Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added docker_config_json parameter #317

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Added docker_config_json parameter #317

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ Note: docker registry must be [v2](https://docs.docker.com/registry/spec/api/).
* `aws_access_key_id`: *Optional.* AWS access key to use for acquiring ECR
credentials.

* `docker_config_json` : *Optional.* The raw `config.json` file used for authenticating with Docker registries. If specified, `username` and `password` parameters will be ignored. You may find this useful if you need to be authenticated against multiple registries (e.g. pushing to a private registry, but you also also need to pull authenticate to pull images from Docker Hub without being rate-limited).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* `docker_config_json` : *Optional.* The raw `config.json` file used for authenticating with Docker registries. If specified, `username` and `password` parameters will be ignored. You may find this useful if you need to be authenticated against multiple registries (e.g. pushing to a private registry, but you also also need to pull authenticate to pull images from Docker Hub without being rate-limited).
* `docker_config_json` : *Optional.* The raw `config.json` file used for authenticating with Docker registries. If specified, `username` and `password` parameters will be ignored. You may find this useful if you need to be authenticated against multiple registries (e.g. pushing to a private registry, but you also need to pull authenticate to pull images from Docker Hub without being rate-limited).


* `aws_secret_access_key`: *Optional.* AWS secret key to use for acquiring ECR
credentials.

Expand Down
9 changes: 9 additions & 0 deletions assets/common.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@ LOG_FILE=${LOG_FILE:-/tmp/docker.log}
SKIP_PRIVILEGED=${SKIP_PRIVILEGED:-false}
STARTUP_TIMEOUT=${STARTUP_TIMEOUT:-120}

# Otherwise we get "certificate relies on legacy Common Name field"
export GODEBUG="x509ignoreCN=0"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In what user case that you need this env var? Are you seeing the error when check/in/out?

From what I understand in this resource, only the check cmd is using Go, so in/out that uses bash script should not be affected?


sanitize_cgroups() {
mkdir -p /sys/fs/cgroup
mountpoint -q /sys/fs/cgroup || \
Expand Down Expand Up @@ -206,3 +209,9 @@ docker_pull() {
printf "\n${RED}Failed to pull image %s.${NC}" "$1"
return 1
}

docker_config_json_to_file() {
local docker_config_json="${1}"
mkdir -p ~/.docker
echo "${1}" > ~/.docker/config.json
}
7 changes: 6 additions & 1 deletion assets/in
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ registry_mirror=$(jq -r '.source.registry_mirror // ""' < $payload)

username=$(jq -r '.source.username // ""' < $payload)
password=$(jq -r '.source.password // ""' < $payload)
docker_config_json=$(jq -r '.source.docker_config_json // ""' < $payload)
repository="$(jq -r '.source.repository // ""' < $payload)"
tag="$(jq -r '.source.tag // "latest"' < $payload)"
ca_certs=$(jq -r '.source.ca_certs // []' < $payload)
Expand Down Expand Up @@ -64,7 +65,11 @@ if [ "$skip_download" = "false" ]; then
"$insecure_registries" \
"$registry_mirror"

log_in "$username" "$password" "$registry"
if [ -z "$docker_config_json" ]; then
log_in "$username" "$password" "$registry"
else
docker_config_json_to_file "$docker_config_json"
fi

docker_pull "$image_name"

Expand Down
8 changes: 7 additions & 1 deletion assets/out
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ registry_mirror=$(jq -r '.source.registry_mirror // ""' < $payload)

username=$(jq -r '.source.username // ""' < $payload)
password=$(jq -r '.source.password // ""' < $payload)
docker_config_json=$(jq -r '.source.docker_config_json // ""' < $payload)
repository=$(jq -r '.source.repository // ""' < $payload)
ca_certs=$(jq -r '.source.ca_certs // []' < $payload)
client_certs=$(jq -r '.source.client_certs // []' < $payload)
Expand All @@ -52,7 +53,12 @@ start_docker \
"${max_concurrent_uploads}" \
"$insecure_registries" \
"$registry_mirror"
log_in "$username" "$password" "$registry"

if [ -z "$docker_config_json" ]; then
log_in "$username" "$password" "$registry"
else
docker_config_json_to_file "$docker_config_json"
fi
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you add an out test to cover this feature?


tag_source=$(jq -r '.source.tag // "latest"' < $payload)
tag_params=$(jq -r '.params.tag_file // ""' < $payload)
Expand Down