com.github.dockerjava.api.model.AuthConfig Java Examples

@CheckForNull
public AuthConfig resolveAuthConfig(@CheckForNull String hostname) {
    if (StringUtils.isEmpty(hostname) || AuthConfig.DEFAULT_SERVER_ADDRESS.equals(hostname)) {
        return auths.get(AuthConfig.DEFAULT_SERVER_ADDRESS);
    }

    AuthConfig c = auths.get(hostname);
    if (c != null) {
        return c;
    }

    // Maybe they have a legacy config file, we will iterate the keys converting
    // them to the new format and testing
    String normalizedHostname = convertToHostname(hostname);
    for (Map.Entry<String, AuthConfig> entry : auths.entrySet()) {
        String registry = entry.getKey();
        AuthConfig config = entry.getValue();
        if (convertToHostname(registry).equals(normalizedHostname)) {
            return config;
        }
    }

    return null;
}
 

@Override
public void execute() throws DockerException {
	AuthConfig authConfig = new AuthConfig()
		       .withUsername("docker")
		       .withPassword("docker")
		       .withEmail("[email protected]")
		       .withRegistryAddress("nexus3.acumos.org");
	String imageFullName = "nexus3.acumos.org:10004/onboarding-base-r";
	logger.debug("Full Image Name: " + imageFullName);
	final DockerClient client = getClient();

	logger.debug("Auth Config started: " + authConfig.toString());
	client.authCmd().withAuthConfig(authConfig).exec(); // WORKS

	logger.debug("Pull Command started");
	client.pullImageCmd(imageFullName) // FAILS
	        .withTag("1.0")
	        .withAuthConfig(authConfig)
	        .exec(new PullImageResultCallback()).awaitSuccess();
	logger.debug("Pull Command end");

}
 

private AuthConfig findExistingAuthConfig(final JsonNode config, final String reposName) throws Exception {

        final Map.Entry<String, JsonNode> entry = findAuthNode(config, reposName);

        if (entry != null && entry.getValue() != null && entry.getValue().size() > 0) {
            final AuthConfig deserializedAuth = OBJECT_MAPPER
                .treeToValue(entry.getValue(), AuthConfig.class)
                .withRegistryAddress(entry.getKey());

            if (isBlank(deserializedAuth.getUsername()) &&
                isBlank(deserializedAuth.getPassword()) &&
                !isBlank(deserializedAuth.getAuth())) {

                final String rawAuth = new String(Base64.getDecoder().decode(deserializedAuth.getAuth()));
                final String[] splitRawAuth = rawAuth.split(":", 2);

                if (splitRawAuth.length == 2) {
                    deserializedAuth.withUsername(splitRawAuth[0]);
                    deserializedAuth.withPassword(splitRawAuth[1]);
                }
            }

            return deserializedAuth;
        }
        return null;
    }
 

/**
 * Instantiates a new Docker opt.
 *
 * @param log              日志对象
 * @param host             DOCKER_HOST, e.g. tcp://10.200.131.182:2375
 * @param registryUrl      registry地址， e.g. https://harbor.dew.env/v2
 * @param registryUsername registry用户名
 * @param registryPassword registry密码
 * @see <a href="https://docs.docker.com/install/linux/linux-postinstall/#configure-where-the-docker-daemon-listens-for-connections">The Docker Daemon Listens For Connections</a>
 */
protected DockerOpt(Logger log, String host, String registryUrl, String registryUsername, String registryPassword) {
    this.log = log;
    this.registryUsername = registryUsername;
    this.registryPassword = registryPassword;
    DefaultDockerClientConfig.Builder builder = DefaultDockerClientConfig.createDefaultConfigBuilder();
    if (host != null && !host.isEmpty()) {
        builder.withDockerHost(host);
    }
    if (registryUrl != null) {
        registryUrl = registryUrl.endsWith("/") ? registryUrl.substring(0, registryUrl.length() - 1) : registryUrl;
        registryApiUrl = registryUrl.substring(0, registryUrl.lastIndexOf("/") + 1) + "api/v2.0";
        defaultAuthConfig = new AuthConfig()
                .withRegistryAddress(registryUrl)
                .withUsername(registryUsername)
                .withPassword(registryPassword);
    }
    docker = DockerClientBuilder.getInstance(builder.build()).build();
}
 

@Test
public void lookupAuthConfigWithCredentialsNotFound() throws URISyntaxException {
    Map<String, String> notFoundMessagesReference = new HashMap<>();
    final RegistryAuthLocator authLocator = createTestAuthLocator("config-with-store.json", notFoundMessagesReference);

    DockerImageName dockerImageName = new DockerImageName("registry2.example.com/org/repo");
    final AuthConfig authConfig = authLocator.lookupAuthConfig(dockerImageName, new AuthConfig());

    assertNull("No username should have been obtained from a credential store", authConfig.getUsername());
    assertNull("No secret should have been obtained from a credential store", authConfig.getPassword());
    assertEquals("Should have one 'credentials not found' message discovered", 1, notFoundMessagesReference.size());

    String discoveredMessage = notFoundMessagesReference.values().iterator().next();

    assertEquals(
        "Not correct message discovered",
        "Fake credentials not found on credentials store 'https://not.a.real.registry/url'",
        discoveredMessage);
}
 

@BeforeClass
public static void setUp() throws InterruptedException {
    originalAuthLocatorSingleton = RegistryAuthLocator.instance();
    client = DockerClientFactory.instance().client();

    String testRegistryAddress = authenticatedRegistry.getHost() + ":" + authenticatedRegistry.getFirstMappedPort();
    testImageName = testRegistryAddress + "/alpine";
    testImageNameWithTag = testImageName + ":latest";

    final DockerImageName expectedName = new DockerImageName(testImageNameWithTag);
    final AuthConfig authConfig = new AuthConfig()
        .withUsername("testuser")
        .withPassword("notasecret")
        .withRegistryAddress("http://" + testRegistryAddress);

    // Replace the RegistryAuthLocator singleton with our mock, for the duration of this test
    final RegistryAuthLocator mockAuthLocator = Mockito.mock(RegistryAuthLocator.class);
    RegistryAuthLocator.setInstance(mockAuthLocator);
    when(mockAuthLocator.lookupAuthConfig(eq(expectedName), any()))
        .thenReturn(authConfig);

    // a push will use the auth locator for authentication, although that isn't the goal of this test
    putImageInRegistry();
}
 

@Test
@Ignore // TODO rework test (does not throw as expected atm)
public void testCreateServiceWithInvalidAuth() throws DockerException {
    AuthConfig invalidAuthConfig = new AuthConfig()
            .withUsername("testuser")
            .withPassword("testwrongpassword")
            .withEmail("[email protected]")
            .withRegistryAddress(authConfig.getRegistryAddress());

    exception.expect(ConflictException.class);

    dockerClient.createServiceCmd(new ServiceSpec()
            .withName(SERVICE_NAME)
            .withTaskTemplate(new TaskSpec()
                    .withContainerSpec(new ContainerSpec()
                            .withImage(DEFAULT_IMAGE))))
            .withAuthConfig(invalidAuthConfig)
            .exec();
}
 

@Test
public void testPullImageWithNoAuth() throws Exception {
    AuthConfig authConfig = REGISTRY.getAuthConfig();

    String imgName = REGISTRY.createPrivateImage("pull-image-with-no-auth");

    if (isNotSwarm(dockerRule.getClient()) && getVersion(dockerRule.getClient())
            .isGreaterOrEqual(RemoteApiVersion.VERSION_1_30)) {
        exception.expect(DockerException.class);
    } else {
        exception.expect(DockerClientException.class);
    }

    // stream needs to be fully read in order to close the underlying connection
    dockerRule.getClient().pullImageCmd(imgName)
            .start()
            .awaitCompletion(30, TimeUnit.SECONDS);
}
 

@Test
public void testPullImageWithInvalidAuth() throws Exception {
    AuthConfig authConfig = REGISTRY.getAuthConfig();
    AuthConfig invalidAuthConfig = new AuthConfig()
            .withUsername("testuser")
            .withPassword("testwrongpassword")
            .withEmail("[email protected]")
            .withRegistryAddress(authConfig.getRegistryAddress());

    String imgName = REGISTRY.createPrivateImage("pull-image-with-invalid-auth");

    if (isNotSwarm(dockerRule.getClient()) && getVersion(dockerRule.getClient())
            .isGreaterOrEqual(RemoteApiVersion.VERSION_1_30)) {
        exception.expect(DockerException.class);
    } else {
        exception.expect(DockerClientException.class);
    }

    // stream needs to be fully read in order to close the underlying connection
    dockerRule.getClient().pullImageCmd(imgName)
            .withAuthConfig(invalidAuthConfig)
            .start()
            .awaitCompletion(30, TimeUnit.SECONDS);
}
 

@Test
public void testPortBinding() throws IOException, InterruptedException {
    DockerComputerSSHConnector connector = new DockerComputerSSHConnector(Mockito.mock(DockerComputerSSHConnector.SSHKeyStrategy.class));
    CreateContainerCmdImpl cmd = new CreateContainerCmdImpl(Mockito.mock(CreateContainerCmd.Exec.class), Mockito.mock(AuthConfig.class), "");
    cmd.withPortBindings(PortBinding.parse("42:42"));

    connector.setPort(22);
    connector.beforeContainerCreated(Mockito.mock(DockerAPI.class), "/workdir", cmd);
    final Ports portBindings = cmd.getPortBindings();
    Assert.assertNotNull(portBindings);
    final Map<ExposedPort, Ports.Binding[]> bindingMap = portBindings.getBindings();
    Assert.assertNotNull(bindingMap);
    Assert.assertEquals(2, bindingMap.size());

    final Ports.Binding[] configuredBindings = bindingMap.get(new ExposedPort(42));
    Assert.assertNotNull(configuredBindings);
    Assert.assertEquals(1, configuredBindings.length);
    Assert.assertEquals("42", configuredBindings[0].getHostPortSpec());

    final Ports.Binding[] sshBindings = bindingMap.get(new ExposedPort(22));
    Assert.assertNotNull(sshBindings);
    Assert.assertEquals(1, sshBindings.length);
    Assert.assertNull(sshBindings[0].getHostPortSpec());

    System.out.println();
}
 

@Test
public void defaults() throws Exception {

    // given default cert path
    Properties systemProperties = new Properties();
    systemProperties.setProperty("user.name", "someUserName");
    systemProperties.setProperty("user.home", homeDir());

    // when you build config
    DefaultDockerClientConfig config = buildConfig(Collections.<String, String> emptyMap(), systemProperties);

    // then the cert path is as expected
    assertEquals(config.getDockerHost(), URI.create("unix:///var/run/docker.sock"));
    assertEquals(config.getRegistryUsername(), "someUserName");
    assertEquals(config.getRegistryUrl(), AuthConfig.DEFAULT_SERVER_ADDRESS);
    assertEquals(config.getApiVersion(), RemoteApiVersion.unknown());
    assertEquals(config.getDockerConfigPath(), homeDir() + "/.docker");
    assertNull(config.getSSLConfig());
}
 

@Test
public void validLegacyJson() throws IOException {
    AuthConfig authConfig1 = new AuthConfig()
            .withEmail("[email protected]")
            .withUsername("foo")
            .withPassword("bar")
            .withRegistryAddress("quay.io");

    AuthConfig authConfig2 = new AuthConfig()
            .withEmail("[email protected]")
            .withUsername("foo1")
            .withPassword("bar1")
            .withRegistryAddress(AuthConfig.DEFAULT_SERVER_ADDRESS);

    DockerConfigFile expected = new DockerConfigFile();
    expected.addAuthConfig(authConfig1);
    expected.addAuthConfig(authConfig2);

    assertThat(runTest("validLegacyJson"), is(expected));
}
 

@Test
public void validJsonWithUnknown() throws IOException {
    AuthConfig authConfig1 = new AuthConfig()
            .withRegistryAddress("192.168.99.100:32768");

    AuthConfig authConfig2 = new AuthConfig()
            .withEmail("[email protected]")
            .withUsername("foo")
            .withPassword("bar")
            .withRegistryAddress("https://index.docker.io/v1/");

    DockerConfigFile expected = new DockerConfigFile();
    expected.addAuthConfig(authConfig1);
    expected.addAuthConfig(authConfig2);
    DockerConfigFile actual = runTest("validJsonWithUnknown");
    assertThat(actual, is(expected));
}
 

@Test
public void validDockerConfig() throws IOException {
    AuthConfig authConfig1 = new AuthConfig()
            .withEmail("[email protected]")
            .withUsername("foo")
            .withPassword("bar")
            .withRegistryAddress("quay.io");

    AuthConfig authConfig2 = new AuthConfig()
            .withEmail("[email protected]")
            .withUsername("foo1")
            .withPassword("bar1")
            .withRegistryAddress(AuthConfig.DEFAULT_SERVER_ADDRESS);

    DockerConfigFile expected = new DockerConfigFile();
    expected.addAuthConfig(authConfig1);
    expected.addAuthConfig(authConfig2);

    assertThat(runTest("validDockerConfig"), is(expected));
}
 

public static HostnameReposName resolveRepositoryName(String reposName) {
    if (reposName.contains("://")) {
        throw new InvalidRepositoryNameException("RepositoryName shouldn't contain a scheme");
    }

    String[] nameParts = reposName.split("/", 2);
    if (nameParts.length == 1
            || (!nameParts[0].contains(".") && !nameParts[0].contains(":") && !nameParts[0].equals("localhost"))) {
        return new HostnameReposName(AuthConfig.DEFAULT_SERVER_ADDRESS, reposName);
    }

    String hostname = nameParts[0];
    reposName = nameParts[1];
    if (hostname.contains("index.docker.io")) {
        throw new InvalidRepositoryNameException(String.format("Invalid repository name, try \"%s\" instead",
                reposName));
    }
    if (StringUtils.containsIgnoreCase(reposName, SHA256_SEPARATOR)) {
        reposName = StringUtils.substringBeforeLast(reposName, SHA256_SEPARATOR);
    }

    validateRepoName(reposName);
    return new HostnameReposName(hostname, reposName);
}
 

@Nonnull
public static DockerConfigFile loadConfig(ObjectMapper objectMapper, @CheckForNull String dockerConfigPath) throws IOException {
    // no any configs, but for empty auths return non null object
    if (dockerConfigPath == null) {
        return new DockerConfigFile();
    }

    //parse new docker config file format
    DockerConfigFile dockerConfig = loadCurrentConfig(objectMapper, dockerConfigPath);

    //parse old auth config file format
    if (dockerConfig == null) {
        dockerConfig = loadLegacyConfig(objectMapper, dockerConfigPath);
    }

    //otherwise create default config
    if (dockerConfig == null) {
        dockerConfig = new DockerConfigFile();
    }

    for (Map.Entry<String, AuthConfig> entry : dockerConfig.getAuths().entrySet()) {
        AuthConfig authConfig = entry.getValue();
        decodeAuth(authConfig);
        authConfig.withAuth(null);
        authConfig.withRegistryAddress(entry.getKey());
    }

    return dockerConfig;
}
 

@Test
public void testGetAuthConfigurationsFromConfigJson() throws URISyntaxException {
    File cfgFile = new File(Resources.getResource("com.github.dockerjava.core/registry.v2").toURI());
    DefaultDockerClientConfig clientConfig = new DefaultDockerClientConfig(URI.create(
        "unix://foo"), cfgFile.getAbsolutePath(), "apiVersion", "registryUrl", "registryUsername", "registryPassword",
        "registryEmail", null);

    AuthConfigurations authConfigurations = clientConfig.getAuthConfigurations();
    assertThat(authConfigurations, notNullValue());
    assertThat(authConfigurations.getConfigs().get("https://test.docker.io/v2/"), notNullValue());

    AuthConfig authConfig = authConfigurations.getConfigs().get("https://test.docker.io/v2/");
    assertThat(authConfig.getUsername(), equalTo("user"));
    assertThat(authConfig.getPassword(), equalTo("password"));
}
 

private AuthConfig getAuthConfig() {
    AuthConfig authConfig = null;
    if (getRegistryUsername() != null && getRegistryPassword() != null && getRegistryUrl() != null) {
        authConfig = new AuthConfig()
                .withUsername(getRegistryUsername())
                .withPassword(getRegistryPassword())
                .withEmail(getRegistryEmail())
                .withRegistryAddress(getRegistryUrl());
    }
    return authConfig;
}
 

@Override
public AuthConfig authConfig() {
    checkNotNull(dockerClientConfig.getRegistryUsername(), "Configured username is null.");
    checkNotNull(dockerClientConfig.getRegistryUrl(), "Configured serverAddress is null.");

    return new AuthConfig()
            .withUsername(dockerClientConfig.getRegistryUsername())
            .withPassword(dockerClientConfig.getRegistryPassword())
            .withEmail(dockerClientConfig.getRegistryEmail())
            .withRegistryAddress(dockerClientConfig.getRegistryUrl());
}
 

@Override
public PushImageCmd pushImageCmd(Identifier identifier) {
    PushImageCmd cmd = pushImageCmd(identifier.repository.name);
    if (identifier.tag.isPresent()) {
        cmd.withTag(identifier.tag.get());
    }

    AuthConfig cfg = dockerClientConfig.effectiveAuthConfig(identifier.repository.name);
    if (cfg != null) {
        cmd.withAuthConfig(cfg);
    }

    return cmd;
}
 

@Override
public AuthConfig effectiveAuthConfig(String imageName) {
    AuthConfig authConfig = getAuthConfig();

    if (authConfig != null) {
        return authConfig;
    }

    DockerConfigFile dockerCfg = getDockerConfig();

    ReposTag reposTag = NameParser.parseRepositoryTag(imageName);
    HostnameReposName hostnameReposName = NameParser.resolveRepositoryName(reposTag.repos);

    return dockerCfg.resolveAuthConfig(hostnameReposName.hostname);
}
 

protected String registryAuth(@Nonnull AuthConfig authConfig) {
    try {
        return BaseEncoding.base64Url().encode(dockerClientConfig.getObjectMapper().writeValueAsString(authConfig).getBytes());
    } catch (IOException e) {
        throw new RuntimeException(e);
    }
}
 

@Nonnull
protected InvocationBuilder resourceWithOptionalAuthConfig(@CheckForNull AuthConfig authConfig,
                                                           @Nonnull InvocationBuilder request) {
    if (authConfig != null) {
        request = resourceWithAuthConfig(authConfig, request);
    }
    return request;
}
 

@CheckForNull
private static DockerConfigFile loadLegacyConfig(ObjectMapper objectMapper, String dockerConfigPath) throws IOException {
    File dockerLegacyCfgFile = new File(dockerConfigPath, DOCKER_LEGACY_CFG);

    if (!dockerLegacyCfgFile.exists() || !dockerLegacyCfgFile.isFile()) {
        return null;
    }

    //parse legacy auth config file format
    try {
        return new DockerConfigFile(objectMapper.<Map<String, AuthConfig>>readValue(dockerLegacyCfgFile, CONFIG_MAP_TYPE));
    } catch (IOException e) {
        // pass
    }

    List<String> authFileContent = FileUtils.readLines(dockerLegacyCfgFile, StandardCharsets.UTF_8);
    if (authFileContent.size() < 2) {
        throw new IOException("The Auth Config file is empty");
    }

    AuthConfig config = new AuthConfig();
    String[] origAuth = authFileContent.get(0).split(" = ");
    if (origAuth.length != 2) {
        throw new IOException("Invalid Auth config file");
    }

    config.withAuth(origAuth[1]);

    String[] origEmail = authFileContent.get(1).split(" = ");
    if (origEmail.length != 2) {
        throw new IOException("Invalid Auth config file");
    }
    config.withEmail(origEmail[1]);

    return new DockerConfigFile(new HashMap<>(Collections.singletonMap(config.getRegistryAddress(), config)));
}
 

private static void decodeAuth(AuthConfig config) throws IOException {
    if (config.getAuth() == null) {
        return;
    }

    String str = new String(Base64.getDecoder().decode(config.getAuth()), StandardCharsets.UTF_8);
    String[] parts = str.split(":", 2);
    if (parts.length != 2) {
        throw new IOException("Invalid auth configuration file");
    }
    config.withUsername(parts[0]);
    config.withPassword(parts[1]);
}
 

@Restricted(NoExternalUse.class)
public static void setRegistryAuthentication(PullImageCmd cmd, DockerRegistryEndpoint registry, ItemGroup context) {
    if (registry != null && registry.getCredentialsId() != null) {
        AuthConfig auth = getAuthConfig(registry, context);
        cmd.withAuthConfig(auth);
    }
}
 

@Test
public void validLegacy() throws IOException {
    AuthConfig authConfig = new AuthConfig()
            .withEmail("[email protected]")
            .withUsername("foo")
            .withPassword("bar")
            .withRegistryAddress(AuthConfig.DEFAULT_SERVER_ADDRESS);

    DockerConfigFile expected = new DockerConfigFile();
    expected.addAuthConfig(authConfig);

    assertThat(runTest("validLegacy"), is(expected));
}
 

private AuthConfig authConfigUsingHelper(final JsonNode config, final String reposName) throws Exception {
    final JsonNode credHelpers = config.get("credHelpers");
    if (credHelpers != null && credHelpers.size() > 0) {
        final JsonNode helperNode = credHelpers.get(reposName);
        if (helperNode != null && helperNode.isTextual()) {
            final String helper = helperNode.asText();
            return runCredentialProvider(reposName, helper);
        }
    }
    return null;
}
 

private AuthConfig authConfigUsingStore(final JsonNode config, final String reposName) throws Exception {
    final JsonNode credsStoreNode = config.get("credsStore");
    if (credsStoreNode != null && !credsStoreNode.isMissingNode() && credsStoreNode.isTextual()) {
        final String credsStore = credsStoreNode.asText();
        if (isBlank(credsStore)) {
            log.warn("Docker auth config credsStore field will be ignored, because value is blank");
            return null;
        }
        return runCredentialProvider(reposName, credsStore);
    }
    return null;
}
 

@Nonnull
public AuthConfigurations getAuthConfigurations() {
    final AuthConfigurations authConfigurations = new AuthConfigurations();
    for (Map.Entry<String, AuthConfig> authConfigEntry : auths.entrySet()) {
        authConfigurations.addConfig(authConfigEntry.getValue());
    }

    return authConfigurations;
}