Credential provider Provide takes image (general)

k3s-v1.14.6
tiffany jernigan 2019-03-22 07:49:17 +00:00
parent 3211bdad3d
commit 5224b94282
6 changed files with 41 additions and 33 deletions

View File

@ -261,11 +261,9 @@ func (dk *BasicDockerKeyring) Lookup(image string) ([]LazyAuthConfiguration, boo
for _, k := range dk.index { for _, k := range dk.index {
// both k and image are schemeless URLs because even though schemes are allowed // both k and image are schemeless URLs because even though schemes are allowed
// in the credential configurations, we remove them in Add. // in the credential configurations, we remove them in Add.
if matched, _ := urlsMatchStr(k, image); !matched { if matched, _ := urlsMatchStr(k, image); matched {
continue ret = append(ret, dk.creds[k]...)
} }
ret = append(ret, dk.creds[k]...)
} }
if len(ret) > 0 { if len(ret) > 0 {
@ -288,7 +286,7 @@ func (dk *lazyDockerKeyring) Lookup(image string) ([]LazyAuthConfiguration, bool
keyring := &BasicDockerKeyring{} keyring := &BasicDockerKeyring{}
for _, p := range dk.Providers { for _, p := range dk.Providers {
keyring.Add(p.Provide()) keyring.Add(p.Provide(image))
} }
return keyring.Lookup(image) return keyring.Lookup(image)

View File

@ -464,12 +464,12 @@ func (d *testProvider) Enabled() bool {
} }
// LazyProvide implements dockerConfigProvider. Should never be called. // LazyProvide implements dockerConfigProvider. Should never be called.
func (d *testProvider) LazyProvide() *DockerConfigEntry { func (d *testProvider) LazyProvide(image string) *DockerConfigEntry {
return nil return nil
} }
// Provide implements dockerConfigProvider // Provide implements dockerConfigProvider
func (d *testProvider) Provide() DockerConfig { func (d *testProvider) Provide(image string) DockerConfig {
d.Count += 1 d.Count += 1
return DockerConfig{} return DockerConfig{}
} }

View File

@ -33,15 +33,23 @@ type DockerConfigProvider interface {
Enabled() bool Enabled() bool
// Provide returns docker configuration. // Provide returns docker configuration.
// Implementations can be blocking - e.g. metadata server unavailable. // Implementations can be blocking - e.g. metadata server unavailable.
Provide() DockerConfig // The image is passed in as context in the event that the
// LazyProvide() gets called after URL matches have been performed, so the // implementation depends on information in the image name to return
// location used as the key in DockerConfig would be redundant. // credentials; implementations are safe to ignore the image.
LazyProvide() *DockerConfigEntry Provide(image string) DockerConfig
// LazyProvide gets called after URL matches have been
// performed, so the location used as the key in DockerConfig would be
// redundant.
// The image is passed in as context in the event that the
// implementation depends on information in the image name to return
// credentials; implementations are safe to ignore the image.
LazyProvide(image string) *DockerConfigEntry
} }
func LazyProvide(creds LazyAuthConfiguration) AuthConfig { //LazyProvide returns an Lazy AuthConfig
func LazyProvide(creds LazyAuthConfiguration, image string) AuthConfig {
if creds.Provider != nil { if creds.Provider != nil {
entry := *creds.Provider.LazyProvide() entry := *creds.Provider.LazyProvide(image)
return DockerConfigEntryToLazyAuthConfiguration(entry).AuthConfig return DockerConfigEntryToLazyAuthConfiguration(entry).AuthConfig
} }
return creds.AuthConfig return creds.AuthConfig
@ -77,8 +85,8 @@ func (d *defaultDockerConfigProvider) Enabled() bool {
return true return true
} }
// Provide implements dockerConfigProvider // LazyProvide implements dockerConfigProvider
func (d *defaultDockerConfigProvider) Provide() DockerConfig { func (d *defaultDockerConfigProvider) Provide(image string) DockerConfig {
// Read the standard Docker credentials from .dockercfg // Read the standard Docker credentials from .dockercfg
if cfg, err := ReadDockerConfigFile(); err == nil { if cfg, err := ReadDockerConfigFile(); err == nil {
return cfg return cfg
@ -89,7 +97,7 @@ func (d *defaultDockerConfigProvider) Provide() DockerConfig {
} }
// LazyProvide implements dockerConfigProvider. Should never be called. // LazyProvide implements dockerConfigProvider. Should never be called.
func (d *defaultDockerConfigProvider) LazyProvide() *DockerConfigEntry { func (d *defaultDockerConfigProvider) LazyProvide(image string) *DockerConfigEntry {
return nil return nil
} }
@ -99,12 +107,12 @@ func (d *CachingDockerConfigProvider) Enabled() bool {
} }
// LazyProvide implements dockerConfigProvider. Should never be called. // LazyProvide implements dockerConfigProvider. Should never be called.
func (d *CachingDockerConfigProvider) LazyProvide() *DockerConfigEntry { func (d *CachingDockerConfigProvider) LazyProvide(image string) *DockerConfigEntry {
return nil return nil
} }
// Provide implements dockerConfigProvider // Provide implements dockerConfigProvider
func (d *CachingDockerConfigProvider) Provide() DockerConfig { func (d *CachingDockerConfigProvider) Provide(image string) DockerConfig {
d.mu.Lock() d.mu.Lock()
defer d.mu.Unlock() defer d.mu.Unlock()
@ -114,7 +122,7 @@ func (d *CachingDockerConfigProvider) Provide() DockerConfig {
} }
klog.V(2).Infof("Refreshing cache for provider: %v", reflect.TypeOf(d.Provider).String()) klog.V(2).Infof("Refreshing cache for provider: %v", reflect.TypeOf(d.Provider).String())
d.cacheDockerConfig = d.Provider.Provide() d.cacheDockerConfig = d.Provider.Provide(image)
d.expiration = time.Now().Add(d.Lifetime) d.expiration = time.Now().Add(d.Lifetime)
return d.cacheDockerConfig return d.cacheDockerConfig
} }

View File

@ -31,31 +31,33 @@ func TestCachingProvider(t *testing.T) {
Lifetime: 1 * time.Second, Lifetime: 1 * time.Second,
} }
image := "image"
if provider.Count != 0 { if provider.Count != 0 {
t.Errorf("Unexpected number of Provide calls: %v", provider.Count) t.Errorf("Unexpected number of Provide calls: %v", provider.Count)
} }
cache.Provide() cache.Provide(image)
cache.Provide() cache.Provide(image)
cache.Provide() cache.Provide(image)
cache.Provide() cache.Provide(image)
if provider.Count != 1 { if provider.Count != 1 {
t.Errorf("Unexpected number of Provide calls: %v", provider.Count) t.Errorf("Unexpected number of Provide calls: %v", provider.Count)
} }
time.Sleep(cache.Lifetime) time.Sleep(cache.Lifetime)
cache.Provide() cache.Provide(image)
cache.Provide() cache.Provide(image)
cache.Provide() cache.Provide(image)
cache.Provide() cache.Provide(image)
if provider.Count != 2 { if provider.Count != 2 {
t.Errorf("Unexpected number of Provide calls: %v", provider.Count) t.Errorf("Unexpected number of Provide calls: %v", provider.Count)
} }
time.Sleep(cache.Lifetime) time.Sleep(cache.Lifetime)
cache.Provide() cache.Provide(image)
cache.Provide() cache.Provide(image)
cache.Provide() cache.Provide(image)
cache.Provide() cache.Provide(image)
if provider.Count != 3 { if provider.Count != 3 {
t.Errorf("Unexpected number of Provide calls: %v", provider.Count) t.Errorf("Unexpected number of Provide calls: %v", provider.Count)
} }

View File

@ -344,7 +344,7 @@ func ensureSandboxImageExists(client libdocker.Interface, image string) error {
var pullErrs []error var pullErrs []error
for _, currentCreds := range creds { for _, currentCreds := range creds {
authConfig := dockertypes.AuthConfig(credentialprovider.LazyProvide(currentCreds)) authConfig := dockertypes.AuthConfig(credentialprovider.LazyProvide(currentCreds, repoToPull))
err := client.PullImage(image, authConfig, dockertypes.ImagePullOptions{}) err := client.PullImage(image, authConfig, dockertypes.ImagePullOptions{})
// If there was no error, return success // If there was no error, return success
if err == nil { if err == nil {

View File

@ -57,7 +57,7 @@ func (m *kubeGenericRuntimeManager) PullImage(image kubecontainer.ImageSpec, pul
var pullErrs []error var pullErrs []error
for _, currentCreds := range creds { for _, currentCreds := range creds {
authConfig := credentialprovider.LazyProvide(currentCreds) authConfig := credentialprovider.LazyProvide(currentCreds, repoToPull)
auth := &runtimeapi.AuthConfig{ auth := &runtimeapi.AuthConfig{
Username: authConfig.Username, Username: authConfig.Username,
Password: authConfig.Password, Password: authConfig.Password,