use of com.aws.greengrass.componentmanager.plugins.docker.exceptions.RegistryAuthException in project aws-greengrass-nucleus by aws-greengrass.
the class EcrAccessor method getCredentials.
/**
* Get credentials(auth token) for a private docker registry in ECR.
*
* @param registryId Registry id
* @return Registry.Credentials - Registry's authorization information
* @throws RegistryAuthException When authentication fails
*/
@SuppressWarnings("PMD.AvoidRethrowingException")
public Registry.Credentials getCredentials(String registryId) throws RegistryAuthException {
try (EcrClient client = getClient()) {
AuthorizationData authorizationData = client.getAuthorizationToken(GetAuthorizationTokenRequest.builder().registryIds(Collections.singletonList(registryId)).build()).authorizationData().get(0);
// Decoded auth token is of the format <username>:<password>
String[] authTokenParts = new String(Base64.getDecoder().decode(authorizationData.authorizationToken()), StandardCharsets.UTF_8).split(":");
return new Registry.Credentials(authTokenParts[0], authTokenParts[1], authorizationData.expiresAt());
} catch (ServerException | SdkClientException e) {
// Errors we can retry on
throw e;
} catch (EcrException e) {
throw new RegistryAuthException(String.format("Failed to get credentials for ECR registry - %s", registryId), e);
}
}
use of com.aws.greengrass.componentmanager.plugins.docker.exceptions.RegistryAuthException in project aws-greengrass-nucleus by aws-greengrass.
the class DockerImageDownloaderTest method GIVEN_a_container_component_with_image_in_ecr_WHEN_when_failed_to_get_credentials_THEN_fail_deployment.
@Test
void GIVEN_a_container_component_with_image_in_ecr_WHEN_when_failed_to_get_credentials_THEN_fail_deployment() throws Exception {
URI artifactUri = new URI("docker:012345678910.dkr.ecr.us-east-1.amazonaws.com/testimage:sometag");
Image image = Image.fromArtifactUri(ComponentArtifact.builder().artifactUri(artifactUri).build());
when(ecrAccessor.getCredentials("012345678910")).thenThrow(new RegistryAuthException("Failed to get " + "credentials for ECR registry"));
when(dockerClient.dockerInstalled()).thenReturn(true);
DockerImageDownloader downloader = getDownloader(artifactUri);
Throwable err = assertThrows(PackageDownloadException.class, () -> downloader.download());
assertThat(err.getMessage(), containsString("Failed to get auth token for docker login"));
assertTrue(err.getCause() instanceof RegistryAuthException);
assertEquals("testimage", image.getName());
assertEquals("sometag", image.getTag());
assertNull(image.getDigest());
assertTrue(image.getRegistry().isEcrRegistry());
assertTrue(image.getRegistry().isPrivateRegistry());
assertEquals("012345678910.dkr.ecr.us-east-1.amazonaws.com", image.getRegistry().getEndpoint());
assertEquals("012345678910", image.getRegistry().getRegistryId());
verify(ecrAccessor).getCredentials("012345678910");
verify(dockerClient, never()).login(any());
verify(dockerClient, never()).pullImage(any());
}
Aggregations