Example 26 with DockerRegistry
use of com.epam.pipeline.entity.pipeline.DockerRegistry in project cloud-pipeline by epam.
the class DockerRegistryManager method getCertificateContent.
/**
* @param id of a registry to look for certificate
* @return byte representation of docker registry if it is available, otherwise returns empty array.
*/
public byte[] getCertificateContent(Long id) {
DockerRegistry registry = load(id);
Assert.notNull(registry, messageHelper.getMessage(MessageConstants.ERROR_REGISTRY_NOT_FOUND, id));
return StringUtils.isBlank(registry.getCaCert()) ? new byte[0] : registry.getCaCert().getBytes(Charset.defaultCharset());
}
Also used :
DockerRegistry(com.epam.pipeline.entity.pipeline.DockerRegistry)
Example 27 with DockerRegistry
use of com.epam.pipeline.entity.pipeline.DockerRegistry in project cloud-pipeline by epam.
the class DockerRegistryManager method updateToolVersionIfToolPresents.
private void updateToolVersionIfToolPresents(String registry, DockerRegistryEvent registryEvent, Tool tool) {
LOGGER.debug(messageHelper.getMessage(MessageConstants.DEBUG_DOCKER_REGISTRY_AUTO_ENABLE_SUCCESS, registryEvent.getTarget().getRepository()));
String version = registryEvent.getTarget().getTag();
LOGGER.debug("Detected version {} for image {}", version, tool.getImage());
DockerRegistry dockerRegistry = fetchDockerRegistry(registry, registryEvent);
toolVersionManager.updateOrCreateToolVersion(tool.getId(), version, tool.getImage(), dockerRegistry, getDockerClient(dockerRegistry, tool.getImage()));
LOGGER.debug("Tool version attributes for image {}:{} have been successfully updated", tool.getImage(), version);
}
Also used :
DockerRegistry(com.epam.pipeline.entity.pipeline.DockerRegistry)
Example 28 with DockerRegistry
use of com.epam.pipeline.entity.pipeline.DockerRegistry in project cloud-pipeline by epam.
the class DockerRegistryManager method parseAndValidateScope.
// expected format: repository:group/image:push
private List<DockerRegistryClaim> parseAndValidateScope(String userName, DockerRegistry registry, String scope) {
if (StringUtils.isBlank(scope)) {
// read permission for at least one child in the registry is required
if (!permissionManager.isActionAllowedForUser(registry, userName, AclPermission.READ)) {
DockerRegistry fullTree = getDockerRegistryTree(registry.getId());
permissionManager.filterTree(userName, fullTree, AclPermission.READ);
if (CollectionUtils.isEmpty(fullTree.getChildren())) {
throw new DockerAuthorizationException(registry.getPath(), messageHelper.getMessage(MessageConstants.ERROR_REGISTRY_IS_NOT_ALLOWED, userName, registry.getPath()));
}
}
return Collections.emptyList();
}
List<DockerRegistryClaim> claims = DockerRegistryClaim.parseClaims(scope);
claims.forEach(claim -> {
AbstractSecuredEntity entity = registry;
List<Permission> permissions = claim.getRequestedPermissions();
boolean toolRequired = !permissions.contains(AclPermission.WRITE);
try {
ToolGroup toolGroup = toolGroupManager.loadToolGroupByImage(registry.getPath(), claim.getImageName());
entity = toolGroup;
Optional<Tool> tool = toolManager.loadToolInGroup(claim.getImageName(), toolGroup.getId());
entity = tool.orElseThrow(() -> new IllegalArgumentException(messageHelper.getMessage(MessageConstants.ERROR_TOOL_IMAGE_UNAVAILABLE, claim.getImageName())));
} catch (IllegalArgumentException e) {
LOGGER.trace(e.getMessage(), e);
if (toolRequired) {
throw new IllegalArgumentException(messageHelper.getMessage(MessageConstants.ERROR_TOOL_IMAGE_UNAVAILABLE, claim.getImageName()));
}
}
if (!permissionManager.isActionAllowedForUser(entity, userName, permissions)) {
throw new DockerAuthorizationException(registry.getPath(), messageHelper.getMessage(MessageConstants.ERROR_REGISTRY_ACTION_IS_NOT_ALLOWED, scope, userName, registry.getPath()));
}
});
return claims;
}
Also used :
DockerRegistry(com.epam.pipeline.entity.pipeline.DockerRegistry)
ToolGroup(com.epam.pipeline.entity.pipeline.ToolGroup)
DockerAuthorizationException(com.epam.pipeline.exception.docker.DockerAuthorizationException)
AclPermission(com.epam.pipeline.security.acl.AclPermission)
Permission(org.springframework.security.acls.model.Permission)
AbstractSecuredEntity(com.epam.pipeline.entity.AbstractSecuredEntity)
Tool(com.epam.pipeline.entity.pipeline.Tool)
Example 29 with DockerRegistry
use of com.epam.pipeline.entity.pipeline.DockerRegistry in project cloud-pipeline by epam.
the class DockerRegistryManager method delete.
@Transactional(propagation = Propagation.REQUIRED)
public DockerRegistry delete(Long id, boolean force) {
DockerRegistry registry = dockerRegistryDao.loadDockerRegistry(id);
if (force) {
// remove all tools from registry to avoid DataIntegrityViolationException
// But do not delete actual tools from registry
registry.getTools().forEach(tool -> toolManager.delete(tool.getRegistry(), tool.getImage(), false));
toolGroupManager.loadByRegistryId(id).forEach(g -> toolGroupManager.delete(g.getId().toString()));
}
if (StringUtils.isNotBlank(registry.getSecretName())) {
kubernetesManager.deleteSecret(registry.getSecretName());
}
dockerRegistryDao.deleteDockerRegistry(id);
return registry;
}
Also used :
DockerRegistry(com.epam.pipeline.entity.pipeline.DockerRegistry)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 30 with DockerRegistry
use of com.epam.pipeline.entity.pipeline.DockerRegistry in project cloud-pipeline by epam.
the class DockerRegistryManager method fetchDockerRegistry.
private DockerRegistry fetchDockerRegistry(String registry, DockerRegistryEvent registryEvent) {
String registryName = !StringUtils.isEmpty(registry) ? registry : registryEvent.getRequest().getHost();
DockerRegistry dockerRegistry = loadByNameOrId(registryName);
if (dockerRegistry == null) {
dockerRegistry = loadByExternalUrl(registryName);
}
Assert.notNull(dockerRegistry, messageHelper.getMessage(MessageConstants.ERROR_REGISTRY_NOT_FOUND, registryName));
return dockerRegistry;
}
Also used :
DockerRegistry(com.epam.pipeline.entity.pipeline.DockerRegistry)
Aggregations
DockerRegistry (com.epam.pipeline.entity.pipeline.DockerRegistry)57
Transactional (org.springframework.transaction.annotation.Transactional)24
ToolGroup (com.epam.pipeline.entity.pipeline.ToolGroup)22
Tool (com.epam.pipeline.entity.pipeline.Tool)19
Test (org.junit.Test)14
Before (org.junit.Before)10
AbstractSpringTest (com.epam.pipeline.AbstractSpringTest)7
AbstractManagerTest (com.epam.pipeline.manager.AbstractManagerTest)6
MessageHelper (com.epam.pipeline.common.MessageHelper)4
AclClass (com.epam.pipeline.entity.security.acl.AclClass)4
DockerClient (com.epam.pipeline.manager.docker.DockerClient)4
DockerRegistryManager (com.epam.pipeline.manager.docker.DockerRegistryManager)4
IOException (java.io.IOException)4
List (java.util.List)4
Optional (java.util.Optional)4
Autowired (org.springframework.beans.factory.annotation.Autowired)4
MessageConstants (com.epam.pipeline.common.MessageConstants)3
PermissionGrantVO (com.epam.pipeline.controller.vo.PermissionGrantVO)3
AbstractSecuredEntity (com.epam.pipeline.entity.AbstractSecuredEntity)3
ToolVersionScanResult (com.epam.pipeline.entity.scan.ToolVersionScanResult)3
