github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-31 15:25:57 +00:00
Code Issues Projects Releases Wiki Activity

Include changes from feedback

Browse Source 
Use constructor for ecrProvider
Rename package to "credentials" like golint requests
Don't wrap the lazy provider with a caching provider
Add immedita compile-time interface conformance checks for the interfaces
Added comments
This commit is contained in:
Rudi Chiarito 2016-04-17 17:22:52 -04:00
parent eea29e8851
commit 6e6ea46182
3 changed files with 25 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/cloudprovider/providers/aws/aws.go
View File

@ -42,7 +42,7 @@ import (
"k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/api"
"k8s.io/kubernetes/pkg/cloudprovider" "k8s.io/kubernetes/pkg/cloudprovider"
"k8s.io/kubernetes/pkg/credentialprovider/aws" aws_credentials "k8s.io/kubernetes/pkg/credentialprovider/aws"
"k8s.io/kubernetes/pkg/types" "k8s.io/kubernetes/pkg/types"
"github.com/golang/glog" "github.com/golang/glog"

29
pkg/credentialprovider/aws/aws_credentials.go
View File

@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/ */
package aws_credentials package credentials
import ( import (
"encoding/base64" "encoding/base64"
@ -84,6 +84,8 @@ type lazyEcrProvider struct {
actualProvider *credentialprovider.CachingDockerConfigProvider actualProvider *credentialprovider.CachingDockerConfigProvider
} }
var _ credentialprovider.DockerConfigProvider = &lazyEcrProvider{}
// ecrProvider is a DockerConfigProvider that gets and refreshes 12-hour tokens // ecrProvider is a DockerConfigProvider that gets and refreshes 12-hour tokens
// from AWS to access ECR. // from AWS to access ECR.
type ecrProvider struct { type ecrProvider struct {
@ -92,6 +94,8 @@ type ecrProvider struct {
getter tokenGetter getter tokenGetter
} }
var _ credentialprovider.DockerConfigProvider = &ecrProvider{}
// Init creates a lazy provider for each AWS region, in order to support // Init creates a lazy provider for each AWS region, in order to support
// cross-region ECR access. They have to be lazy because it's unlikely, but not // cross-region ECR access. They have to be lazy because it's unlikely, but not
// impossible, that we'll use more than one. // impossible, that we'll use more than one.
@ -101,20 +105,17 @@ type ecrProvider struct {
func Init() { func Init() {
for _, region := range AWSRegions { for _, region := range AWSRegions {
credentialprovider.RegisterCredentialProvider("aws-ecr-"+region, credentialprovider.RegisterCredentialProvider("aws-ecr-"+region,
&credentialprovider.CachingDockerConfigProvider{ &lazyEcrProvider{
Provider: &lazyEcrProvider{
region: region, region: region,
regionURL: fmt.Sprintf(registryURLTemplate, region), regionURL: fmt.Sprintf(registryURLTemplate, region),
},
// This is going to be just a lazy proxy to the real ecrProvider.
// It holds no real credentials, so refresh practically never.
Lifetime: 365 * 24 * time.Hour,
}) })
} }
} }
// Enabled implements DockerConfigProvider.Enabled for the lazy provider. // Enabled implements DockerConfigProvider.Enabled for the lazy provider.
// Since we perform no checks/work of our own and actualProvider is only created
// later at image pulling time (if ever), always return true.
func (p *lazyEcrProvider) Enabled() bool { func (p *lazyEcrProvider) Enabled() bool {
return true return true
} }
@ -126,15 +127,11 @@ func (p *lazyEcrProvider) LazyProvide() *credentialprovider.DockerConfigEntry {
if p.actualProvider == nil { if p.actualProvider == nil {
glog.V(2).Infof("Creating ecrProvider for %s", p.region) glog.V(2).Infof("Creating ecrProvider for %s", p.region)
p.actualProvider = &credentialprovider.CachingDockerConfigProvider{ p.actualProvider = &credentialprovider.CachingDockerConfigProvider{
Provider: &ecrProvider{ Provider: newEcrProvider(p.region, nil),
region: p.region,
regionURL: p.regionURL,
},
// Refresh credentials a little earlier than expiration time // Refresh credentials a little earlier than expiration time
Lifetime: 11*time.Hour + 55*time.Minute, Lifetime: 11*time.Hour + 55*time.Minute,
} }
if !p.actualProvider.Enabled() { if !p.actualProvider.Enabled() {
return nil return nil
} }
} }
@ -153,6 +150,14 @@ func (p *lazyEcrProvider) Provide() credentialprovider.DockerConfig {
return cfg return cfg
} }
func newEcrProvider(region string, getter tokenGetter) *ecrProvider {
return &ecrProvider{
region: region,
regionURL: fmt.Sprintf(registryURLTemplate, region),
getter: getter,
}
}
// Enabled implements DockerConfigProvider.Enabled for the AWS token-based implementation. // Enabled implements DockerConfigProvider.Enabled for the AWS token-based implementation.
// For now, it gets activated only if AWS was chosen as the cloud provider. // For now, it gets activated only if AWS was chosen as the cloud provider.
// TODO: figure how to enable it manually for deployments that are not on AWS but still // TODO: figure how to enable it manually for deployments that are not on AWS but still

12
pkg/credentialprovider/aws/aws_credentials_test.go
View File

@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/ */
package aws_credentials package credentials
import ( import (
"encoding/base64" "encoding/base64"
@ -64,14 +64,12 @@ func TestEcrProvide(t *testing.T) {
} }
image := "foo/bar" image := "foo/bar"
provider := &ecrProvider{ provider := newEcrProvider("lala-land-1",
region: "lala-land-1", &testTokenGetter{
regionURL: "*.dkr.ecr.lala-land-1.amazonaws.com",
getter: &testTokenGetter{
user: user, user: user,
password: password, password: password,
endpoint: registry}, endpoint: registry,
} })
keyring := &credentialprovider.BasicDockerKeyring{} keyring := &credentialprovider.BasicDockerKeyring{}
keyring.Add(provider.Provide()) keyring.Add(provider.Provide())