Example 1 with UserNotAuthorizedForDockerException
use of com.aws.greengrass.componentmanager.plugins.docker.exceptions.UserNotAuthorizedForDockerException in project aws-greengrass-nucleus by aws-greengrass.
the class DefaultDockerClient method login.
/**
* Login to given docker registry.
*
* @param registry Registry to log into, with credentials encapsulated
* @throws DockerLoginException error in authenticating with the registry
* @throws UserNotAuthorizedForDockerException when current user is not authorized to use docker
* @throws DockerServiceUnavailableException an error that can be potentially fixed through retries
* @throws IOException unexpected error
*/
public void login(Registry registry) throws DockerLoginException, UserNotAuthorizedForDockerException, DockerServiceUnavailableException, IOException {
Map<String, String> credEnvMap = new HashMap<>();
credEnvMap.put("dockerUsername", registry.getCredentials().getUsername());
credEnvMap.put("dockerPassword", registry.getCredentials().getPassword());
Platform platform = Platform.getInstance();
String loginCommand = String.format("docker login %s -u %s -p %s", registry.getEndpoint(), platform.formatEnvironmentVariableCmd("dockerUsername"), platform.formatEnvironmentVariableCmd("dockerPassword"));
CliResponse response = runDockerCmd(loginCommand, credEnvMap);
Optional<UserNotAuthorizedForDockerException> userAuthorizationError = checkUserAuthorizationError(response);
if (userAuthorizationError.isPresent()) {
throw userAuthorizationError.get();
}
if (response.exit.isPresent()) {
if (response.exit.get() == 0) {
return;
} else {
if (response.getOut().contains("Service Unavailable")) {
// engine has issues or proxy config is bad etc. Not entirely reliable to determine retry behavior
throw new DockerServiceUnavailableException(String.format("Error logging into the registry using credentials - %s", response.err));
}
throw new DockerLoginException(String.format("Error logging into the registry using credentials - %s", response.err));
}
} else {
throw new IOException("Unexpected error while trying to perform docker login", response.failureCause);
}
}
Also used :
DockerServiceUnavailableException(com.aws.greengrass.componentmanager.plugins.docker.exceptions.DockerServiceUnavailableException)
Platform(com.aws.greengrass.util.platforms.Platform)
HashMap(java.util.HashMap)
IOException(java.io.IOException)
DockerLoginException(com.aws.greengrass.componentmanager.plugins.docker.exceptions.DockerLoginException)
UserNotAuthorizedForDockerException(com.aws.greengrass.componentmanager.plugins.docker.exceptions.UserNotAuthorizedForDockerException)
Example 2 with UserNotAuthorizedForDockerException
use of com.aws.greengrass.componentmanager.plugins.docker.exceptions.UserNotAuthorizedForDockerException in project aws-greengrass-nucleus by aws-greengrass.
the class DockerImageDownloaderTest method GIVEN_a_container_component_WHEN_greengrass_does_not_have_permissions_to_use_docker_daemon_THEN_fail_deployment.
@Test
void GIVEN_a_container_component_WHEN_greengrass_does_not_have_permissions_to_use_docker_daemon_THEN_fail_deployment() throws Exception {
URI artifactUri = new URI("docker:012345678910.dkr.ecr.us-east-1.amazonaws.com/testimage:sometag");
Image image = Image.fromArtifactUri(ComponentArtifact.builder().artifactUri(artifactUri).build());
when(dockerClient.dockerInstalled()).thenReturn(true);
when(ecrAccessor.getCredentials("012345678910")).thenReturn(new Registry.Credentials("username", "password", Instant.now().plusSeconds(60)));
doThrow(new UserNotAuthorizedForDockerException("Got permission denied while trying to connect to the Docker daemon socket")).when(dockerClient).login(any());
DockerImageDownloader downloader = getDownloader(artifactUri);
Throwable err = assertThrows(PackageDownloadException.class, () -> downloader.download());
assertThat(err.getMessage(), containsString("Failed to login to docker registry"));
assertTrue(err.getCause() instanceof UserNotAuthorizedForDockerException);
assertEquals("testimage", image.getName());
assertEquals("sometag", image.getTag());
assertNull(image.getDigest());
assertTrue(image.getRegistry().isEcrRegistry());
assertTrue(image.getRegistry().isPrivateRegistry());
assertEquals("012345678910.dkr.ecr.us-east-1.amazonaws.com", image.getRegistry().getEndpoint());
assertEquals("012345678910", image.getRegistry().getRegistryId());
verify(ecrAccessor).getCredentials("012345678910");
verify(dockerClient).login(any());
verify(dockerClient, never()).pullImage(any());
}
Also used :
URI(java.net.URI)
UserNotAuthorizedForDockerException(com.aws.greengrass.componentmanager.plugins.docker.exceptions.UserNotAuthorizedForDockerException)
Test(org.junit.jupiter.api.Test)
Aggregations
UserNotAuthorizedForDockerException (com.aws.greengrass.componentmanager.plugins.docker.exceptions.UserNotAuthorizedForDockerException)2
DockerLoginException (com.aws.greengrass.componentmanager.plugins.docker.exceptions.DockerLoginException)1
DockerServiceUnavailableException (com.aws.greengrass.componentmanager.plugins.docker.exceptions.DockerServiceUnavailableException)1
Platform (com.aws.greengrass.util.platforms.Platform)1
IOException (java.io.IOException)1
URI (java.net.URI)1
HashMap (java.util.HashMap)1
Test (org.junit.jupiter.api.Test)1
