring{}
|
keyring := &BasicDockerKeyring{}
|
||||||
|
|
||||||
for _, p := range dk.Providers {
|
for _, p := range dk.Providers {
|
||||||
keyring.Add(p.Provide())
|
keyring.Add(p.Provide(image))
|
||||||
}
|
}
|
||||||
|
|
||||||
return keyring.Lookup(image)
|
return keyring.Lookup(image)
|
||||||
|
|
|
@ -464,12 +464,12 @@ func (d *testProvider) Enabled() bool {
|
||||||
}
|
}
|
||||||
|
|
||||||
// LazyProvide implements dockerConfigProvider. Should never be called.
|
// LazyProvide implements dockerConfigProvider. Should never be called.
|
||||||
func (d *testProvider) LazyProvide() *DockerConfigEntry {
|
func (d *testProvider) LazyProvide(image string) *DockerConfigEntry {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Provide implements dockerConfigProvider
|
// Provide implements dockerConfigProvider
|
||||||
func (d *testProvider) Provide() DockerConfig {
|
func (d *testProvider) Provide(image string) DockerConfig {
|
||||||
d.Count += 1
|
d.Count += 1
|
||||||
return DockerConfig{}
|
return DockerConfig{}
|
||||||
}
|
}
|
||||||
|
|
|
@ -33,15 +33,23 @@ type DockerConfigProvider interface {
|
||||||
Enabled() bool
|
Enabled() bool
|
||||||
// Provide returns docker configuration.
|
// Provide returns docker configuration.
|
||||||
// Implementations can be blocking - e.g. metadata server unavailable.
|
// Implementations can be blocking - e.g. metadata server unavailable.
|
||||||
Provide() DockerConfig
|
// The image is passed in as context in the event that the
|
||||||
// LazyProvide() gets called after URL matches have been performed, so the
|
// implementation depends on information in the image name to return
|
||||||
// location used as the key in DockerConfig would be redundant.
|
// credentials; implementations are safe to ignore the image.
|
||||||
LazyProvide() *DockerConfigEntry
|
Provide(image string) DockerConfig
|
||||||
|
// LazyProvide gets called after URL matches have been
|
||||||
|
// performed, so the location used as the key in DockerConfig would be
|
||||||
|
// redundant.
|
||||||
|
// The image is passed in as context in the event that the
|
||||||
|
// implementation depends on information in the image name to return
|
||||||
|
// credentials; implementations are safe to ignore the image.
|
||||||
|
LazyProvide(image string) *DockerConfigEntry
|
||||||
}
|
}
|
||||||
|
|
||||||
func LazyProvide(creds LazyAuthConfiguration) AuthConfig {
|
//LazyProvide returns an Lazy AuthConfig
|
||||||
|
func LazyProvide(creds LazyAuthConfiguration, image string) AuthConfig {
|
||||||
if creds.Provider != nil {
|
if creds.Provider != nil {
|
||||||
entry := *creds.Provider.LazyProvide()
|
entry := *creds.Provider.LazyProvide(image)
|
||||||
return DockerConfigEntryToLazyAuthConfiguration(entry).AuthConfig
|
return DockerConfigEntryToLazyAuthConfiguration(entry).AuthConfig
|
||||||
}
|
}
|
||||||
return creds.AuthConfig
|
return creds.AuthConfig
|
||||||
|
@ -77,8 +85,8 @@ func (d *defaultDockerConfigProvider) Enabled() bool {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
// Provide implements dockerConfigProvider
|
// LazyProvide implements dockerConfigProvider
|
||||||
func (d *defaultDockerConfigProvider) Provide() DockerConfig {
|
func (d *defaultDockerConfigProvider) Provide(image string) DockerConfig {
|
||||||
// Read the standard Docker credentials from .dockercfg
|
// Read the standard Docker credentials from .dockercfg
|
||||||
if cfg, err := ReadDockerConfigFile(); err == nil {
|
if cfg, err := ReadDockerConfigFile(); err == nil {
|
||||||
return cfg
|
return cfg
|
||||||
|
@ -89,7 +97,7 @@ func (d *defaultDockerConfigProvider) Provide() DockerConfig {
|
||||||
}
|
}
|
||||||
|
|
||||||
// LazyProvide implements dockerConfigProvider. Should never be called.
|
// LazyProvide implements dockerConfigProvider. Should never be called.
|
||||||
func (d *defaultDockerConfigProvider) LazyProvide() *DockerConfigEntry {
|
func (d *defaultDockerConfigProvider) LazyProvide(image string) *DockerConfigEntry {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -99,12 +107,12 @@ func (d *CachingDockerConfigProvider) Enabled() bool {
|
||||||
}
|
}
|
||||||
|
|
||||||
// LazyProvide implements dockerConfigProvider. Should never be called.
|
// LazyProvide implements dockerConfigProvider. Should never be called.
|
||||||
func (d *CachingDockerConfigProvider) LazyProvide() *DockerConfigEntry {
|
func (d *CachingDockerConfigProvider) LazyProvide(image string) *DockerConfigEntry {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Provide implements dockerConfigProvider
|
// Provide implements dockerConfigProvider
|
||||||
func (d *CachingDockerConfigProvider) Provide() DockerConfig {
|
func (d *CachingDockerConfigProvider) Provide(image string) DockerConfig {
|
||||||
d.mu.Lock()
|
d.mu.Lock()
|
||||||
defer d.mu.Unlock()
|
defer d.mu.Unlock()
|
||||||
|
|
||||||
|
@ -114,7 +122,7 @@ func (d *CachingDockerConfigProvider) Provide() DockerConfig {
|
||||||
}
|
}
|
||||||
|
|
||||||
klog.V(2).Infof("Refreshing cache for provider: %v", reflect.TypeOf(d.Provider).String())
|
klog.V(2).Infof("Refreshing cache for provider: %v", reflect.TypeOf(d.Provider).String())
|
||||||
d.cacheDockerConfig = d.Provider.Provide()
|
d.cacheDockerConfig = d.Provider.Provide(image)
|
||||||
d.expiration = time.Now().Add(d.Lifetime)
|
d.expiration = time.Now().Add(d.Lifetime)
|
||||||
return d.cacheDockerConfig
|
return d.cacheDockerConfig
|
||||||
}
|
}
|
||||||
|
|
|
@ -31,31 +31,33 @@ func TestCachingProvider(t *testing.T) {
|
||||||
Lifetime: 1 * time.Second,
|
Lifetime: 1 * time.Second,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
image := "image"
|
||||||
|
|
||||||
if provider.Count != 0 {
|
if provider.Count != 0 {
|
||||||
t.Errorf("Unexpected number of Provide calls: %v", provider.Count)
|
t.Errorf("Unexpected number of Provide calls: %v", provider.Count)
|
||||||
}
|
}
|
||||||
cache.Provide()
|
cache.Provide(image)
|
||||||
cache.Provide()
|
cache.Provide(image)
|
||||||
cache.Provide()
|
cache.Provide(image)
|
||||||
cache.Provide()
|
cache.Provide(image)
|
||||||
if provider.Count != 1 {
|
if provider.Count != 1 {
|
||||||
t.Errorf("Unexpected number of Provide calls: %v", provider.Count)
|
t.Errorf("Unexpected number of Provide calls: %v", provider.Count)
|
||||||
}
|
}
|
||||||
|
|
||||||
time.Sleep(cache.Lifetime)
|
time.Sleep(cache.Lifetime)
|
||||||
cache.Provide()
|
cache.Provide(image)
|
||||||
cache.Provide()
|
cache.Provide(image)
|
||||||
cache.Provide()
|
cache.Provide(image)
|
||||||
cache.Provide()
|
cache.Provide(image)
|
||||||
if provider.Count != 2 {
|
if provider.Count != 2 {
|
||||||
t.Errorf("Unexpected number of Provide calls: %v", provider.Count)
|
t.Errorf("Unexpected number of Provide calls: %v", provider.Count)
|
||||||
}
|
}
|
||||||
|
|
||||||
time.Sleep(cache.Lifetime)
|
time.Sleep(cache.Lifetime)
|
||||||
cache.Provide()
|
cache.Provide(image)
|
||||||
cache.Provide()
|
cache.Provide(image)
|
||||||
cache.Provide()
|
cache.Provide(image)
|
||||||
cache.Provide()
|
cache.Provide(image)
|
||||||
if provider.Count != 3 {
|
if provider.Count != 3 {
|
||||||
t.Errorf("Unexpected number of Provide calls: %v", provider.Count)
|
t.Errorf("Unexpected number of Provide calls: %v", provider.Count)
|
||||||
}
|
}
|
||||||
|
|
|
@ -344,7 +344,7 @@ func ensureSandboxImageExists(client libdocker.Interface, image string) error {
|
||||||
|
|
||||||
var pullErrs []error
|
var pullErrs []error
|
||||||
for _, currentCreds := range creds {
|
for _, currentCreds := range creds {
|
||||||
authConfig := dockertypes.AuthConfig(credentialprovider.LazyProvide(currentCreds))
|
authConfig := dockertypes.AuthConfig(credentialprovider.LazyProvide(currentCreds, repoToPull))
|
||||||
err := client.PullImage(image, authConfig, dockertypes.ImagePullOptions{})
|
err := client.PullImage(image, authConfig, dockertypes.ImagePullOptions{})
|
||||||
// If there was no error, return success
|
// If there was no error, return success
|
||||||
if err == nil {
|
if err == nil {
|
||||||
|
|
|
@ -57,7 +57,7 @@ func (m *kubeGenericRuntimeManager) PullImage(image kubecontainer.ImageSpec, pul
|
||||||
|
|
||||||
var pullErrs []error
|
var pullErrs []error
|
||||||
for _, currentCreds := range creds {
|
for _, currentCreds := range creds {
|
||||||
authConfig := credentialprovider.LazyProvide(currentCreds)
|
authConfig := credentialprovider.LazyProvide(currentCreds, repoToPull)
|
||||||
auth := &runtimeapi.AuthConfig{
|
auth := &runtimeapi.AuthConfig{
|
||||||
Username: authConfig.Username,
|
Username: authConfig.Username,
|
||||||
Password: authConfig.Password,
|
Password: authConfig.Password,
|
||||||
|
|
Loading…
Reference in New Issue