Example 36 with DockerRegistry
use of com.epam.pipeline.entity.pipeline.DockerRegistry in project cloud-pipeline by epam.
the class DockerRegistryManager method parseAndValidateScope.
// expected format: repository:group/image:push
private List<DockerRegistryClaim> parseAndValidateScope(String userName, DockerRegistry registry, String scope) {
if (StringUtils.isBlank(scope)) {
// read permission for at least one child in the registry is required
if (!permissionManager.isActionAllowedForUser(registry, userName, AclPermission.READ)) {
DockerRegistry fullTree = getDockerRegistryTree(registry.getId());
permissionManager.filterTree(userName, fullTree, AclPermission.READ);
if (CollectionUtils.isEmpty(fullTree.getChildren())) {
throw new DockerAuthorizationException(registry.getPath(), messageHelper.getMessage(MessageConstants.ERROR_REGISTRY_IS_NOT_ALLOWED, userName, registry.getPath()));
}
}
return Collections.emptyList();
}
List<DockerRegistryClaim> claims = DockerRegistryClaim.parseClaims(scope);
claims.forEach(claim -> {
AbstractSecuredEntity entity = registry;
List<Permission> permissions = claim.getRequestedPermissions();
boolean toolRequired = !permissions.contains(AclPermission.WRITE);
try {
ToolGroup toolGroup = toolGroupManager.loadToolGroupByImage(registry.getPath(), claim.getImageName());
entity = toolGroup;
Optional<Tool> tool = toolManager.loadToolInGroup(claim.getImageName(), toolGroup.getId());
entity = tool.orElseThrow(() -> new IllegalArgumentException(messageHelper.getMessage(MessageConstants.ERROR_TOOL_IMAGE_UNAVAILABLE, claim.getImageName())));
} catch (IllegalArgumentException e) {
LOGGER.trace(e.getMessage(), e);
if (toolRequired) {
throw new IllegalArgumentException(messageHelper.getMessage(MessageConstants.ERROR_TOOL_IMAGE_UNAVAILABLE, claim.getImageName()));
}
}
if (!permissionManager.isActionAllowedForUser(entity, userName, permissions)) {
throw new DockerAuthorizationException(registry.getPath(), messageHelper.getMessage(MessageConstants.ERROR_REGISTRY_ACTION_IS_NOT_ALLOWED, scope, userName, registry.getPath()));
}
});
return claims;
}
Also used :
DockerRegistry(com.epam.pipeline.entity.pipeline.DockerRegistry)
ToolGroup(com.epam.pipeline.entity.pipeline.ToolGroup)
DockerAuthorizationException(com.epam.pipeline.exception.docker.DockerAuthorizationException)
AclPermission(com.epam.pipeline.security.acl.AclPermission)
Permission(org.springframework.security.acls.model.Permission)
AbstractSecuredEntity(com.epam.pipeline.entity.AbstractSecuredEntity)
Tool(com.epam.pipeline.entity.pipeline.Tool)
Example 37 with DockerRegistry
use of com.epam.pipeline.entity.pipeline.DockerRegistry in project cloud-pipeline by epam.
the class DockerRegistryManager method delete.
@Transactional(propagation = Propagation.REQUIRED)
public DockerRegistry delete(Long id, boolean force) {
DockerRegistry registry = dockerRegistryDao.loadDockerRegistry(id);
if (force) {
// remove all tools from registry to avoid DataIntegrityViolationException
// But do not delete actual tools from registry
registry.getTools().forEach(tool -> toolManager.delete(tool.getRegistry(), tool.getImage(), false));
toolGroupManager.loadByRegistryId(id).forEach(g -> toolGroupManager.delete(g.getId().toString()));
}
if (StringUtils.isNotBlank(registry.getSecretName())) {
kubernetesManager.deleteSecret(registry.getSecretName());
}
dockerRegistryDao.deleteDockerRegistry(id);
return registry;
}
Also used :
DockerRegistry(com.epam.pipeline.entity.pipeline.DockerRegistry)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 38 with DockerRegistry
use of com.epam.pipeline.entity.pipeline.DockerRegistry in project cloud-pipeline by epam.
the class DockerRegistryManager method fetchDockerRegistry.
private DockerRegistry fetchDockerRegistry(String registry, DockerRegistryEvent registryEvent) {
String registryName = !StringUtils.isEmpty(registry) ? registry : registryEvent.getRequest().getHost();
DockerRegistry dockerRegistry = loadByNameOrId(registryName);
if (dockerRegistry == null) {
dockerRegistry = loadByExternalUrl(registryName);
}
Assert.notNull(dockerRegistry, messageHelper.getMessage(MessageConstants.ERROR_REGISTRY_NOT_FOUND, registryName));
return dockerRegistry;
}
Also used :
DockerRegistry(com.epam.pipeline.entity.pipeline.DockerRegistry)
Example 39 with DockerRegistry
use of com.epam.pipeline.entity.pipeline.DockerRegistry in project cloud-pipeline by epam.
the class DockerRegistryManager method changeOwner.
@Override
public AbstractSecuredEntity changeOwner(Long id, String owner) {
final DockerRegistry registry = dockerRegistryDao.loadDockerRegistry(id);
registry.setOwner(owner);
dockerRegistryDao.updateDockerRegistry(registry);
return registry;
}
Also used :
DockerRegistry(com.epam.pipeline.entity.pipeline.DockerRegistry)
Example 40 with DockerRegistry
use of com.epam.pipeline.entity.pipeline.DockerRegistry in project cloud-pipeline by epam.
the class DockerRegistryManager method create.
@Transactional(propagation = Propagation.REQUIRED)
public DockerRegistry create(DockerRegistryVO dockerRegistryVO) {
DockerRegistry loadedDockerRegistry = loadByNameOrId(dockerRegistryVO.getPath());
Assert.isNull(loadedDockerRegistry, messageHelper.getMessage(MessageConstants.ERROR_REGISTRY_ALREADY_EXISTS, dockerRegistryVO.getPath()));
DockerRegistry dockerRegistry = dockerRegistryVO.convertToDockerRegistry();
normalizeCert(dockerRegistry);
validateAuthentication(dockerRegistry);
if (StringUtils.isNotBlank(dockerRegistryVO.getUserName())) {
DockerRegistrySecret secret = dockerRegistryVO.convertToSecret();
dockerRegistry.setSecretName(kubernetesManager.createDockerRegistrySecret(secret));
}
dockerRegistry.setOwner(authManager.getAuthorizedUser());
dockerRegistryDao.createDockerRegistry(dockerRegistry);
LOGGER.debug("Repository '{}' was saved.", dockerRegistry.getPath());
return dockerRegistry;
}
Also used :
DockerRegistry(com.epam.pipeline.entity.pipeline.DockerRegistry)
DockerRegistrySecret(com.epam.pipeline.entity.docker.DockerRegistrySecret)
Transactional(org.springframework.transaction.annotation.Transactional)
Aggregations
DockerRegistry (com.epam.pipeline.entity.pipeline.DockerRegistry)57
Transactional (org.springframework.transaction.annotation.Transactional)24
ToolGroup (com.epam.pipeline.entity.pipeline.ToolGroup)22
Tool (com.epam.pipeline.entity.pipeline.Tool)19
Test (org.junit.Test)14
Before (org.junit.Before)10
AbstractSpringTest (com.epam.pipeline.AbstractSpringTest)7
AbstractManagerTest (com.epam.pipeline.manager.AbstractManagerTest)6
MessageHelper (com.epam.pipeline.common.MessageHelper)4
AclClass (com.epam.pipeline.entity.security.acl.AclClass)4
DockerClient (com.epam.pipeline.manager.docker.DockerClient)4
DockerRegistryManager (com.epam.pipeline.manager.docker.DockerRegistryManager)4
IOException (java.io.IOException)4
List (java.util.List)4
Optional (java.util.Optional)4
Autowired (org.springframework.beans.factory.annotation.Autowired)4
MessageConstants (com.epam.pipeline.common.MessageConstants)3
PermissionGrantVO (com.epam.pipeline.controller.vo.PermissionGrantVO)3
AbstractSecuredEntity (com.epam.pipeline.entity.AbstractSecuredEntity)3
ToolVersionScanResult (com.epam.pipeline.entity.scan.ToolVersionScanResult)3
