Example 16 with DockerRegistry
use of com.epam.pipeline.entity.pipeline.DockerRegistry in project cloud-pipeline by epam.
the class DockerRegistryManager method issueTokenForDockerRegistry.
/**
* Checks permissions for a requested docker registry and issues a valid JWT token,
* if action is allowed. Otherwise 401 code will be returned to registry. See documentation
* for details https://docs.docker.com/registry/spec/auth/token/#requesting-a-token
* @param userName requesting permission
* @param token provided by docker client, should be a valid Cloud Pipeline token
* @param dockerRegistryHost id of docker registry
* @param scope requested action in format
* 'scope=repository:samalba/my-app:push,repository:samalba/my-test:push'
* @return
*/
public JwtRawToken issueTokenForDockerRegistry(String userName, String token, String dockerRegistryHost, String scope) {
LOGGER.debug("Processing authorization request from registry {} for user {} and scope {}", dockerRegistryHost, userName, scope);
UserContext user = dockerAuthService.verifyTokenForDocker(userName, token, dockerRegistryHost);
DockerRegistry dockerRegistry = loadByNameOrId(dockerRegistryHost);
if (dockerRegistry == null) {
throw new DockerAuthorizationException(dockerRegistryHost, messageHelper.getMessage(MessageConstants.ERROR_REGISTRY_NOT_FOUND, dockerRegistryHost));
}
try {
List<DockerRegistryClaim> claims = parseAndValidateScope(userName, dockerRegistry, scope);
JwtRawToken jwtRawToken = dockerAuthService.issueDockerToken(user, dockerRegistryHost, claims);
LOGGER.debug("Successfully issued JWT token for registry {} user {} and scope {}", dockerRegistry, userName, scope);
return jwtRawToken;
} catch (IllegalArgumentException e) {
throw new DockerAuthorizationException(dockerRegistryHost, e.getMessage());
}
}
Also used :
DockerRegistry(com.epam.pipeline.entity.pipeline.DockerRegistry)
UserContext(com.epam.pipeline.security.UserContext)
DockerAuthorizationException(com.epam.pipeline.exception.docker.DockerAuthorizationException)
JwtRawToken(com.epam.pipeline.entity.security.JwtRawToken)
Example 17 with DockerRegistry
use of com.epam.pipeline.entity.pipeline.DockerRegistry in project cloud-pipeline by epam.
the class DockerRegistryManager method updateDockerRegistryCredentials.
@Transactional(propagation = Propagation.REQUIRED)
public DockerRegistry updateDockerRegistryCredentials(DockerRegistryVO dockerRegistryVO) {
DockerRegistry dockerRegistry = dockerRegistryVO.convertToDockerRegistry();
DockerRegistry loadedDockerRegistry = loadByIdOrName(dockerRegistry);
Assert.notNull(loadedDockerRegistry, messageHelper.getMessage(MessageConstants.ERROR_REGISTRY_NOT_FOUND, dockerRegistry.getPath()));
loadedDockerRegistry.setExternalUrl(dockerRegistry.getExternalUrl());
loadedDockerRegistry.setPipelineAuth(dockerRegistry.isPipelineAuth());
loadedDockerRegistry.setUserName(dockerRegistry.getUserName());
loadedDockerRegistry.setPassword(dockerRegistry.getPassword());
loadedDockerRegistry.setCaCert(dockerRegistry.getCaCert());
normalizeCert(loadedDockerRegistry);
validateAuthentication(loadedDockerRegistry);
kubernetesManager.deleteSecret(loadedDockerRegistry.getSecretName());
if (StringUtils.isNotBlank(loadedDockerRegistry.getUserName())) {
loadedDockerRegistry.setSecretName(kubernetesManager.createDockerRegistrySecret(DockerRegistrySecret.builder().registryUrl(loadedDockerRegistry.getPath()).userName(loadedDockerRegistry.getUserName()).password(loadedDockerRegistry.getPassword()).build()));
}
dockerRegistryDao.updateDockerRegistry(loadedDockerRegistry);
return loadedDockerRegistry;
}
Also used :
DockerRegistry(com.epam.pipeline.entity.pipeline.DockerRegistry)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 18 with DockerRegistry
use of com.epam.pipeline.entity.pipeline.DockerRegistry in project cloud-pipeline by epam.
the class ToolGroupManagerTest method setUp.
@Before
public void setUp() throws Exception {
registry = new DockerRegistry();
registry.setPath(TEST_REPO);
registry.setOwner(TEST_USER);
registryDao.createDockerRegistry(registry);
}
Also used :
DockerRegistry(com.epam.pipeline.entity.pipeline.DockerRegistry)
Before(org.junit.Before)
Example 19 with DockerRegistry
use of com.epam.pipeline.entity.pipeline.DockerRegistry in project cloud-pipeline by epam.
the class PipelineConfigurationManagerTest method setUp.
@Before
public void setUp() throws Exception {
registry = new DockerRegistry();
registry.setPath(TEST_REPO);
registry.setOwner(TEST_USER);
dockerRegistryDao.createDockerRegistry(registry);
library = new ToolGroup();
library.setName(TOOL_GROUP_NAME);
library.setRegistryId(registry.getId());
library.setOwner(TEST_USER);
toolGroupDao.createToolGroup(library);
tool = new Tool();
tool.setImage(TEST_IMAGE);
tool.setRam(TEST_RAM);
tool.setCpu(TEST_CPU);
tool.setOwner(TEST_USER);
tool.setRegistryId(registry.getId());
tool.setToolGroupId(library.getId());
toolDao.createTool(tool);
// Data storages of user 1
NFSDataStorage dataStorage = new NFSDataStorage(dataStorageDao.createDataStorageId(), "testNFS", "test/path1");
dataStorage.setMountOptions("testMountOptions1");
dataStorage.setMountPoint("/some/other/path");
dataStorage.setOwner(TEST_OWNER1);
dataStorageDao.createDataStorage(dataStorage);
dataStorages.add(dataStorage);
S3bucketDataStorage bucketDataStorage = new S3bucketDataStorage(dataStorageDao.createDataStorageId(), "testBucket", "test/path2");
bucketDataStorage.setOwner(TEST_OWNER1);
dataStorageDao.createDataStorage(bucketDataStorage);
dataStorages.add(bucketDataStorage);
// Data storages of user 2
dataStorage = new NFSDataStorage(dataStorageDao.createDataStorageId(), "testNFS2", "test/path3");
dataStorage.setMountOptions("testMountOptions2");
dataStorage.setOwner(TEST_OWNER2);
dataStorageDao.createDataStorage(dataStorage);
dataStorages.add(dataStorage);
bucketDataStorage = new S3bucketDataStorage(dataStorageDao.createDataStorageId(), "testBucket2", "test/path4");
bucketDataStorage.setOwner(TEST_OWNER2);
dataStorageDao.createDataStorage(bucketDataStorage);
dataStorages.add(bucketDataStorage);
dataStorages.forEach(ds -> aclTestDao.createAclForObject(ds));
aclTestDao.grantPermissions(dataStorage, TEST_OWNER1, Collections.singletonList((AclPermission) AclPermission.READ));
}
Also used :
DockerRegistry(com.epam.pipeline.entity.pipeline.DockerRegistry)
AclPermission(com.epam.pipeline.security.acl.AclPermission)
ToolGroup(com.epam.pipeline.entity.pipeline.ToolGroup)
NFSDataStorage(com.epam.pipeline.entity.datastorage.nfs.NFSDataStorage)
S3bucketDataStorage(com.epam.pipeline.entity.datastorage.aws.S3bucketDataStorage)
Tool(com.epam.pipeline.entity.pipeline.Tool)
Before(org.junit.Before)
Example 20 with DockerRegistry
use of com.epam.pipeline.entity.pipeline.DockerRegistry in project cloud-pipeline by epam.
the class DockerRegistryMapper method map.
@Override
public XContentBuilder map(final EntityContainer<DockerRegistry> container) {
DockerRegistry dockerRegistry = container.getEntity();
try (XContentBuilder jsonBuilder = XContentFactory.jsonBuilder()) {
jsonBuilder.startObject().field(DOC_TYPE_FIELD, SearchDocumentType.DOCKER_REGISTRY.name()).field("id", dockerRegistry.getId()).field("name", dockerRegistry.getName()).field("path", dockerRegistry.getPath()).field("createdDate", parseDataToString(dockerRegistry.getCreatedDate())).field("description", dockerRegistry.getDescription()).field("userName", dockerRegistry.getUserName());
buildUserContent(container.getOwner(), jsonBuilder);
buildMetadata(container.getMetadata(), jsonBuilder);
buildPermissions(container.getPermissions(), jsonBuilder);
jsonBuilder.endObject();
return jsonBuilder;
} catch (IOException e) {
throw new IllegalArgumentException("Failed to create elasticsearch document for docker registry: ", e);
}
}
Also used :
DockerRegistry(com.epam.pipeline.entity.pipeline.DockerRegistry)
IOException(java.io.IOException)
XContentBuilder(org.elasticsearch.common.xcontent.XContentBuilder)
Aggregations
DockerRegistry (com.epam.pipeline.entity.pipeline.DockerRegistry)57
Transactional (org.springframework.transaction.annotation.Transactional)24
ToolGroup (com.epam.pipeline.entity.pipeline.ToolGroup)22
Tool (com.epam.pipeline.entity.pipeline.Tool)19
Test (org.junit.Test)14
Before (org.junit.Before)10
AbstractSpringTest (com.epam.pipeline.AbstractSpringTest)7
AbstractManagerTest (com.epam.pipeline.manager.AbstractManagerTest)6
MessageHelper (com.epam.pipeline.common.MessageHelper)4
AclClass (com.epam.pipeline.entity.security.acl.AclClass)4
DockerClient (com.epam.pipeline.manager.docker.DockerClient)4
DockerRegistryManager (com.epam.pipeline.manager.docker.DockerRegistryManager)4
IOException (java.io.IOException)4
List (java.util.List)4
Optional (java.util.Optional)4
Autowired (org.springframework.beans.factory.annotation.Autowired)4
MessageConstants (com.epam.pipeline.common.MessageConstants)3
PermissionGrantVO (com.epam.pipeline.controller.vo.PermissionGrantVO)3
AbstractSecuredEntity (com.epam.pipeline.entity.AbstractSecuredEntity)3
ToolVersionScanResult (com.epam.pipeline.entity.scan.ToolVersionScanResult)3
