Browse code
Passing registry auth token for service create and update
Signed-off-by: Nishant Totla <nishanttotla@gmail.com>
(cherry picked from commit 93ec5cda55e78dbb683b59bde244a7984b323574)
Nishant Totla authored on 2016/06/16 03:50:49Showing 7 changed files
- api/client/registry.go
- api/client/service/create.go
- api/client/service/scale.go
- api/client/service/update.go
- api/server/router/swarm/backend.go
- api/server/router/swarm/cluster_routes.go
- daemon/cluster/cluster.go
| ... | ... |
@@ -13,6 +13,7 @@ import ( |
| 13 | 13 |
"golang.org/x/net/context" |
| 14 | 14 |
|
| 15 | 15 |
"github.com/docker/docker/pkg/term" |
| 16 |
+ "github.com/docker/docker/reference" |
|
| 16 | 17 |
"github.com/docker/docker/registry" |
| 17 | 18 |
"github.com/docker/engine-api/types" |
| 18 | 19 |
registrytypes "github.com/docker/engine-api/types/registry" |
| ... | ... |
@@ -148,6 +149,34 @@ func (cli *DockerCli) ConfigureAuth(flUser, flPassword, serverAddress string, is |
| 148 | 148 |
return authconfig, nil |
| 149 | 149 |
} |
| 150 | 150 |
|
| 151 |
+// ResolveAuthConfigFromImage retrieves that AuthConfig using the image string |
|
| 152 |
+func (cli *DockerCli) ResolveAuthConfigFromImage(ctx context.Context, image string) (types.AuthConfig, error) {
|
|
| 153 |
+ registryRef, err := reference.ParseNamed(image) |
|
| 154 |
+ if err != nil {
|
|
| 155 |
+ return types.AuthConfig{}, err
|
|
| 156 |
+ } |
|
| 157 |
+ repoInfo, err := registry.ParseRepositoryInfo(registryRef) |
|
| 158 |
+ if err != nil {
|
|
| 159 |
+ return types.AuthConfig{}, err
|
|
| 160 |
+ } |
|
| 161 |
+ authConfig := cli.ResolveAuthConfig(ctx, repoInfo.Index) |
|
| 162 |
+ return authConfig, nil |
|
| 163 |
+} |
|
| 164 |
+ |
|
| 165 |
+// RetrieveAuthTokenFromImage retrieves an encoded auth token given a complete image |
|
| 166 |
+func (cli *DockerCli) RetrieveAuthTokenFromImage(ctx context.Context, image string) (string, error) {
|
|
| 167 |
+ // Retrieve encoded auth token from the image reference |
|
| 168 |
+ authConfig, err := cli.ResolveAuthConfigFromImage(ctx, image) |
|
| 169 |
+ if err != nil {
|
|
| 170 |
+ return "", err |
|
| 171 |
+ } |
|
| 172 |
+ encodedAuth, err := EncodeAuthToBase64(authConfig) |
|
| 173 |
+ if err != nil {
|
|
| 174 |
+ return "", err |
|
| 175 |
+ } |
|
| 176 |
+ return encodedAuth, nil |
|
| 177 |
+} |
|
| 178 |
+ |
|
| 151 | 179 |
func readInput(in io.Reader, out io.Writer) string {
|
| 152 | 180 |
reader := bufio.NewReader(in) |
| 153 | 181 |
line, _, err := reader.ReadLine() |
| ... | ... |
@@ -32,14 +32,25 @@ func newCreateCommand(dockerCli *client.DockerCli) *cobra.Command {
|
| 32 | 32 |
} |
| 33 | 33 |
|
| 34 | 34 |
func runCreate(dockerCli *client.DockerCli, opts *serviceOptions) error {
|
| 35 |
- client := dockerCli.Client() |
|
| 35 |
+ apiClient := dockerCli.Client() |
|
| 36 | 36 |
|
| 37 | 37 |
service, err := opts.ToService() |
| 38 | 38 |
if err != nil {
|
| 39 | 39 |
return err |
| 40 | 40 |
} |
| 41 | 41 |
|
| 42 |
- response, err := client.ServiceCreate(context.Background(), service) |
|
| 42 |
+ ctx := context.Background() |
|
| 43 |
+ // Retrieve encoded auth token from the image reference |
|
| 44 |
+ encodedAuth, err := dockerCli.RetrieveAuthTokenFromImage(ctx, opts.image) |
|
| 45 |
+ if err != nil {
|
|
| 46 |
+ return err |
|
| 47 |
+ } |
|
| 48 |
+ |
|
| 49 |
+ headers := map[string][]string{
|
|
| 50 |
+ "x-registry-auth": {encodedAuth},
|
|
| 51 |
+ } |
|
| 52 |
+ |
|
| 53 |
+ response, err := apiClient.ServiceCreate(ctx, service, headers) |
|
| 43 | 54 |
if err != nil {
|
| 44 | 55 |
return err |
| 45 | 56 |
} |
| ... | ... |
@@ -60,6 +60,7 @@ func runScale(dockerCli *client.DockerCli, args []string) error {
|
| 60 | 60 |
func runServiceScale(dockerCli *client.DockerCli, serviceID string, scale string) error {
|
| 61 | 61 |
client := dockerCli.Client() |
| 62 | 62 |
ctx := context.Background() |
| 63 |
+ headers := map[string][]string{}
|
|
| 63 | 64 |
|
| 64 | 65 |
service, _, err := client.ServiceInspectWithRaw(ctx, serviceID) |
| 65 | 66 |
|
| ... | ... |
@@ -67,6 +68,19 @@ func runServiceScale(dockerCli *client.DockerCli, serviceID string, scale string |
| 67 | 67 |
return err |
| 68 | 68 |
} |
| 69 | 69 |
|
| 70 |
+ // TODO(nishanttotla): Is this the best way to get the image? |
|
| 71 |
+ image := service.Spec.TaskTemplate.ContainerSpec.Image |
|
| 72 |
+ if image != "" {
|
|
| 73 |
+ // Retrieve encoded auth token from the image reference |
|
| 74 |
+ encodedAuth, err := dockerCli.RetrieveAuthTokenFromImage(ctx, image) |
|
| 75 |
+ if err != nil {
|
|
| 76 |
+ return err |
|
| 77 |
+ } |
|
| 78 |
+ headers = map[string][]string{
|
|
| 79 |
+ "x-registry-auth": {encodedAuth},
|
|
| 80 |
+ } |
|
| 81 |
+ } |
|
| 82 |
+ |
|
| 70 | 83 |
serviceMode := &service.Spec.Mode |
| 71 | 84 |
if serviceMode.Replicated == nil {
|
| 72 | 85 |
return fmt.Errorf("scale can only be used with replicated mode")
|
| ... | ... |
@@ -77,7 +91,7 @@ func runServiceScale(dockerCli *client.DockerCli, serviceID string, scale string |
| 77 | 77 |
} |
| 78 | 78 |
serviceMode.Replicated.Replicas = &uintScale |
| 79 | 79 |
|
| 80 |
- err = client.ServiceUpdate(ctx, service.ID, service.Version, service.Spec) |
|
| 80 |
+ err = client.ServiceUpdate(ctx, service.ID, service.Version, service.Spec, headers) |
|
| 81 | 81 |
if err != nil {
|
| 82 | 82 |
return err |
| 83 | 83 |
} |
| ... | ... |
@@ -37,10 +37,28 @@ func newUpdateCommand(dockerCli *client.DockerCli) *cobra.Command {
|
| 37 | 37 |
} |
| 38 | 38 |
|
| 39 | 39 |
func runUpdate(dockerCli *client.DockerCli, flags *pflag.FlagSet, serviceID string) error {
|
| 40 |
- client := dockerCli.Client() |
|
| 40 |
+ apiClient := dockerCli.Client() |
|
| 41 | 41 |
ctx := context.Background() |
| 42 |
+ headers := map[string][]string{}
|
|
| 42 | 43 |
|
| 43 |
- service, _, err := client.ServiceInspectWithRaw(ctx, serviceID) |
|
| 44 |
+ // TODO(nishanttotla): Is this the best way to get the new image? |
|
| 45 |
+ image, err := flags.GetString("image")
|
|
| 46 |
+ if err != nil {
|
|
| 47 |
+ return err |
|
| 48 |
+ } |
|
| 49 |
+ if image != "" {
|
|
| 50 |
+ // Retrieve encoded auth token from the image reference |
|
| 51 |
+ // only do this if a new image has been provided as part of the udpate |
|
| 52 |
+ encodedAuth, err := dockerCli.RetrieveAuthTokenFromImage(ctx, image) |
|
| 53 |
+ if err != nil {
|
|
| 54 |
+ return err |
|
| 55 |
+ } |
|
| 56 |
+ headers = map[string][]string{
|
|
| 57 |
+ "x-registry-auth": {encodedAuth},
|
|
| 58 |
+ } |
|
| 59 |
+ } |
|
| 60 |
+ |
|
| 61 |
+ service, _, err := apiClient.ServiceInspectWithRaw(ctx, serviceID) |
|
| 44 | 62 |
if err != nil {
|
| 45 | 63 |
return err |
| 46 | 64 |
} |
| ... | ... |
@@ -49,7 +67,8 @@ func runUpdate(dockerCli *client.DockerCli, flags *pflag.FlagSet, serviceID stri |
| 49 | 49 |
if err != nil {
|
| 50 | 50 |
return err |
| 51 | 51 |
} |
| 52 |
- err = client.ServiceUpdate(ctx, service.ID, service.Version, service.Spec) |
|
| 52 |
+ |
|
| 53 |
+ err = apiClient.ServiceUpdate(ctx, service.ID, service.Version, service.Spec, headers) |
|
| 53 | 54 |
if err != nil {
|
| 54 | 55 |
return err |
| 55 | 56 |
} |
| ... | ... |
@@ -14,8 +14,8 @@ type Backend interface {
|
| 14 | 14 |
Update(uint64, types.Spec) error |
| 15 | 15 |
GetServices(basictypes.ServiceListOptions) ([]types.Service, error) |
| 16 | 16 |
GetService(string) (types.Service, error) |
| 17 |
- CreateService(types.ServiceSpec) (string, error) |
|
| 18 |
- UpdateService(string, uint64, types.ServiceSpec) error |
|
| 17 |
+ CreateService(types.ServiceSpec, string) (string, error) |
|
| 18 |
+ UpdateService(string, uint64, types.ServiceSpec, string) error |
|
| 19 | 19 |
RemoveService(string) error |
| 20 | 20 |
GetNodes(basictypes.NodeListOptions) ([]types.Node, error) |
| 21 | 21 |
GetNode(string) (types.Node, error) |
| ... | ... |
@@ -107,7 +107,12 @@ func (sr *swarmRouter) createService(ctx context.Context, w http.ResponseWriter, |
| 107 | 107 |
return err |
| 108 | 108 |
} |
| 109 | 109 |
|
| 110 |
- id, err := sr.backend.CreateService(service) |
|
| 110 |
+ encodedAuth := "" |
|
| 111 |
+ if auth, ok := r.Header["x-registry-auth"]; ok {
|
|
| 112 |
+ encodedAuth = auth[0] |
|
| 113 |
+ } |
|
| 114 |
+ |
|
| 115 |
+ id, err := sr.backend.CreateService(service, encodedAuth) |
|
| 111 | 116 |
if err != nil {
|
| 112 | 117 |
logrus.Errorf("Error creating service %s: %v", id, err)
|
| 113 | 118 |
return err |
| ... | ... |
@@ -130,7 +135,12 @@ func (sr *swarmRouter) updateService(ctx context.Context, w http.ResponseWriter, |
| 130 | 130 |
return fmt.Errorf("Invalid service version '%s': %s", rawVersion, err.Error())
|
| 131 | 131 |
} |
| 132 | 132 |
|
| 133 |
- if err := sr.backend.UpdateService(vars["id"], version, service); err != nil {
|
|
| 133 |
+ encodedAuth := "" |
|
| 134 |
+ if auth, ok := r.Header["x-registry-auth"]; ok {
|
|
| 135 |
+ encodedAuth = auth[0] |
|
| 136 |
+ } |
|
| 137 |
+ |
|
| 138 |
+ if err := sr.backend.UpdateService(vars["id"], version, service, encodedAuth); err != nil {
|
|
| 134 | 139 |
logrus.Errorf("Error updating service %s: %v", vars["id"], err)
|
| 135 | 140 |
return err |
| 136 | 141 |
} |
| ... | ... |
@@ -663,7 +663,7 @@ func (c *Cluster) GetServices(options apitypes.ServiceListOptions) ([]types.Serv |
| 663 | 663 |
} |
| 664 | 664 |
|
| 665 | 665 |
// CreateService creates a new service in a managed swarm cluster. |
| 666 |
-func (c *Cluster) CreateService(s types.ServiceSpec) (string, error) {
|
|
| 666 |
+func (c *Cluster) CreateService(s types.ServiceSpec, encodedAuth string) (string, error) {
|
|
| 667 | 667 |
c.RLock() |
| 668 | 668 |
defer c.RUnlock() |
| 669 | 669 |
|
| ... | ... |
@@ -682,6 +682,11 @@ func (c *Cluster) CreateService(s types.ServiceSpec) (string, error) {
|
| 682 | 682 |
if err != nil {
|
| 683 | 683 |
return "", err |
| 684 | 684 |
} |
| 685 |
+ |
|
| 686 |
+ if encodedAuth != "" {
|
|
| 687 |
+ serviceSpec.Task.Runtime.(*swarmapi.TaskSpec_Container).Container.PullOptions = &swarmapi.ContainerSpec_PullOptions{RegistryAuth: encodedAuth}
|
|
| 688 |
+ } |
|
| 689 |
+ |
|
| 685 | 690 |
r, err := c.client.CreateService(ctx, &swarmapi.CreateServiceRequest{Spec: &serviceSpec})
|
| 686 | 691 |
if err != nil {
|
| 687 | 692 |
return "", err |
| ... | ... |
@@ -707,7 +712,7 @@ func (c *Cluster) GetService(input string) (types.Service, error) {
|
| 707 | 707 |
} |
| 708 | 708 |
|
| 709 | 709 |
// UpdateService updates existing service to match new properties. |
| 710 |
-func (c *Cluster) UpdateService(serviceID string, version uint64, spec types.ServiceSpec) error {
|
|
| 710 |
+func (c *Cluster) UpdateService(serviceID string, version uint64, spec types.ServiceSpec, encodedAuth string) error {
|
|
| 711 | 711 |
c.RLock() |
| 712 | 712 |
defer c.RUnlock() |
| 713 | 713 |
|
| ... | ... |
@@ -720,6 +725,10 @@ func (c *Cluster) UpdateService(serviceID string, version uint64, spec types.Ser |
| 720 | 720 |
return err |
| 721 | 721 |
} |
| 722 | 722 |
|
| 723 |
+ if encodedAuth != "" {
|
|
| 724 |
+ serviceSpec.Task.Runtime.(*swarmapi.TaskSpec_Container).Container.PullOptions = &swarmapi.ContainerSpec_PullOptions{RegistryAuth: encodedAuth}
|
|
| 725 |
+ } |
|
| 726 |
+ |
|
| 723 | 727 |
_, err = c.client.UpdateService( |
| 724 | 728 |
c.getRequestContext(), |
| 725 | 729 |
&swarmapi.UpdateServiceRequest{
|