rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-09-01 23:16:22 +00:00
Code Issues Releases Wiki Activity

Initial commit for adding ecr credential plugin

Browse Source
This commit is contained in:
Gaurav Mehta
2020-10-05 14:15:57 +11:00
committed by Gaurav Mehta
parent b8e94c98f8
commit 723dd7c670
7 changed files with 166 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
docker/docker.go
View File

@@ -13,6 +13,8 @@ import (
"strings"
"time"
"github.com/rancher/rke/util"
"github.com/coreos/go-semver/semver"
ref "github.com/docker/distribution/reference"
"github.com/docker/docker/api/types"
@@ -41,7 +43,8 @@ const (
)
type dockerConfig struct {
Auths map[string]authConfig `json:"auths,omitempty"`
Auths map[string]authConfig `json:"auths,omitempty"`
CredHelpers map[string]string `json:"credHelpers,omitempty"`
}
type authConfig types.AuthConfig
@@ -667,10 +670,28 @@ func tryRegistryAuth(pr v3.PrivateRegistry) types.RequestPrivilegeFunc {
}
func getRegistryAuth(pr v3.PrivateRegistry) (string, error) {
authConfig := types.AuthConfig{
Username: pr.User,
Password: pr.Password,
var authConfig types.AuthConfig
var err error
if len(pr.User) == 0 && len(pr.Password) == 0 && len(pr.CredentialPlugin) != 0 {
if regType, ok := pr.CredentialPlugin["type"]; ok {
switch regType {
case "ecr":
// generate ecr authConfig
authConfig, err = util.ECRCredentialPlugin(pr.CredentialPlugin, pr.URL)
if err != nil {
return "", err
}
default:
return "", fmt.Errorf("Unsupported Credential Plugin")
}
}
} else {
authConfig = types.AuthConfig{
Username: pr.User,
Password: pr.Password,
}
}
encodedJSON, err := json.Marshal(authConfig)
if err != nil {
return "", err
@@ -738,12 +759,20 @@ func isContainerEnvChanged(containerEnv, imageConfigEnv, dockerfileEnv []string)
func GetKubeletDockerConfig(prsMap map[string]v3.PrivateRegistry) (string, error) {
auths := map[string]authConfig{}
credHelper := make(map[string]string)
for url, pr := range prsMap {
auth := base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", pr.User, pr.Password)))
auths[url] = authConfig{Auth: auth}
if len(pr.CredentialPlugin) != 0 {
if credPluginType, ok := pr.CredentialPlugin["type"]; ok {
if credPluginType == "ecr" {
credHelper[pr.URL] = "ecr-login"
}
}
} else {
auth := base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", pr.User, pr.Password)))
auths[url] = authConfig{Auth: auth}
}
}
cfg, err := json.Marshal(dockerConfig{auths})
cfg, err := json.Marshal(dockerConfig{auths, credHelper})
if err != nil {
return "", err
}