From b641be10caa49b7e263b899fee0c810bf67a00d9 Mon Sep 17 00:00:00 2001 From: Chanseok Oh Date: Mon, 16 Jul 2018 15:41:43 -0400 Subject: [PATCH 1/8] Try all aliases for retrieving Docker confg creds --- .../jib/registry/RegistryAliasGroup.java | 49 +++++++++++++++++++ .../DockerConfigCredentialRetriever.java | 12 +++++ .../jib/registry/RegistryAliasGroupTest.java | 45 +++++++++++++++++ .../DockerConfigCredentialRetrieverTest.java | 17 +++++++ .../src/test/resources/json/dockerconfig.json | 16 +++++- 5 files changed, 138 insertions(+), 1 deletion(-) create mode 100644 jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAliasGroup.java create mode 100644 jib-core/src/test/java/com/google/cloud/tools/jib/registry/RegistryAliasGroupTest.java diff --git a/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAliasGroup.java b/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAliasGroup.java new file mode 100644 index 0000000000..bcfd0a2e03 --- /dev/null +++ b/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAliasGroup.java @@ -0,0 +1,49 @@ +/* + * Copyright 2018 Google LLC. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + +package com.google.cloud.tools.jib.registry; + +import com.google.common.collect.ImmutableList; +import java.util.ArrayDeque; + +public class RegistryAliasGroup { + + private static final ImmutableList> REGISTRY_ALIAS_GROUPS = + ImmutableList.of( + // Docker Hub alias group + ImmutableList.of("registry.hub.docker.com", "index.docker.io")); + + /** + * Returns the list of registry aliases for the given {@code registry}, including {@code registry} + * as the first element. + * + * @param registry the registry for which the alias group is requested + * @return non-empty list of registries where {@code registry} is the first element + */ + public static ImmutableList getAliasesGroup(String registry) { + for (ImmutableList aliasGroup : REGISTRY_ALIAS_GROUPS) { + if (aliasGroup.contains(registry)) { + // Found a group. Move the requested "registry" to the front before returning it. + ArrayDeque requestedRegistryAtHead = new ArrayDeque<>(aliasGroup); + requestedRegistryAtHead.remove(registry); + requestedRegistryAtHead.addFirst(registry); + return ImmutableList.copyOf(requestedRegistryAtHead); + } + } + + return ImmutableList.of(registry); + } +} diff --git a/jib-core/src/main/java/com/google/cloud/tools/jib/registry/credentials/DockerConfigCredentialRetriever.java b/jib-core/src/main/java/com/google/cloud/tools/jib/registry/credentials/DockerConfigCredentialRetriever.java index 4670214931..53be488636 100644 --- a/jib-core/src/main/java/com/google/cloud/tools/jib/registry/credentials/DockerConfigCredentialRetriever.java +++ b/jib-core/src/main/java/com/google/cloud/tools/jib/registry/credentials/DockerConfigCredentialRetriever.java @@ -19,6 +19,7 @@ import com.google.cloud.tools.jib.http.Authorization; import com.google.cloud.tools.jib.http.Authorizations; import com.google.cloud.tools.jib.json.JsonTemplateMapper; +import com.google.cloud.tools.jib.registry.RegistryAliasGroup; import com.google.cloud.tools.jib.registry.credentials.json.DockerConfigTemplate; import com.google.common.annotations.VisibleForTesting; import java.io.IOException; @@ -86,6 +87,17 @@ public Authorization retrieve() throws IOException { return null; } + for (String registry : RegistryAliasGroup.getAliasesGroup(registry)) { + Authorization authorization = retrieve(dockerConfigTemplate, registry); + if (authorization != null) { + return authorization; + } + } + return null; + } + + @Nullable + private Authorization retrieve(DockerConfigTemplate dockerConfigTemplate, String registry) { // First, tries to find defined auth. String auth = dockerConfigTemplate.getAuthFor(registry); if (auth != null) { diff --git a/jib-core/src/test/java/com/google/cloud/tools/jib/registry/RegistryAliasGroupTest.java b/jib-core/src/test/java/com/google/cloud/tools/jib/registry/RegistryAliasGroupTest.java new file mode 100644 index 0000000000..e36e706bb5 --- /dev/null +++ b/jib-core/src/test/java/com/google/cloud/tools/jib/registry/RegistryAliasGroupTest.java @@ -0,0 +1,45 @@ +/* + * Copyright 2018 Google LLC. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + +package com.google.cloud.tools.jib.registry; + +import com.google.common.collect.ImmutableList; +import org.junit.Assert; +import org.junit.Test; + +public class RegistryAliasGroupTest { + + @Test + public void testGetAliasesGroup_noKnownAliases() { + ImmutableList singleton = RegistryAliasGroup.getAliasesGroup("something.gcr.io"); + Assert.assertEquals(1, singleton.size()); + Assert.assertEquals("something.gcr.io", singleton.get(0)); + } + + @Test + public void testGetAliasesGroup_registryHubDockerCom() { + Assert.assertArrayEquals( + RegistryAliasGroup.getAliasesGroup("registry.hub.docker.com").toArray(new String[0]), + new String[] {"registry.hub.docker.com", "index.docker.io"}); + } + + @Test + public void testGetAliasesGroup_indexDockerIo() { + Assert.assertArrayEquals( + RegistryAliasGroup.getAliasesGroup("index.docker.io").toArray(new String[0]), + new String[] {"index.docker.io", "registry.hub.docker.com"}); + } +} diff --git a/jib-core/src/test/java/com/google/cloud/tools/jib/registry/credentials/DockerConfigCredentialRetrieverTest.java b/jib-core/src/test/java/com/google/cloud/tools/jib/registry/credentials/DockerConfigCredentialRetrieverTest.java index 256e3384e0..b295157617 100644 --- a/jib-core/src/test/java/com/google/cloud/tools/jib/registry/credentials/DockerConfigCredentialRetrieverTest.java +++ b/jib-core/src/test/java/com/google/cloud/tools/jib/registry/credentials/DockerConfigCredentialRetrieverTest.java @@ -118,4 +118,21 @@ public void testRetrieve_none() throws IOException { Assert.assertNull(dockerConfigCredentialRetriever.retrieve()); } + + @Test + public void testRetrieve_credentialFromAlias() throws IOException { + Mockito.when(mockDockerCredentialHelperFactory.withCredentialHelperSuffix(Mockito.anyString())) + .thenReturn(Mockito.mock(DockerCredentialHelper.class)); + Mockito.when( + mockDockerCredentialHelperFactory.withCredentialHelperSuffix( + "index.docker.io credential helper")) + .thenReturn(mockDockerCredentialHelper); + + DockerConfigCredentialRetriever dockerConfigCredentialRetriever = + new DockerConfigCredentialRetriever( + "registry.hub.docker.com", dockerConfigFile, mockDockerCredentialHelperFactory); + + Authorization authorization = dockerConfigCredentialRetriever.retrieve(); + Assert.assertEquals(mockAuthorization, authorization); + } } diff --git a/jib-core/src/test/resources/json/dockerconfig.json b/jib-core/src/test/resources/json/dockerconfig.json index a4cbe7a126..cc8c1d9093 100644 --- a/jib-core/src/test/resources/json/dockerconfig.json +++ b/jib-core/src/test/resources/json/dockerconfig.json @@ -1 +1,15 @@ -{"auths":{"some other registry":{"auth":"some other auth"},"some registry":{"auth":"some auth","password":"ignored"},"https://registry":{"auth":"token"},"just registry":{},"https://with.protocol":{}},"credsStore":"some credential store","credHelpers":{"another registry":"another credential helper","some registry":"some credential helper"}} \ No newline at end of file +{ + "auths":{ + "some other registry":{"auth":"some other auth"}, + "some registry":{"auth":"some auth","password":"ignored"}, + "https://registry":{"auth":"token"}, + "just registry":{}, + "https://with.protocol":{} + }, + "credsStore":"some credential store", + "credHelpers":{ + "another registry":"another credential helper", + "some registry":"some credential helper", + "index.docker.io":"index.docker.io credential helper" + } +} \ No newline at end of file From 7c6f5c4f8c65ad52930ba3a799c636d1f210f1b2 Mon Sep 17 00:00:00 2001 From: Chanseok Oh Date: Mon, 16 Jul 2018 16:34:40 -0400 Subject: [PATCH 2/8] Process list in natural mental model --- .../tools/jib/registry/RegistryAliasGroup.java | 16 +++++++++------- .../jib/registry/RegistryAliasGroupTest.java | 4 ++-- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAliasGroup.java b/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAliasGroup.java index bcfd0a2e03..bee67ec1df 100644 --- a/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAliasGroup.java +++ b/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAliasGroup.java @@ -17,7 +17,10 @@ package com.google.cloud.tools.jib.registry; import com.google.common.collect.ImmutableList; -import java.util.ArrayDeque; +import java.util.Collections; +import java.util.List; +import java.util.stream.Collectors; +import java.util.stream.Stream; public class RegistryAliasGroup { @@ -33,17 +36,16 @@ public class RegistryAliasGroup { * @param registry the registry for which the alias group is requested * @return non-empty list of registries where {@code registry} is the first element */ - public static ImmutableList getAliasesGroup(String registry) { + public static List getAliasesGroup(String registry) { for (ImmutableList aliasGroup : REGISTRY_ALIAS_GROUPS) { if (aliasGroup.contains(registry)) { // Found a group. Move the requested "registry" to the front before returning it. - ArrayDeque requestedRegistryAtHead = new ArrayDeque<>(aliasGroup); - requestedRegistryAtHead.remove(registry); - requestedRegistryAtHead.addFirst(registry); - return ImmutableList.copyOf(requestedRegistryAtHead); + Stream self = Stream.of(registry); + Stream withoutSelf = aliasGroup.stream().filter(alias -> !registry.equals(alias)); + return Stream.concat(self, withoutSelf).collect(Collectors.toList()); } } - return ImmutableList.of(registry); + return Collections.singletonList(registry); } } diff --git a/jib-core/src/test/java/com/google/cloud/tools/jib/registry/RegistryAliasGroupTest.java b/jib-core/src/test/java/com/google/cloud/tools/jib/registry/RegistryAliasGroupTest.java index e36e706bb5..4d5579b96f 100644 --- a/jib-core/src/test/java/com/google/cloud/tools/jib/registry/RegistryAliasGroupTest.java +++ b/jib-core/src/test/java/com/google/cloud/tools/jib/registry/RegistryAliasGroupTest.java @@ -16,7 +16,7 @@ package com.google.cloud.tools.jib.registry; -import com.google.common.collect.ImmutableList; +import java.util.List; import org.junit.Assert; import org.junit.Test; @@ -24,7 +24,7 @@ public class RegistryAliasGroupTest { @Test public void testGetAliasesGroup_noKnownAliases() { - ImmutableList singleton = RegistryAliasGroup.getAliasesGroup("something.gcr.io"); + List singleton = RegistryAliasGroup.getAliasesGroup("something.gcr.io"); Assert.assertEquals(1, singleton.size()); Assert.assertEquals("something.gcr.io", singleton.get(0)); } From 52b84abe9c44875a1f5e58f41df8556ce9dde7be Mon Sep 17 00:00:00 2001 From: Chanseok Oh Date: Mon, 16 Jul 2018 16:50:54 -0400 Subject: [PATCH 3/8] Update CHANGELOG --- jib-maven-plugin/CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/jib-maven-plugin/CHANGELOG.md b/jib-maven-plugin/CHANGELOG.md index e62c65a58a..dd4697a801 100644 --- a/jib-maven-plugin/CHANGELOG.md +++ b/jib-maven-plugin/CHANGELOG.md @@ -8,6 +8,8 @@ All notable changes to this project will be documented in this file. - `jib:buildTar` goal to build an image tarball at `target/jib-image.tar`, which can be loaded into docker using `docker load` ([#514](https://github.com/GoogleContainerTools/jib/issues/514)) +- For Docker Hub, also tries registry aliases when getting a credential from `docker.config` + ### Changed ### Fixed From ba1f67107ed54ea3b4a4039ebc264c3f86ad4853 Mon Sep 17 00:00:00 2001 From: Chanseok Oh Date: Tue, 17 Jul 2018 10:44:47 -0400 Subject: [PATCH 4/8] CHANGE in jib-gradle-plugin too --- jib-gradle-plugin/CHANGELOG.md | 2 ++ jib-maven-plugin/CHANGELOG.md | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/jib-gradle-plugin/CHANGELOG.md b/jib-gradle-plugin/CHANGELOG.md index 541ff3765e..6a685f1445 100644 --- a/jib-gradle-plugin/CHANGELOG.md +++ b/jib-gradle-plugin/CHANGELOG.md @@ -8,6 +8,8 @@ All notable changes to this project will be documented in this file. - `jibBuildTar` task to build an image tarball at `build/jib-image.tar`, which can be loaded into docker using `docker load` ([#514](https://github.com/GoogleContainerTools/jib/issues/514)) +- For Docker Hub, also tries registry aliases when getting a credential from the Docker config + ### Changed ### Fixed diff --git a/jib-maven-plugin/CHANGELOG.md b/jib-maven-plugin/CHANGELOG.md index dd4697a801..8a4c69835f 100644 --- a/jib-maven-plugin/CHANGELOG.md +++ b/jib-maven-plugin/CHANGELOG.md @@ -8,7 +8,7 @@ All notable changes to this project will be documented in this file. - `jib:buildTar` goal to build an image tarball at `target/jib-image.tar`, which can be loaded into docker using `docker load` ([#514](https://github.com/GoogleContainerTools/jib/issues/514)) -- For Docker Hub, also tries registry aliases when getting a credential from `docker.config` +- For Docker Hub, also tries registry aliases when getting a credential from the Docker config ### Changed From 0c79c66dd1bb384f3685beffb04d18a331b2eade Mon Sep 17 00:00:00 2001 From: Chanseok Oh Date: Tue, 17 Jul 2018 10:55:34 -0400 Subject: [PATCH 5/8] better code in tests --- .../tools/jib/registry/RegistryAliasGroupTest.java | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/jib-core/src/test/java/com/google/cloud/tools/jib/registry/RegistryAliasGroupTest.java b/jib-core/src/test/java/com/google/cloud/tools/jib/registry/RegistryAliasGroupTest.java index 4d5579b96f..79a1529d7a 100644 --- a/jib-core/src/test/java/com/google/cloud/tools/jib/registry/RegistryAliasGroupTest.java +++ b/jib-core/src/test/java/com/google/cloud/tools/jib/registry/RegistryAliasGroupTest.java @@ -16,6 +16,7 @@ package com.google.cloud.tools.jib.registry; +import java.util.Arrays; import java.util.List; import org.junit.Assert; import org.junit.Test; @@ -31,15 +32,15 @@ public void testGetAliasesGroup_noKnownAliases() { @Test public void testGetAliasesGroup_registryHubDockerCom() { - Assert.assertArrayEquals( - RegistryAliasGroup.getAliasesGroup("registry.hub.docker.com").toArray(new String[0]), - new String[] {"registry.hub.docker.com", "index.docker.io"}); + Assert.assertEquals( + Arrays.asList("registry.hub.docker.com", "index.docker.io"), + RegistryAliasGroup.getAliasesGroup("registry.hub.docker.com")); } @Test public void testGetAliasesGroup_indexDockerIo() { - Assert.assertArrayEquals( - RegistryAliasGroup.getAliasesGroup("index.docker.io").toArray(new String[0]), - new String[] {"index.docker.io", "registry.hub.docker.com"}); + Assert.assertEquals( + Arrays.asList("index.docker.io", "registry.hub.docker.com"), + RegistryAliasGroup.getAliasesGroup("index.docker.io")); } } From aa383fc7f319be4ba9779c15fa792ec705ba5596 Mon Sep 17 00:00:00 2001 From: Chanseok Oh Date: Tue, 17 Jul 2018 10:56:05 -0400 Subject: [PATCH 6/8] Use Set instead of List --- .../cloud/tools/jib/registry/RegistryAliasGroup.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAliasGroup.java b/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAliasGroup.java index bee67ec1df..bae796b4f0 100644 --- a/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAliasGroup.java +++ b/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAliasGroup.java @@ -17,6 +17,7 @@ package com.google.cloud.tools.jib.registry; import com.google.common.collect.ImmutableList; +import com.google.common.collect.ImmutableSet; import java.util.Collections; import java.util.List; import java.util.stream.Collectors; @@ -24,10 +25,10 @@ public class RegistryAliasGroup { - private static final ImmutableList> REGISTRY_ALIAS_GROUPS = + private static final ImmutableList> REGISTRY_ALIAS_GROUPS = ImmutableList.of( // Docker Hub alias group - ImmutableList.of("registry.hub.docker.com", "index.docker.io")); + ImmutableSet.of("registry.hub.docker.com", "index.docker.io")); /** * Returns the list of registry aliases for the given {@code registry}, including {@code registry} @@ -37,7 +38,7 @@ public class RegistryAliasGroup { * @return non-empty list of registries where {@code registry} is the first element */ public static List getAliasesGroup(String registry) { - for (ImmutableList aliasGroup : REGISTRY_ALIAS_GROUPS) { + for (ImmutableSet aliasGroup : REGISTRY_ALIAS_GROUPS) { if (aliasGroup.contains(registry)) { // Found a group. Move the requested "registry" to the front before returning it. Stream self = Stream.of(registry); From 5232fb8bdf8fc13bbbaa0702387da2b6a365fd73 Mon Sep 17 00:00:00 2001 From: Chanseok Oh Date: Tue, 17 Jul 2018 10:59:57 -0400 Subject: [PATCH 7/8] Add Javadocs for public classes --- .../com/google/cloud/tools/jib/registry/RegistryAliasGroup.java | 1 + .../google/cloud/tools/jib/registry/RegistryAliasGroupTest.java | 1 + 2 files changed, 2 insertions(+) diff --git a/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAliasGroup.java b/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAliasGroup.java index bae796b4f0..58c988414d 100644 --- a/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAliasGroup.java +++ b/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAliasGroup.java @@ -23,6 +23,7 @@ import java.util.stream.Collectors; import java.util.stream.Stream; +/** Provides known aliases for a given registry. */ public class RegistryAliasGroup { private static final ImmutableList> REGISTRY_ALIAS_GROUPS = diff --git a/jib-core/src/test/java/com/google/cloud/tools/jib/registry/RegistryAliasGroupTest.java b/jib-core/src/test/java/com/google/cloud/tools/jib/registry/RegistryAliasGroupTest.java index 79a1529d7a..90dc98e2d8 100644 --- a/jib-core/src/test/java/com/google/cloud/tools/jib/registry/RegistryAliasGroupTest.java +++ b/jib-core/src/test/java/com/google/cloud/tools/jib/registry/RegistryAliasGroupTest.java @@ -21,6 +21,7 @@ import org.junit.Assert; import org.junit.Test; +/** Tests for {@link RegistryAliasGroup}. */ public class RegistryAliasGroupTest { @Test From 86207eae461d8f367205d7dd360e5cb7364fc2fc Mon Sep 17 00:00:00 2001 From: Chanseok Oh Date: Tue, 17 Jul 2018 11:15:48 -0400 Subject: [PATCH 8/8] No empty lines in CHANGELOG files --- jib-gradle-plugin/CHANGELOG.md | 1 - jib-maven-plugin/CHANGELOG.md | 1 - 2 files changed, 2 deletions(-) diff --git a/jib-gradle-plugin/CHANGELOG.md b/jib-gradle-plugin/CHANGELOG.md index 413e95b157..9b24c56728 100644 --- a/jib-gradle-plugin/CHANGELOG.md +++ b/jib-gradle-plugin/CHANGELOG.md @@ -7,7 +7,6 @@ All notable changes to this project will be documented in this file. - Snapshot dependencies are added as their own layer ([#584](https://github.com/GoogleContainerTools/jib/pull/584)) - `jibBuildTar` task to build an image tarball at `build/jib-image.tar`, which can be loaded into docker using `docker load` ([#514](https://github.com/GoogleContainerTools/jib/issues/514)) - - For Docker Hub, also tries registry aliases when getting a credential from the Docker config ### Changed diff --git a/jib-maven-plugin/CHANGELOG.md b/jib-maven-plugin/CHANGELOG.md index 627b3b1b36..6db12229a2 100644 --- a/jib-maven-plugin/CHANGELOG.md +++ b/jib-maven-plugin/CHANGELOG.md @@ -7,7 +7,6 @@ All notable changes to this project will be documented in this file. - Snapshot dependencies are added as their own layer ([#584](https://github.com/GoogleContainerTools/jib/pull/584)) - `jib:buildTar` goal to build an image tarball at `target/jib-image.tar`, which can be loaded into docker using `docker load` ([#514](https://github.com/GoogleContainerTools/jib/issues/514)) - - For Docker Hub, also tries registry aliases when getting a credential from the Docker config ### Changed