runservice: update docker registry auth
This commit is contained in:
parent
d91bb36ccb
commit
dfeba334f6
1
go.mod
1
go.mod
@ -19,6 +19,7 @@ require (
|
|||||||
github.com/go-ini/ini v1.42.0 // indirect
|
github.com/go-ini/ini v1.42.0 // indirect
|
||||||
github.com/go-sql-driver/mysql v1.4.1 // indirect
|
github.com/go-sql-driver/mysql v1.4.1 // indirect
|
||||||
github.com/google/go-cmp v0.3.0
|
github.com/google/go-cmp v0.3.0
|
||||||
|
github.com/google/go-containerregistry v0.0.0-20190412005658-1d38b9cfdb9d
|
||||||
github.com/google/go-jsonnet v0.12.1
|
github.com/google/go-jsonnet v0.12.1
|
||||||
github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e // indirect
|
github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e // indirect
|
||||||
github.com/gorilla/handlers v1.4.0
|
github.com/gorilla/handlers v1.4.0
|
||||||
|
4
go.sum
4
go.sum
@ -62,10 +62,10 @@ github.com/google/btree v0.0.0-20180124185431-e89373fe6b4a h1:ZJu5NB1Bk5ms4vw0Xu
|
|||||||
github.com/google/btree v0.0.0-20180124185431-e89373fe6b4a h1:ZJu5NB1Bk5ms4vw0Xu4i+jD32SE9jQXyfnOvwhHqlT0=
|
github.com/google/btree v0.0.0-20180124185431-e89373fe6b4a h1:ZJu5NB1Bk5ms4vw0Xu4i+jD32SE9jQXyfnOvwhHqlT0=
|
||||||
github.com/google/btree v0.0.0-20180124185431-e89373fe6b4a/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
|
github.com/google/btree v0.0.0-20180124185431-e89373fe6b4a/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
|
||||||
github.com/google/btree v0.0.0-20180124185431-e89373fe6b4a/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
|
github.com/google/btree v0.0.0-20180124185431-e89373fe6b4a/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
|
||||||
github.com/google/go-cmp v0.2.0 h1:+dTQ8DZQJz0Mb/HjFlkptS1FeQ4cWSnN941F8aEG4SQ=
|
|
||||||
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
|
|
||||||
github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
|
github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
|
||||||
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
|
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
|
||||||
|
github.com/google/go-containerregistry v0.0.0-20190412005658-1d38b9cfdb9d h1:K8AF5hFHsOYRk0CG22FwQk3oCu7CbL2bNfiHoaGuW4Y=
|
||||||
|
github.com/google/go-containerregistry v0.0.0-20190412005658-1d38b9cfdb9d/go.mod h1:yZAFP63pRshzrEYLXLGPmUt0Ay+2zdjmMN1loCnRLUk=
|
||||||
github.com/google/go-jsonnet v0.12.1 h1:v0iUm/b4SBz7lR/diMoz9tLAz8lqtnNRKIwMrmU2HEU=
|
github.com/google/go-jsonnet v0.12.1 h1:v0iUm/b4SBz7lR/diMoz9tLAz8lqtnNRKIwMrmU2HEU=
|
||||||
github.com/google/go-jsonnet v0.12.1/go.mod h1:gVu3UVSfOt5fRFq+dh9duBqXa5905QY8S1QvMNcEIVs=
|
github.com/google/go-jsonnet v0.12.1/go.mod h1:gVu3UVSfOt5fRFq+dh9duBqXa5905QY8S1QvMNcEIVs=
|
||||||
github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk=
|
github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk=
|
||||||
|
@ -59,30 +59,34 @@ const (
|
|||||||
RuntimeTypePod RuntimeType = "pod"
|
RuntimeTypePod RuntimeType = "pod"
|
||||||
)
|
)
|
||||||
|
|
||||||
type RegistryAuthType string
|
type DockerRegistryAuthType string
|
||||||
|
|
||||||
const (
|
const (
|
||||||
RegistryAuthTypeDefault RegistryAuthType = "default"
|
DockerRegistryAuthTypeBasic DockerRegistryAuthType = "basic"
|
||||||
|
DockerRegistryAuthTypeEncodedAuth DockerRegistryAuthType = "encodedauth"
|
||||||
)
|
)
|
||||||
|
|
||||||
type RegistryAuth struct {
|
type DockerRegistryAuth struct {
|
||||||
Type RegistryAuthType `json:"type"`
|
Type DockerRegistryAuthType `json:"type"`
|
||||||
|
|
||||||
// default auth
|
// basic auth
|
||||||
Username Value `json:"username"`
|
Username Value `json:"username"`
|
||||||
Password Value `json:"password"`
|
Password Value `json:"password"`
|
||||||
|
|
||||||
|
// encoded auth string
|
||||||
|
Auth string `json:"auth"`
|
||||||
|
|
||||||
|
// future auths like aws ecr auth
|
||||||
}
|
}
|
||||||
|
|
||||||
type Runtime struct {
|
type Runtime struct {
|
||||||
Type RuntimeType `json:"type,omitempty"`
|
Type RuntimeType `json:"type,omitempty"`
|
||||||
Auth *RegistryAuth `json:"auth"`
|
|
||||||
Arch common.Arch `json:"arch,omitempty"`
|
Arch common.Arch `json:"arch,omitempty"`
|
||||||
Containers []*Container `json:"containers,omitempty"`
|
Containers []*Container `json:"containers,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type Container struct {
|
type Container struct {
|
||||||
Image string `json:"image,omitempty"`
|
Image string `json:"image,omitempty"`
|
||||||
Auth *RegistryAuth `json:"auth"`
|
|
||||||
Environment map[string]Value `json:"environment,omitempty"`
|
Environment map[string]Value `json:"environment,omitempty"`
|
||||||
User string `json:"user"`
|
User string `json:"user"`
|
||||||
Privileged bool `json:"privileged"`
|
Privileged bool `json:"privileged"`
|
||||||
@ -92,6 +96,7 @@ type Container struct {
|
|||||||
type Run struct {
|
type Run struct {
|
||||||
Name string `json:"name"`
|
Name string `json:"name"`
|
||||||
Tasks []*Task `json:"tasks"`
|
Tasks []*Task `json:"tasks"`
|
||||||
|
DockerRegistriesAuth map[string]*DockerRegistryAuth `json:"docker_registries_auth"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type Task struct {
|
type Task struct {
|
||||||
@ -106,6 +111,7 @@ type Task struct {
|
|||||||
IgnoreFailure bool `json:"ignore_failure"`
|
IgnoreFailure bool `json:"ignore_failure"`
|
||||||
Approval bool `json:"approval"`
|
Approval bool `json:"approval"`
|
||||||
When *types.When `json:"when"`
|
When *types.When `json:"when"`
|
||||||
|
DockerRegistriesAuth map[string]*DockerRegistryAuth `json:"docker_registries_auth"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type DependCondition string
|
type DependCondition string
|
||||||
@ -198,6 +204,7 @@ func (t *Task) UnmarshalJSON(b []byte) error {
|
|||||||
IgnoreFailure bool `json:"ignore_failure"`
|
IgnoreFailure bool `json:"ignore_failure"`
|
||||||
Approval bool `json:"approval"`
|
Approval bool `json:"approval"`
|
||||||
When *when `json:"when"`
|
When *when `json:"when"`
|
||||||
|
DockerRegistriesAuth map[string]*DockerRegistryAuth `json:"docker_registries_auth"`
|
||||||
}
|
}
|
||||||
|
|
||||||
var tr *runtask
|
var tr *runtask
|
||||||
@ -214,6 +221,7 @@ func (t *Task) UnmarshalJSON(b []byte) error {
|
|||||||
t.User = tr.User
|
t.User = tr.User
|
||||||
t.IgnoreFailure = tr.IgnoreFailure
|
t.IgnoreFailure = tr.IgnoreFailure
|
||||||
t.Approval = tr.Approval
|
t.Approval = tr.Approval
|
||||||
|
t.DockerRegistriesAuth = tr.DockerRegistriesAuth
|
||||||
|
|
||||||
steps := make([]interface{}, len(tr.Steps))
|
steps := make([]interface{}, len(tr.Steps))
|
||||||
for i, stepEntry := range tr.Steps {
|
for i, stepEntry := range tr.Steps {
|
||||||
@ -766,27 +774,25 @@ func checkConfig(config *Config) error {
|
|||||||
|
|
||||||
// Set defaults
|
// Set defaults
|
||||||
for _, run := range config.Runs {
|
for _, run := range config.Runs {
|
||||||
|
// set auth type to basic if not specified
|
||||||
|
for _, registryAuth := range run.DockerRegistriesAuth {
|
||||||
|
if registryAuth.Type == "" {
|
||||||
|
registryAuth.Type = DockerRegistryAuthTypeBasic
|
||||||
|
}
|
||||||
|
}
|
||||||
for _, task := range run.Tasks {
|
for _, task := range run.Tasks {
|
||||||
|
// set auth type to basic if not specified
|
||||||
|
for _, registryAuth := range task.DockerRegistriesAuth {
|
||||||
|
if registryAuth.Type == "" {
|
||||||
|
registryAuth.Type = DockerRegistryAuthTypeBasic
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// set task default working dir
|
// set task default working dir
|
||||||
if task.WorkingDir == "" {
|
if task.WorkingDir == "" {
|
||||||
task.WorkingDir = defaultWorkingDir
|
task.WorkingDir = defaultWorkingDir
|
||||||
}
|
}
|
||||||
|
|
||||||
// set auth type to default if not specified
|
|
||||||
runtime := task.Runtime
|
|
||||||
if runtime.Auth != nil {
|
|
||||||
if runtime.Auth.Type == "" {
|
|
||||||
runtime.Auth.Type = RegistryAuthTypeDefault
|
|
||||||
}
|
|
||||||
}
|
|
||||||
for _, container := range runtime.Containers {
|
|
||||||
if container.Auth != nil {
|
|
||||||
if container.Auth.Type == "" {
|
|
||||||
container.Auth.Type = RegistryAuthTypeDefault
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// set steps defaults
|
// set steps defaults
|
||||||
for i, s := range task.Steps {
|
for i, s := range task.Steps {
|
||||||
switch step := s.(type) {
|
switch step := s.(type) {
|
||||||
|
@ -170,14 +170,20 @@ func TestParseOutput(t *testing.T) {
|
|||||||
in: `
|
in: `
|
||||||
runs:
|
runs:
|
||||||
- name: run01
|
- name: run01
|
||||||
tasks:
|
docker_registries_auth:
|
||||||
- name: task01
|
index.docker.io:
|
||||||
runtime:
|
|
||||||
type: pod
|
|
||||||
auth:
|
|
||||||
username: username
|
username: username
|
||||||
password:
|
password:
|
||||||
from_variable: password
|
from_variable: password
|
||||||
|
tasks:
|
||||||
|
- name: task01
|
||||||
|
docker_registries_auth:
|
||||||
|
index.docker.io:
|
||||||
|
username: username
|
||||||
|
password:
|
||||||
|
from_variable: password
|
||||||
|
runtime:
|
||||||
|
type: pod
|
||||||
containers:
|
containers:
|
||||||
- image: image01
|
- image: image01
|
||||||
auth:
|
auth:
|
||||||
@ -263,25 +269,29 @@ func TestParseOutput(t *testing.T) {
|
|||||||
Runs: []*Run{
|
Runs: []*Run{
|
||||||
&Run{
|
&Run{
|
||||||
Name: "run01",
|
Name: "run01",
|
||||||
Tasks: []*Task{
|
DockerRegistriesAuth: map[string]*DockerRegistryAuth{
|
||||||
&Task{
|
"index.docker.io": {
|
||||||
Name: "task01",
|
Type: DockerRegistryAuthTypeBasic,
|
||||||
Runtime: &Runtime{
|
|
||||||
Type: "pod",
|
|
||||||
Auth: &RegistryAuth{
|
|
||||||
Type: RegistryAuthTypeDefault,
|
|
||||||
Username: Value{Type: ValueTypeString, Value: "username"},
|
Username: Value{Type: ValueTypeString, Value: "username"},
|
||||||
Password: Value{Type: ValueTypeFromVariable, Value: "password"},
|
Password: Value{Type: ValueTypeFromVariable, Value: "password"},
|
||||||
},
|
},
|
||||||
|
},
|
||||||
|
Tasks: []*Task{
|
||||||
|
&Task{
|
||||||
|
Name: "task01",
|
||||||
|
DockerRegistriesAuth: map[string]*DockerRegistryAuth{
|
||||||
|
"index.docker.io": {
|
||||||
|
Type: DockerRegistryAuthTypeBasic,
|
||||||
|
Username: Value{Type: ValueTypeString, Value: "username"},
|
||||||
|
Password: Value{Type: ValueTypeFromVariable, Value: "password"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Runtime: &Runtime{
|
||||||
|
Type: "pod",
|
||||||
Arch: "",
|
Arch: "",
|
||||||
Containers: []*Container{
|
Containers: []*Container{
|
||||||
&Container{
|
&Container{
|
||||||
Image: "image01",
|
Image: "image01",
|
||||||
Auth: &RegistryAuth{
|
|
||||||
Type: RegistryAuthTypeDefault,
|
|
||||||
Username: Value{Type: ValueTypeFromVariable, Value: "username2"},
|
|
||||||
Password: Value{Type: ValueTypeString, Value: "password2"},
|
|
||||||
},
|
|
||||||
Environment: map[string]Value{
|
Environment: map[string]Value{
|
||||||
"ENV01": Value{Type: ValueTypeString, Value: "ENV01"},
|
"ENV01": Value{Type: ValueTypeString, Value: "ENV01"},
|
||||||
"ENVFROMVARIABLE01": Value{Type: ValueTypeFromVariable, Value: "variable01"},
|
"ENVFROMVARIABLE01": Value{Type: ValueTypeFromVariable, Value: "variable01"},
|
||||||
|
@ -37,23 +37,6 @@ func genRuntime(c *config.Config, ce *config.Runtime, variables map[string]strin
|
|||||||
Entrypoint: cc.Entrypoint,
|
Entrypoint: cc.Entrypoint,
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set container auth
|
|
||||||
if cc.Auth != nil {
|
|
||||||
container.Auth = &rstypes.RegistryAuth{
|
|
||||||
Type: rstypes.RegistryAuthType(cc.Auth.Type),
|
|
||||||
Username: genValue(cc.Auth.Username, variables),
|
|
||||||
Password: genValue(cc.Auth.Password, variables),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
// if container auth is nil use runtime auth
|
|
||||||
if container.Auth == nil && ce.Auth != nil {
|
|
||||||
container.Auth = &rstypes.RegistryAuth{
|
|
||||||
Type: rstypes.RegistryAuthType(ce.Auth.Type),
|
|
||||||
Username: genValue(ce.Auth.Username, variables),
|
|
||||||
Password: genValue(ce.Auth.Password, variables),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
containers = append(containers, container)
|
containers = append(containers, container)
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -210,6 +193,28 @@ func GenRunConfigTasks(uuid util.UUIDGenerator, c *config.Config, runName string
|
|||||||
IgnoreFailure: ct.IgnoreFailure,
|
IgnoreFailure: ct.IgnoreFailure,
|
||||||
Skip: !include,
|
Skip: !include,
|
||||||
NeedsApproval: ct.Approval,
|
NeedsApproval: ct.Approval,
|
||||||
|
DockerRegistriesAuth: make(map[string]rstypes.DockerRegistryAuth),
|
||||||
|
}
|
||||||
|
|
||||||
|
if cr.DockerRegistriesAuth != nil {
|
||||||
|
for regname, auth := range cr.DockerRegistriesAuth {
|
||||||
|
t.DockerRegistriesAuth[regname] = rstypes.DockerRegistryAuth{
|
||||||
|
Type: rstypes.DockerRegistryAuthType(auth.Type),
|
||||||
|
Username: genValue(auth.Username, variables),
|
||||||
|
Password: genValue(auth.Password, variables),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// override with per task docker registry auth
|
||||||
|
if ct.DockerRegistriesAuth != nil {
|
||||||
|
for regname, auth := range ct.DockerRegistriesAuth {
|
||||||
|
t.DockerRegistriesAuth[regname] = rstypes.DockerRegistryAuth{
|
||||||
|
Type: rstypes.DockerRegistryAuthType(auth.Type),
|
||||||
|
Username: genValue(auth.Username, variables),
|
||||||
|
Password: genValue(auth.Password, variables),
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
rcts[t.ID] = t
|
rcts[t.ID] = t
|
||||||
|
@ -635,25 +635,29 @@ func TestGenRunConfig(t *testing.T) {
|
|||||||
Runs: []*config.Run{
|
Runs: []*config.Run{
|
||||||
&config.Run{
|
&config.Run{
|
||||||
Name: "run01",
|
Name: "run01",
|
||||||
Tasks: []*config.Task{
|
DockerRegistriesAuth: map[string]*config.DockerRegistryAuth{
|
||||||
&config.Task{
|
"index.docker.io": {
|
||||||
Name: "task01",
|
Type: config.DockerRegistryAuthTypeBasic,
|
||||||
Runtime: &config.Runtime{
|
|
||||||
Type: "pod",
|
|
||||||
Auth: &config.RegistryAuth{
|
|
||||||
Type: config.RegistryAuthTypeDefault,
|
|
||||||
Username: config.Value{Type: config.ValueTypeString, Value: "username"},
|
Username: config.Value{Type: config.ValueTypeString, Value: "username"},
|
||||||
Password: config.Value{Type: config.ValueTypeFromVariable, Value: "password"},
|
Password: config.Value{Type: config.ValueTypeFromVariable, Value: "password"},
|
||||||
},
|
},
|
||||||
|
},
|
||||||
|
Tasks: []*config.Task{
|
||||||
|
&config.Task{
|
||||||
|
Name: "task01",
|
||||||
|
DockerRegistriesAuth: map[string]*config.DockerRegistryAuth{
|
||||||
|
"index.docker.io": {
|
||||||
|
Type: config.DockerRegistryAuthTypeBasic,
|
||||||
|
Username: config.Value{Type: config.ValueTypeFromVariable, Value: "registry_username"},
|
||||||
|
Password: config.Value{Type: config.ValueTypeString, Value: "password2"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Runtime: &config.Runtime{
|
||||||
|
Type: "pod",
|
||||||
Arch: "",
|
Arch: "",
|
||||||
Containers: []*config.Container{
|
Containers: []*config.Container{
|
||||||
&config.Container{
|
&config.Container{
|
||||||
Image: "image01",
|
Image: "image01",
|
||||||
Auth: &config.RegistryAuth{
|
|
||||||
Type: config.RegistryAuthTypeDefault,
|
|
||||||
Username: config.Value{Type: config.ValueTypeFromVariable, Value: "registry_username"},
|
|
||||||
Password: config.Value{Type: config.ValueTypeString, Value: "password2"},
|
|
||||||
},
|
|
||||||
Environment: map[string]config.Value{
|
Environment: map[string]config.Value{
|
||||||
"ENV01": config.Value{Type: config.ValueTypeString, Value: "ENV01"},
|
"ENV01": config.Value{Type: config.ValueTypeString, Value: "ENV01"},
|
||||||
"ENVFROMVARIABLE01": config.Value{Type: config.ValueTypeFromVariable, Value: "variable01"},
|
"ENVFROMVARIABLE01": config.Value{Type: config.ValueTypeFromVariable, Value: "variable01"},
|
||||||
@ -721,15 +725,17 @@ func TestGenRunConfig(t *testing.T) {
|
|||||||
uuid.New("task01").String(): &rstypes.RunConfigTask{
|
uuid.New("task01").String(): &rstypes.RunConfigTask{
|
||||||
ID: uuid.New("task01").String(),
|
ID: uuid.New("task01").String(),
|
||||||
Name: "task01", Depends: map[string]*rstypes.RunConfigTaskDepend{},
|
Name: "task01", Depends: map[string]*rstypes.RunConfigTaskDepend{},
|
||||||
|
DockerRegistriesAuth: map[string]rstypes.DockerRegistryAuth{
|
||||||
|
"index.docker.io": {
|
||||||
|
Type: rstypes.DockerRegistryAuthTypeBasic,
|
||||||
|
Username: "yourregistryusername",
|
||||||
|
Password: "password2",
|
||||||
|
},
|
||||||
|
},
|
||||||
Runtime: &rstypes.Runtime{Type: rstypes.RuntimeType("pod"),
|
Runtime: &rstypes.Runtime{Type: rstypes.RuntimeType("pod"),
|
||||||
Containers: []*rstypes.Container{
|
Containers: []*rstypes.Container{
|
||||||
{
|
{
|
||||||
Image: "image01",
|
Image: "image01",
|
||||||
Auth: &rstypes.RegistryAuth{
|
|
||||||
Type: rstypes.RegistryAuthTypeDefault,
|
|
||||||
Username: "yourregistryusername",
|
|
||||||
Password: "password2",
|
|
||||||
},
|
|
||||||
Environment: map[string]string{
|
Environment: map[string]string{
|
||||||
"ENV01": "ENV01",
|
"ENV01": "ENV01",
|
||||||
"ENVFROMVARIABLE01": "VARVALUE01",
|
"ENVFROMVARIABLE01": "VARVALUE01",
|
||||||
@ -751,21 +757,23 @@ func TestGenRunConfig(t *testing.T) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "test runtime auth used for container nil auth",
|
name: "test run auth used for task undefined auth",
|
||||||
in: &config.Config{
|
in: &config.Config{
|
||||||
Runs: []*config.Run{
|
Runs: []*config.Run{
|
||||||
&config.Run{
|
&config.Run{
|
||||||
Name: "run01",
|
Name: "run01",
|
||||||
|
DockerRegistriesAuth: map[string]*config.DockerRegistryAuth{
|
||||||
|
"index.docker.io": {
|
||||||
|
Type: config.DockerRegistryAuthTypeBasic,
|
||||||
|
Username: config.Value{Type: config.ValueTypeString, Value: "username"},
|
||||||
|
Password: config.Value{Type: config.ValueTypeFromVariable, Value: "password"},
|
||||||
|
},
|
||||||
|
},
|
||||||
Tasks: []*config.Task{
|
Tasks: []*config.Task{
|
||||||
&config.Task{
|
&config.Task{
|
||||||
Name: "task01",
|
Name: "task01",
|
||||||
Runtime: &config.Runtime{
|
Runtime: &config.Runtime{
|
||||||
Type: "pod",
|
Type: "pod",
|
||||||
Auth: &config.RegistryAuth{
|
|
||||||
Type: config.RegistryAuthTypeDefault,
|
|
||||||
Username: config.Value{Type: config.ValueTypeString, Value: "username"},
|
|
||||||
Password: config.Value{Type: config.ValueTypeFromVariable, Value: "password"},
|
|
||||||
},
|
|
||||||
Arch: "",
|
Arch: "",
|
||||||
Containers: []*config.Container{
|
Containers: []*config.Container{
|
||||||
&config.Container{
|
&config.Container{
|
||||||
@ -795,15 +803,17 @@ func TestGenRunConfig(t *testing.T) {
|
|||||||
uuid.New("task01").String(): &rstypes.RunConfigTask{
|
uuid.New("task01").String(): &rstypes.RunConfigTask{
|
||||||
ID: uuid.New("task01").String(),
|
ID: uuid.New("task01").String(),
|
||||||
Name: "task01", Depends: map[string]*rstypes.RunConfigTaskDepend{},
|
Name: "task01", Depends: map[string]*rstypes.RunConfigTaskDepend{},
|
||||||
|
DockerRegistriesAuth: map[string]rstypes.DockerRegistryAuth{
|
||||||
|
"index.docker.io": {
|
||||||
|
Type: rstypes.DockerRegistryAuthTypeBasic,
|
||||||
|
Username: "username",
|
||||||
|
Password: "yourregistrypassword",
|
||||||
|
},
|
||||||
|
},
|
||||||
Runtime: &rstypes.Runtime{Type: rstypes.RuntimeType("pod"),
|
Runtime: &rstypes.Runtime{Type: rstypes.RuntimeType("pod"),
|
||||||
Containers: []*rstypes.Container{
|
Containers: []*rstypes.Container{
|
||||||
{
|
{
|
||||||
Image: "image01",
|
Image: "image01",
|
||||||
Auth: &rstypes.RegistryAuth{
|
|
||||||
Type: rstypes.RegistryAuthTypeDefault,
|
|
||||||
Username: "username",
|
|
||||||
Password: "yourregistrypassword",
|
|
||||||
},
|
|
||||||
Environment: map[string]string{},
|
Environment: map[string]string{},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
@ -816,30 +826,44 @@ func TestGenRunConfig(t *testing.T) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "test runtime auth not used for container with auth",
|
name: "test run auth override by task auth",
|
||||||
in: &config.Config{
|
in: &config.Config{
|
||||||
Runs: []*config.Run{
|
Runs: []*config.Run{
|
||||||
&config.Run{
|
&config.Run{
|
||||||
Name: "run01",
|
Name: "run01",
|
||||||
Tasks: []*config.Task{
|
DockerRegistriesAuth: map[string]*config.DockerRegistryAuth{
|
||||||
&config.Task{
|
"index.docker.io": {
|
||||||
Name: "task01",
|
Type: config.DockerRegistryAuthTypeBasic,
|
||||||
Runtime: &config.Runtime{
|
|
||||||
Type: "pod",
|
|
||||||
Auth: &config.RegistryAuth{
|
|
||||||
Type: config.RegistryAuthTypeDefault,
|
|
||||||
Username: config.Value{Type: config.ValueTypeString, Value: "username"},
|
Username: config.Value{Type: config.ValueTypeString, Value: "username"},
|
||||||
Password: config.Value{Type: config.ValueTypeFromVariable, Value: "password"},
|
Password: config.Value{Type: config.ValueTypeFromVariable, Value: "password"},
|
||||||
},
|
},
|
||||||
|
"https://myregistry.example.com": {
|
||||||
|
Type: config.DockerRegistryAuthTypeBasic,
|
||||||
|
Username: config.Value{Type: config.ValueTypeString, Value: "username"},
|
||||||
|
Password: config.Value{Type: config.ValueTypeFromVariable, Value: "password"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Tasks: []*config.Task{
|
||||||
|
&config.Task{
|
||||||
|
Name: "task01",
|
||||||
|
DockerRegistriesAuth: map[string]*config.DockerRegistryAuth{
|
||||||
|
"index.docker.io": {
|
||||||
|
Type: config.DockerRegistryAuthTypeBasic,
|
||||||
|
Username: config.Value{Type: config.ValueTypeFromVariable, Value: "registry_username"},
|
||||||
|
Password: config.Value{Type: config.ValueTypeString, Value: "password2"},
|
||||||
|
},
|
||||||
|
"https://anotherregistry.example.com": {
|
||||||
|
Type: config.DockerRegistryAuthTypeBasic,
|
||||||
|
Username: config.Value{Type: config.ValueTypeFromVariable, Value: "registry_username"},
|
||||||
|
Password: config.Value{Type: config.ValueTypeString, Value: "password2"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Runtime: &config.Runtime{
|
||||||
|
Type: "pod",
|
||||||
Arch: "",
|
Arch: "",
|
||||||
Containers: []*config.Container{
|
Containers: []*config.Container{
|
||||||
&config.Container{
|
&config.Container{
|
||||||
Image: "image01",
|
Image: "image01",
|
||||||
Auth: &config.RegistryAuth{
|
|
||||||
Type: config.RegistryAuthTypeDefault,
|
|
||||||
Username: config.Value{Type: config.ValueTypeFromVariable, Value: "registry_username"},
|
|
||||||
Password: config.Value{Type: config.ValueTypeString, Value: "password2"},
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
@ -860,20 +884,33 @@ func TestGenRunConfig(t *testing.T) {
|
|||||||
variables: map[string]string{
|
variables: map[string]string{
|
||||||
"variable01": "VARVALUE01",
|
"variable01": "VARVALUE01",
|
||||||
"registry_username": "yourregistryusername",
|
"registry_username": "yourregistryusername",
|
||||||
|
"password": "myregistrypassword",
|
||||||
},
|
},
|
||||||
out: map[string]*rstypes.RunConfigTask{
|
out: map[string]*rstypes.RunConfigTask{
|
||||||
uuid.New("task01").String(): &rstypes.RunConfigTask{
|
uuid.New("task01").String(): &rstypes.RunConfigTask{
|
||||||
ID: uuid.New("task01").String(),
|
ID: uuid.New("task01").String(),
|
||||||
Name: "task01", Depends: map[string]*rstypes.RunConfigTaskDepend{},
|
Name: "task01", Depends: map[string]*rstypes.RunConfigTaskDepend{},
|
||||||
|
DockerRegistriesAuth: map[string]rstypes.DockerRegistryAuth{
|
||||||
|
"index.docker.io": {
|
||||||
|
Type: rstypes.DockerRegistryAuthTypeBasic,
|
||||||
|
Username: "yourregistryusername",
|
||||||
|
Password: "password2",
|
||||||
|
},
|
||||||
|
"https://myregistry.example.com": {
|
||||||
|
Type: rstypes.DockerRegistryAuthTypeBasic,
|
||||||
|
Username: "username",
|
||||||
|
Password: "myregistrypassword",
|
||||||
|
},
|
||||||
|
"https://anotherregistry.example.com": {
|
||||||
|
Type: rstypes.DockerRegistryAuthTypeBasic,
|
||||||
|
Username: "yourregistryusername",
|
||||||
|
Password: "password2",
|
||||||
|
},
|
||||||
|
},
|
||||||
Runtime: &rstypes.Runtime{Type: rstypes.RuntimeType("pod"),
|
Runtime: &rstypes.Runtime{Type: rstypes.RuntimeType("pod"),
|
||||||
Containers: []*rstypes.Container{
|
Containers: []*rstypes.Container{
|
||||||
{
|
{
|
||||||
Image: "image01",
|
Image: "image01",
|
||||||
Auth: &rstypes.RegistryAuth{
|
|
||||||
Type: rstypes.RegistryAuthTypeDefault,
|
|
||||||
Username: "yourregistryusername",
|
|
||||||
Password: "password2",
|
|
||||||
},
|
|
||||||
Environment: map[string]string{},
|
Environment: map[string]string{},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -16,6 +16,8 @@ package driver
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"encoding/base64"
|
||||||
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
@ -25,6 +27,7 @@ import (
|
|||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
|
"github.com/sorintlab/agola/internal/services/runservice/executor/registry"
|
||||||
|
|
||||||
"github.com/docker/docker/api/types"
|
"github.com/docker/docker/api/types"
|
||||||
"github.com/docker/docker/api/types/container"
|
"github.com/docker/docker/api/types/container"
|
||||||
@ -116,9 +119,25 @@ func (d *DockerDriver) NewPod(ctx context.Context, podConfig *PodConfig, out io.
|
|||||||
|
|
||||||
containerConfig := podConfig.Containers[0]
|
containerConfig := podConfig.Containers[0]
|
||||||
|
|
||||||
|
regName, err := registry.GetRegistry(containerConfig.Image)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
var registryAuth registry.DockerConfigAuth
|
||||||
|
if podConfig.DockerConfig != nil {
|
||||||
|
if regauth, ok := podConfig.DockerConfig.Auths[regName]; ok {
|
||||||
|
registryAuth = regauth
|
||||||
|
}
|
||||||
|
}
|
||||||
|
buf, err := json.Marshal(registryAuth)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
registryAuthEnc := base64.URLEncoding.EncodeToString(buf)
|
||||||
|
|
||||||
// by default always try to pull the image so we are sure only authorized users can fetch them
|
// by default always try to pull the image so we are sure only authorized users can fetch them
|
||||||
// see https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#alwayspullimages
|
// see https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#alwayspullimages
|
||||||
reader, err := d.client.ImagePull(ctx, containerConfig.Image, types.ImagePullOptions{RegistryAuth: containerConfig.RegistryAuth})
|
reader, err := d.client.ImagePull(ctx, containerConfig.Image, types.ImagePullOptions{RegistryAuth: registryAuthEnc})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -17,6 +17,8 @@ package driver
|
|||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"io"
|
"io"
|
||||||
|
|
||||||
|
"github.com/sorintlab/agola/internal/services/runservice/executor/registry"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
@ -68,6 +70,7 @@ type PodConfig struct {
|
|||||||
Labels map[string]string
|
Labels map[string]string
|
||||||
// The container dir where the init volume will be mounted
|
// The container dir where the init volume will be mounted
|
||||||
InitVolumeDir string
|
InitVolumeDir string
|
||||||
|
DockerConfig *registry.DockerConfig
|
||||||
}
|
}
|
||||||
|
|
||||||
type ContainerConfig struct {
|
type ContainerConfig struct {
|
||||||
@ -77,7 +80,6 @@ type ContainerConfig struct {
|
|||||||
Image string
|
Image string
|
||||||
User string
|
User string
|
||||||
Privileged bool
|
Privileged bool
|
||||||
RegistryAuth string
|
|
||||||
}
|
}
|
||||||
|
|
||||||
type ExecConfig struct {
|
type ExecConfig struct {
|
||||||
|
@ -37,6 +37,7 @@ import (
|
|||||||
slog "github.com/sorintlab/agola/internal/log"
|
slog "github.com/sorintlab/agola/internal/log"
|
||||||
"github.com/sorintlab/agola/internal/services/config"
|
"github.com/sorintlab/agola/internal/services/config"
|
||||||
"github.com/sorintlab/agola/internal/services/runservice/executor/driver"
|
"github.com/sorintlab/agola/internal/services/runservice/executor/driver"
|
||||||
|
"github.com/sorintlab/agola/internal/services/runservice/executor/registry"
|
||||||
rsapi "github.com/sorintlab/agola/internal/services/runservice/scheduler/api"
|
rsapi "github.com/sorintlab/agola/internal/services/runservice/scheduler/api"
|
||||||
"github.com/sorintlab/agola/internal/services/runservice/types"
|
"github.com/sorintlab/agola/internal/services/runservice/types"
|
||||||
"github.com/sorintlab/agola/internal/util"
|
"github.com/sorintlab/agola/internal/util"
|
||||||
@ -795,7 +796,7 @@ func (e *Executor) setupTask(ctx context.Context, rt *runningTask) error {
|
|||||||
|
|
||||||
log.Debugf("starting pod")
|
log.Debugf("starting pod")
|
||||||
|
|
||||||
registryAuth, err := registryAuthToken(et.Containers[0].Auth)
|
dockerConfig, err := registry.GenDockerConfig(et.DockerRegistriesAuth, []string{et.Containers[0].Image})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
@ -803,6 +804,7 @@ func (e *Executor) setupTask(ctx context.Context, rt *runningTask) error {
|
|||||||
podConfig := &driver.PodConfig{
|
podConfig := &driver.PodConfig{
|
||||||
Labels: createTaskLabels(et.ID),
|
Labels: createTaskLabels(et.ID),
|
||||||
InitVolumeDir: toolboxContainerDir,
|
InitVolumeDir: toolboxContainerDir,
|
||||||
|
DockerConfig: dockerConfig,
|
||||||
Containers: []*driver.ContainerConfig{
|
Containers: []*driver.ContainerConfig{
|
||||||
{
|
{
|
||||||
Image: et.Containers[0].Image,
|
Image: et.Containers[0].Image,
|
||||||
@ -810,7 +812,6 @@ func (e *Executor) setupTask(ctx context.Context, rt *runningTask) error {
|
|||||||
Env: et.Containers[0].Environment,
|
Env: et.Containers[0].Environment,
|
||||||
User: et.Containers[0].User,
|
User: et.Containers[0].User,
|
||||||
Privileged: et.Containers[0].Privileged,
|
Privileged: et.Containers[0].Privileged,
|
||||||
RegistryAuth: registryAuth,
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
@ -1,47 +0,0 @@
|
|||||||
// Copyright 2019 Sorint.lab
|
|
||||||
//
|
|
||||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
// you may not use this file except in compliance with the License.
|
|
||||||
// You may obtain a copy of the License at
|
|
||||||
//
|
|
||||||
// http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
//
|
|
||||||
// Unless required by applicable law or agreed to in writing, software
|
|
||||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied
|
|
||||||
// See the License for the specific language governing permissions and
|
|
||||||
// limitations under the License.
|
|
||||||
|
|
||||||
package executor
|
|
||||||
|
|
||||||
import (
|
|
||||||
"encoding/base64"
|
|
||||||
"encoding/json"
|
|
||||||
|
|
||||||
"github.com/sorintlab/agola/internal/services/runservice/types"
|
|
||||||
|
|
||||||
dtypes "github.com/docker/docker/api/types"
|
|
||||||
"github.com/pkg/errors"
|
|
||||||
)
|
|
||||||
|
|
||||||
func registryAuthToken(auth *types.RegistryAuth) (string, error) {
|
|
||||||
if auth == nil {
|
|
||||||
return "", nil
|
|
||||||
}
|
|
||||||
|
|
||||||
switch auth.Type {
|
|
||||||
case types.RegistryAuthTypeDefault:
|
|
||||||
authConfig := dtypes.AuthConfig{
|
|
||||||
Username: auth.Username,
|
|
||||||
Password: auth.Password,
|
|
||||||
}
|
|
||||||
authConfigj, err := json.Marshal(authConfig)
|
|
||||||
if err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
return base64.URLEncoding.EncodeToString(authConfigj), nil
|
|
||||||
|
|
||||||
default:
|
|
||||||
return "", errors.Errorf("unsupported registry auth type %q", auth.Type)
|
|
||||||
}
|
|
||||||
}
|
|
139
internal/services/runservice/executor/registry/registry.go
Normal file
139
internal/services/runservice/executor/registry/registry.go
Normal file
@ -0,0 +1,139 @@
|
|||||||
|
// Copyright 2019 Sorint.lab
|
||||||
|
//
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
|
||||||
|
package registry
|
||||||
|
|
||||||
|
import (
|
||||||
|
"encoding/base64"
|
||||||
|
"fmt"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"github.com/pkg/errors"
|
||||||
|
"github.com/sorintlab/agola/internal/services/runservice/types"
|
||||||
|
|
||||||
|
"github.com/google/go-containerregistry/pkg/name"
|
||||||
|
)
|
||||||
|
|
||||||
|
//func registryAuthToken(auth *types.DockerRegistryAuth) (string, error) {
|
||||||
|
// if auth == nil {
|
||||||
|
// return "", nil
|
||||||
|
// }
|
||||||
|
//
|
||||||
|
// switch auth.Type {
|
||||||
|
// case types.DockerRegistryAuthTypeBasic:
|
||||||
|
// authConfig := dtypes.AuthConfig{
|
||||||
|
// Username: auth.Username,
|
||||||
|
// Password: auth.Password,
|
||||||
|
// }
|
||||||
|
// authConfigj, err := json.Marshal(authConfig)
|
||||||
|
// if err != nil {
|
||||||
|
// panic(err)
|
||||||
|
// }
|
||||||
|
// return base64.URLEncoding.EncodeToString(authConfigj), nil
|
||||||
|
//
|
||||||
|
// default:
|
||||||
|
// return "", errors.Errorf("unsupported registry auth type %q", auth.Type)
|
||||||
|
// }
|
||||||
|
//}
|
||||||
|
|
||||||
|
// Docker config represents the docker config.json format. We only consider the "auths" part
|
||||||
|
type DockerConfig struct {
|
||||||
|
Auths map[string]DockerConfigAuth `json:"auths,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// Docker config represents the docker config.json auth part. We only consider the "auth" token part
|
||||||
|
type DockerConfigAuth struct {
|
||||||
|
Username string `json:"username,omitempty"`
|
||||||
|
Password string `json:"password,omitempty"`
|
||||||
|
Auth string `json:"auth,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// There are a variety of ways a domain may get qualified within the Docker credential file.
|
||||||
|
// We enumerate them here as format strings.
|
||||||
|
var (
|
||||||
|
domainForms = []string{
|
||||||
|
// Allow naked domains
|
||||||
|
"%s",
|
||||||
|
// Allow scheme-prefixed.
|
||||||
|
"https://%s",
|
||||||
|
"http://%s",
|
||||||
|
// Allow scheme-prefixes with version in url path.
|
||||||
|
"https://%s/v1/",
|
||||||
|
"http://%s/v1/",
|
||||||
|
"https://%s/v2/",
|
||||||
|
"http://%s/v2/",
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
func GetRegistry(image string) (string, error) {
|
||||||
|
ref, err := name.ParseReference(image, name.WeakValidation)
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
regName := ref.Context().RegistryStr()
|
||||||
|
return regName, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// ResolveAuth resolves the auth username and password for the provided registry name
|
||||||
|
func ResolveAuth(auths map[string]types.DockerRegistryAuth, regname string) (string, string, error) {
|
||||||
|
if auths != nil {
|
||||||
|
for _, form := range domainForms {
|
||||||
|
if auth, ok := auths[fmt.Sprintf(form, regname)]; ok {
|
||||||
|
switch auth.Type {
|
||||||
|
case types.DockerRegistryAuthTypeEncodedAuth:
|
||||||
|
decoded, err := base64.StdEncoding.DecodeString(auth.Auth)
|
||||||
|
if err != nil {
|
||||||
|
return "", "", errors.Wrapf(err, "failed to decode docker auth")
|
||||||
|
}
|
||||||
|
parts := strings.Split(string(decoded), ":")
|
||||||
|
if len(parts) != 2 {
|
||||||
|
return "", "", errors.Wrapf(err, "wrong docker auth")
|
||||||
|
}
|
||||||
|
return parts[0], parts[1], nil
|
||||||
|
case types.DockerRegistryAuthTypeBasic:
|
||||||
|
return auth.Username, auth.Password, nil
|
||||||
|
default:
|
||||||
|
return "", "", fmt.Errorf("unsupported auth type %q", auth.Type)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return "", "", nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func GenDockerConfig(auths map[string]types.DockerRegistryAuth, images []string) (*DockerConfig, error) {
|
||||||
|
dockerConfig := &DockerConfig{Auths: make(map[string]DockerConfigAuth)}
|
||||||
|
for _, image := range images {
|
||||||
|
ref, err := name.ParseReference(image, name.WeakValidation)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
regName := ref.Context().RegistryStr()
|
||||||
|
|
||||||
|
if _, ok := dockerConfig.Auths[regName]; ok {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
username, password, err := ResolveAuth(auths, regName)
|
||||||
|
if err != nil {
|
||||||
|
return nil, errors.Wrapf(err, "failed to resolve auth")
|
||||||
|
}
|
||||||
|
delimited := fmt.Sprintf("%s:%s", username, password)
|
||||||
|
auth := base64.StdEncoding.EncodeToString([]byte(delimited))
|
||||||
|
dockerConfig.Auths[regName] = DockerConfigAuth{Username: username, Password: password, Auth: auth}
|
||||||
|
}
|
||||||
|
|
||||||
|
return dockerConfig, nil
|
||||||
|
}
|
@ -335,6 +335,7 @@ func (s *Scheduler) genExecutorTask(ctx context.Context, r *types.Run, rt *types
|
|||||||
Steps: make([]*types.ExecutorTaskStepStatus, len(rct.Steps)),
|
Steps: make([]*types.ExecutorTaskStepStatus, len(rct.Steps)),
|
||||||
ExecutorID: executor.ID,
|
ExecutorID: executor.ID,
|
||||||
},
|
},
|
||||||
|
DockerRegistriesAuth: rct.DockerRegistriesAuth,
|
||||||
}
|
}
|
||||||
|
|
||||||
for i := range et.Status.Steps {
|
for i := range et.Status.Steps {
|
||||||
|
@ -330,6 +330,7 @@ type RunConfigTask struct {
|
|||||||
IgnoreFailure bool `json:"ignore_failure,omitempty"`
|
IgnoreFailure bool `json:"ignore_failure,omitempty"`
|
||||||
NeedsApproval bool `json:"needs_approval,omitempty"`
|
NeedsApproval bool `json:"needs_approval,omitempty"`
|
||||||
Skip bool `json:"skip,omitempty"`
|
Skip bool `json:"skip,omitempty"`
|
||||||
|
DockerRegistriesAuth map[string]DockerRegistryAuth `json:"docker_registries_auth"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type RunConfigTaskDependCondition string
|
type RunConfigTaskDependCondition string
|
||||||
@ -351,18 +352,24 @@ const (
|
|||||||
RuntimeTypePod RuntimeType = "pod"
|
RuntimeTypePod RuntimeType = "pod"
|
||||||
)
|
)
|
||||||
|
|
||||||
type RegistryAuthType string
|
type DockerRegistryAuthType string
|
||||||
|
|
||||||
const (
|
const (
|
||||||
RegistryAuthTypeDefault RegistryAuthType = "default"
|
DockerRegistryAuthTypeBasic DockerRegistryAuthType = "basic"
|
||||||
|
DockerRegistryAuthTypeEncodedAuth DockerRegistryAuthType = "encodedauth"
|
||||||
)
|
)
|
||||||
|
|
||||||
type RegistryAuth struct {
|
type DockerRegistryAuth struct {
|
||||||
Type RegistryAuthType `json:"type,omitempty"`
|
Type DockerRegistryAuthType `json:"type"`
|
||||||
|
|
||||||
// default auth
|
// basic auth
|
||||||
Username string `json:"username,omitempty"`
|
Username string `json:"username"`
|
||||||
Password string `json:"password,omitempty"`
|
Password string `json:"password"`
|
||||||
|
|
||||||
|
// encoded auth string
|
||||||
|
Auth string `json:"auth"`
|
||||||
|
|
||||||
|
// future auths like aws ecr auth
|
||||||
}
|
}
|
||||||
|
|
||||||
type Runtime struct {
|
type Runtime struct {
|
||||||
@ -502,6 +509,8 @@ type ExecutorTask struct {
|
|||||||
User string `json:"user,omitempty"`
|
User string `json:"user,omitempty"`
|
||||||
Privileged bool `json:"privileged"`
|
Privileged bool `json:"privileged"`
|
||||||
|
|
||||||
|
DockerRegistriesAuth map[string]DockerRegistryAuth `json:"docker_registries_auth"`
|
||||||
|
|
||||||
Steps []interface{} `json:"steps,omitempty"`
|
Steps []interface{} `json:"steps,omitempty"`
|
||||||
|
|
||||||
Status ExecutorTaskStatus `json:"status,omitempty"`
|
Status ExecutorTaskStatus `json:"status,omitempty"`
|
||||||
@ -540,7 +549,6 @@ type ExecutorTaskStepStatus struct {
|
|||||||
|
|
||||||
type Container struct {
|
type Container struct {
|
||||||
Image string `json:"image,omitempty"`
|
Image string `json:"image,omitempty"`
|
||||||
Auth *RegistryAuth `json:"auth,omitempty"`
|
|
||||||
Environment map[string]string `json:"environment,omitempty"`
|
Environment map[string]string `json:"environment,omitempty"`
|
||||||
User string `json:"user,omitempty"`
|
User string `json:"user,omitempty"`
|
||||||
Privileged bool `json:"privileged"`
|
Privileged bool `json:"privileged"`
|
||||||
|
Loading…
Reference in New Issue
Block a user