From bbb3d74744441e929a7daa4e530f6300714e6a4f Mon Sep 17 00:00:00 2001 From: Nick Ethier Date: Tue, 8 May 2018 15:06:11 -0400 Subject: [PATCH 1/5] client/driver: use correct repo address when using docker-credential helper --- CHANGELOG.md | 3 +++ client/driver/docker.go | 10 ++++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index db99c39eb30..5823aeea6cf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,9 @@ IMPROVEMENTS: * env: Default interpolation of optional meta fields of parameterized jobs to an empty string rather than the field key. [[GH-3720](https://github.com/hashicorp/nomad/issues/3720)] +BUG FIXES: + * driver/docker: Fix docker credential helper support [[GH-3818](https://github.com/hashicorp/nomad/issues/3818)] [[GH-4221](https://github.com/hashicorp/nomad/issues/4221)] + ## 0.8.3 (April 27, 2018) BUG FIXES: diff --git a/client/driver/docker.go b/client/driver/docker.go index cc31e547eae..d6a32601728 100644 --- a/client/driver/docker.go +++ b/client/driver/docker.go @@ -2130,13 +2130,15 @@ func authFromHelper(helperName string) authBackend { helper := dockerAuthHelperPrefix + helperName cmd := exec.Command(helper, "get") - // Ensure that the HTTPs prefix exists - if !strings.HasPrefix(repo, "https://") { - repo = fmt.Sprintf("https://%s", repo) + repoInfo, err := parseRepositoryInfo(repo) + if err != nil { + return nil, err } - cmd.Stdin = strings.NewReader(repo) + // Ensure that the HTTPs prefix exists + repoAddr := fmt.Sprintf("https://%s", repoInfo.Hostname()) + cmd.Stdin = strings.NewReader(repoAddr) output, err := cmd.Output() if err != nil { switch err.(type) { From e99304e9f74acf5acf86d10958c752d3eef35967 Mon Sep 17 00:00:00 2001 From: Nick Ethier Date: Wed, 9 May 2018 22:33:20 -0400 Subject: [PATCH 2/5] changelog: ref PR instead of individual issues --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5823aeea6cf..a50579b01e3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,7 +11,7 @@ IMPROVEMENTS: an empty string rather than the field key. [[GH-3720](https://github.com/hashicorp/nomad/issues/3720)] BUG FIXES: - * driver/docker: Fix docker credential helper support [[GH-3818](https://github.com/hashicorp/nomad/issues/3818)] [[GH-4221](https://github.com/hashicorp/nomad/issues/4221)] + * driver/docker: Fix docker credential helper support [[GH-4266](https://github.com/hashicorp/nomad/issues/4266)] ## 0.8.3 (April 27, 2018) From 46c557c08ef58246ea42be24c8c4fd7e5137f0fc Mon Sep 17 00:00:00 2001 From: Nick Ethier Date: Wed, 9 May 2018 22:33:56 -0400 Subject: [PATCH 3/5] client/driver: add test for docker auth helper --- client/driver/docker_test.go | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/client/driver/docker_test.go b/client/driver/docker_test.go index 5595236c7ff..64f2c5c6941 100644 --- a/client/driver/docker_test.go +++ b/client/driver/docker_test.go @@ -2458,3 +2458,33 @@ func TestDockerDriver_AdvertiseIPv6Address(t *testing.T) { t.Fatalf("Got GlobalIPv6address %s want GlobalIPv6address with prefix %s", expectedPrefix, container.NetworkSettings.GlobalIPv6Address) } } + +func TestDockerDriver_authFromHelper(t *testing.T) { + dir, err := ioutil.TempDir("", "test-docker-driver_authfromhelper") + require.NoError(t, err) + defer os.RemoveAll(dir) + helperPayload := "{\"Username\":\"hashi\",\"Secret\":\"nomad\"}" + helperContent := []byte(fmt.Sprintf("#!/bin/sh\ncat > %s/helper-$1.out;echo '%s'", dir, helperPayload)) + + helperFile := filepath.Join(dir, "docker-credential-testnomad") + err = ioutil.WriteFile(helperFile, helperContent, 0777) + require.NoError(t, err) + + path := os.Getenv("PATH") + os.Setenv("PATH", fmt.Sprintf("%s:%s", path, dir)) + defer os.Setenv("PATH", path) + + helper := authFromHelper("testnomad") + creds, err := helper("registry.local:5000/repo/image") + require.NoError(t, err) + require.NotNil(t, creds) + require.Equal(t, "hashi", creds.Username) + require.Equal(t, "nomad", creds.Password) + + if _, err := os.Stat(filepath.Join(dir, "helper-get.out")); os.IsNotExist(err) { + t.Fatalf("Expected helper-get.out to exist") + } + content, err := ioutil.ReadFile(filepath.Join(dir, "helper-get.out")) + require.NoError(t, err) + require.Equal(t, []byte("https://registry.local:5000"), content) +} From d3c138e3106cd71ff9ae369e67a697d8aec6c6d1 Mon Sep 17 00:00:00 2001 From: Nick Ethier Date: Wed, 9 May 2018 22:34:25 -0400 Subject: [PATCH 4/5] client/driver: parse repo instead of attempting to pull repo info --- client/driver/docker.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/client/driver/docker.go b/client/driver/docker.go index d6a32601728..2e7c9b440d5 100644 --- a/client/driver/docker.go +++ b/client/driver/docker.go @@ -2130,13 +2130,13 @@ func authFromHelper(helperName string) authBackend { helper := dockerAuthHelperPrefix + helperName cmd := exec.Command(helper, "get") - repoInfo, err := parseRepositoryInfo(repo) + repoParsed, err := reference.ParseNamed(repo) if err != nil { return nil, err } // Ensure that the HTTPs prefix exists - repoAddr := fmt.Sprintf("https://%s", repoInfo.Hostname()) + repoAddr := fmt.Sprintf("https://%s", repoParsed.Hostname()) cmd.Stdin = strings.NewReader(repoAddr) output, err := cmd.Output() From 6e86c4e28c14a7294520e8c1264c365af4e0ac48 Mon Sep 17 00:00:00 2001 From: Nick Ethier Date: Mon, 14 May 2018 13:46:57 -0400 Subject: [PATCH 5/5] client/driver: gaurd authHelper test from running on windows --- client/driver/docker_linux_test.go | 41 ++++++++++++++++++++++++++++++ client/driver/docker_test.go | 30 ---------------------- 2 files changed, 41 insertions(+), 30 deletions(-) create mode 100644 client/driver/docker_linux_test.go diff --git a/client/driver/docker_linux_test.go b/client/driver/docker_linux_test.go new file mode 100644 index 00000000000..4c68799ec45 --- /dev/null +++ b/client/driver/docker_linux_test.go @@ -0,0 +1,41 @@ +package driver + +import ( + "fmt" + "io/ioutil" + "os" + "path/filepath" + "testing" + + "github.com/stretchr/testify/require" +) + +func TestDockerDriver_authFromHelper(t *testing.T) { + dir, err := ioutil.TempDir("", "test-docker-driver_authfromhelper") + require.NoError(t, err) + defer os.RemoveAll(dir) + helperPayload := "{\"Username\":\"hashi\",\"Secret\":\"nomad\"}" + helperContent := []byte(fmt.Sprintf("#!/bin/sh\ncat > %s/helper-$1.out;echo '%s'", dir, helperPayload)) + + helperFile := filepath.Join(dir, "docker-credential-testnomad") + err = ioutil.WriteFile(helperFile, helperContent, 0777) + require.NoError(t, err) + + path := os.Getenv("PATH") + os.Setenv("PATH", fmt.Sprintf("%s:%s", path, dir)) + defer os.Setenv("PATH", path) + + helper := authFromHelper("testnomad") + creds, err := helper("registry.local:5000/repo/image") + require.NoError(t, err) + require.NotNil(t, creds) + require.Equal(t, "hashi", creds.Username) + require.Equal(t, "nomad", creds.Password) + + if _, err := os.Stat(filepath.Join(dir, "helper-get.out")); os.IsNotExist(err) { + t.Fatalf("Expected helper-get.out to exist") + } + content, err := ioutil.ReadFile(filepath.Join(dir, "helper-get.out")) + require.NoError(t, err) + require.Equal(t, []byte("https://registry.local:5000"), content) +} diff --git a/client/driver/docker_test.go b/client/driver/docker_test.go index 64f2c5c6941..5595236c7ff 100644 --- a/client/driver/docker_test.go +++ b/client/driver/docker_test.go @@ -2458,33 +2458,3 @@ func TestDockerDriver_AdvertiseIPv6Address(t *testing.T) { t.Fatalf("Got GlobalIPv6address %s want GlobalIPv6address with prefix %s", expectedPrefix, container.NetworkSettings.GlobalIPv6Address) } } - -func TestDockerDriver_authFromHelper(t *testing.T) { - dir, err := ioutil.TempDir("", "test-docker-driver_authfromhelper") - require.NoError(t, err) - defer os.RemoveAll(dir) - helperPayload := "{\"Username\":\"hashi\",\"Secret\":\"nomad\"}" - helperContent := []byte(fmt.Sprintf("#!/bin/sh\ncat > %s/helper-$1.out;echo '%s'", dir, helperPayload)) - - helperFile := filepath.Join(dir, "docker-credential-testnomad") - err = ioutil.WriteFile(helperFile, helperContent, 0777) - require.NoError(t, err) - - path := os.Getenv("PATH") - os.Setenv("PATH", fmt.Sprintf("%s:%s", path, dir)) - defer os.Setenv("PATH", path) - - helper := authFromHelper("testnomad") - creds, err := helper("registry.local:5000/repo/image") - require.NoError(t, err) - require.NotNil(t, creds) - require.Equal(t, "hashi", creds.Username) - require.Equal(t, "nomad", creds.Password) - - if _, err := os.Stat(filepath.Join(dir, "helper-get.out")); os.IsNotExist(err) { - t.Fatalf("Expected helper-get.out to exist") - } - content, err := ioutil.ReadFile(filepath.Join(dir, "helper-get.out")) - require.NoError(t, err) - require.Equal(t, []byte("https://registry.local:5000"), content) -}