Search in sources :

Example 6 with ImagesAndRegistryClient

use of com.google.cloud.tools.jib.builder.steps.PullBaseImageStep.ImagesAndRegistryClient in project jib by GoogleContainerTools.

the class PullBaseImageStep method call.

@Override
public ImagesAndRegistryClient call() throws IOException, RegistryException, LayerPropertyNotFoundException, LayerCountMismatchException, BadContainerConfigurationFormatException, CacheCorruptedException, CredentialRetrievalException {
    EventHandlers eventHandlers = buildContext.getEventHandlers();
    try (ProgressEventDispatcher progressDispatcher = progressDispatcherFactory.create("pulling base image manifest", 4);
        TimerEventDispatcher ignored1 = new TimerEventDispatcher(eventHandlers, DESCRIPTION)) {
        // Skip this step if this is a scratch image
        ImageReference imageReference = buildContext.getBaseImageConfiguration().getImage();
        if (imageReference.isScratch()) {
            Set<Platform> platforms = buildContext.getContainerConfiguration().getPlatforms();
            Verify.verify(!platforms.isEmpty());
            eventHandlers.dispatch(LogEvent.progress("Getting scratch base image..."));
            ImmutableList.Builder<Image> images = ImmutableList.builder();
            for (Platform platform : platforms) {
                Image.Builder imageBuilder = Image.builder(buildContext.getTargetFormat());
                imageBuilder.setArchitecture(platform.getArchitecture()).setOs(platform.getOs());
                images.add(imageBuilder.build());
            }
            return new ImagesAndRegistryClient(images.build(), null);
        }
        eventHandlers.dispatch(LogEvent.progress("Getting manifest for base image " + imageReference + "..."));
        if (buildContext.isOffline()) {
            List<Image> images = getCachedBaseImages();
            if (!images.isEmpty()) {
                return new ImagesAndRegistryClient(images, null);
            }
            throw new IOException("Cannot run Jib in offline mode; " + imageReference + " not found in local Jib cache");
        } else if (imageReference.getDigest().isPresent()) {
            List<Image> images = getCachedBaseImages();
            if (!images.isEmpty()) {
                RegistryClient noAuthRegistryClient = buildContext.newBaseImageRegistryClientFactory().newRegistryClient();
                // https://github.com/GoogleContainerTools/jib/issues/2220
                return new ImagesAndRegistryClient(images, noAuthRegistryClient);
            }
        }
        Optional<ImagesAndRegistryClient> mirrorPull = tryMirrors(buildContext, progressDispatcher.newChildProducer());
        if (mirrorPull.isPresent()) {
            return mirrorPull.get();
        }
        try {
            // First, try with no credentials. This works with public GCR images (but not Docker Hub).
            // TODO: investigate if we should just pass credentials up front. However, this involves
            // some risk. https://github.com/GoogleContainerTools/jib/pull/2200#discussion_r359069026
            // contains some related discussions.
            RegistryClient noAuthRegistryClient = buildContext.newBaseImageRegistryClientFactory().newRegistryClient();
            return new ImagesAndRegistryClient(pullBaseImages(noAuthRegistryClient, progressDispatcher.newChildProducer()), noAuthRegistryClient);
        } catch (RegistryUnauthorizedException ex) {
            eventHandlers.dispatch(LogEvent.lifecycle("The base image requires auth. Trying again for " + imageReference + "..."));
            Credential credential = RegistryCredentialRetriever.getBaseImageCredential(buildContext).orElse(null);
            RegistryClient registryClient = buildContext.newBaseImageRegistryClientFactory().setCredential(credential).newRegistryClient();
            String wwwAuthenticate = ex.getHttpResponseException().getHeaders().getAuthenticate();
            if (wwwAuthenticate != null) {
                eventHandlers.dispatch(LogEvent.debug("WWW-Authenticate for " + imageReference + ": " + wwwAuthenticate));
                registryClient.authPullByWwwAuthenticate(wwwAuthenticate);
                return new ImagesAndRegistryClient(pullBaseImages(registryClient, progressDispatcher.newChildProducer()), registryClient);
            } else {
                // TODO: consider removing this fallback branch.
                if (credential != null && !credential.isOAuth2RefreshToken()) {
                    eventHandlers.dispatch(LogEvent.debug("Trying basic auth as fallback for " + imageReference + "..."));
                    registryClient.configureBasicAuth();
                    try {
                        return new ImagesAndRegistryClient(pullBaseImages(registryClient, progressDispatcher.newChildProducer()), registryClient);
                    } catch (RegistryUnauthorizedException ignored) {
                    // Fall back to try bearer auth.
                    }
                }
                eventHandlers.dispatch(LogEvent.debug("Trying bearer auth as fallback for " + imageReference + "..."));
                registryClient.doPullBearerAuth();
                return new ImagesAndRegistryClient(pullBaseImages(registryClient, progressDispatcher.newChildProducer()), registryClient);
            }
        }
    }
}
Also used : Credential(com.google.cloud.tools.jib.api.Credential) Platform(com.google.cloud.tools.jib.api.buildplan.Platform) ProgressEventDispatcher(com.google.cloud.tools.jib.builder.ProgressEventDispatcher) ImmutableList(com.google.common.collect.ImmutableList) IOException(java.io.IOException) Image(com.google.cloud.tools.jib.image.Image) ImageReference(com.google.cloud.tools.jib.api.ImageReference) ImagesAndRegistryClient(com.google.cloud.tools.jib.builder.steps.PullBaseImageStep.ImagesAndRegistryClient) RegistryUnauthorizedException(com.google.cloud.tools.jib.api.RegistryUnauthorizedException) TimerEventDispatcher(com.google.cloud.tools.jib.builder.TimerEventDispatcher) ArrayList(java.util.ArrayList) ImmutableList(com.google.common.collect.ImmutableList) List(java.util.List) ImagesAndRegistryClient(com.google.cloud.tools.jib.builder.steps.PullBaseImageStep.ImagesAndRegistryClient) RegistryClient(com.google.cloud.tools.jib.registry.RegistryClient) EventHandlers(com.google.cloud.tools.jib.event.EventHandlers)

Example 7 with ImagesAndRegistryClient

use of com.google.cloud.tools.jib.builder.steps.PullBaseImageStep.ImagesAndRegistryClient in project jib by google.

the class PullBaseImageStep method call.

@Override
public ImagesAndRegistryClient call() throws IOException, RegistryException, LayerPropertyNotFoundException, LayerCountMismatchException, BadContainerConfigurationFormatException, CacheCorruptedException, CredentialRetrievalException {
    EventHandlers eventHandlers = buildContext.getEventHandlers();
    try (ProgressEventDispatcher progressDispatcher = progressDispatcherFactory.create("pulling base image manifest", 4);
        TimerEventDispatcher ignored1 = new TimerEventDispatcher(eventHandlers, DESCRIPTION)) {
        // Skip this step if this is a scratch image
        ImageReference imageReference = buildContext.getBaseImageConfiguration().getImage();
        if (imageReference.isScratch()) {
            Set<Platform> platforms = buildContext.getContainerConfiguration().getPlatforms();
            Verify.verify(!platforms.isEmpty());
            eventHandlers.dispatch(LogEvent.progress("Getting scratch base image..."));
            ImmutableList.Builder<Image> images = ImmutableList.builder();
            for (Platform platform : platforms) {
                Image.Builder imageBuilder = Image.builder(buildContext.getTargetFormat());
                imageBuilder.setArchitecture(platform.getArchitecture()).setOs(platform.getOs());
                images.add(imageBuilder.build());
            }
            return new ImagesAndRegistryClient(images.build(), null);
        }
        eventHandlers.dispatch(LogEvent.progress("Getting manifest for base image " + imageReference + "..."));
        if (buildContext.isOffline()) {
            List<Image> images = getCachedBaseImages();
            if (!images.isEmpty()) {
                return new ImagesAndRegistryClient(images, null);
            }
            throw new IOException("Cannot run Jib in offline mode; " + imageReference + " not found in local Jib cache");
        } else if (imageReference.getDigest().isPresent()) {
            List<Image> images = getCachedBaseImages();
            if (!images.isEmpty()) {
                RegistryClient noAuthRegistryClient = buildContext.newBaseImageRegistryClientFactory().newRegistryClient();
                // https://github.com/GoogleContainerTools/jib/issues/2220
                return new ImagesAndRegistryClient(images, noAuthRegistryClient);
            }
        }
        Optional<ImagesAndRegistryClient> mirrorPull = tryMirrors(buildContext, progressDispatcher.newChildProducer());
        if (mirrorPull.isPresent()) {
            return mirrorPull.get();
        }
        try {
            // First, try with no credentials. This works with public GCR images (but not Docker Hub).
            // TODO: investigate if we should just pass credentials up front. However, this involves
            // some risk. https://github.com/GoogleContainerTools/jib/pull/2200#discussion_r359069026
            // contains some related discussions.
            RegistryClient noAuthRegistryClient = buildContext.newBaseImageRegistryClientFactory().newRegistryClient();
            return new ImagesAndRegistryClient(pullBaseImages(noAuthRegistryClient, progressDispatcher.newChildProducer()), noAuthRegistryClient);
        } catch (RegistryUnauthorizedException ex) {
            eventHandlers.dispatch(LogEvent.lifecycle("The base image requires auth. Trying again for " + imageReference + "..."));
            Credential credential = RegistryCredentialRetriever.getBaseImageCredential(buildContext).orElse(null);
            RegistryClient registryClient = buildContext.newBaseImageRegistryClientFactory().setCredential(credential).newRegistryClient();
            String wwwAuthenticate = ex.getHttpResponseException().getHeaders().getAuthenticate();
            if (wwwAuthenticate != null) {
                eventHandlers.dispatch(LogEvent.debug("WWW-Authenticate for " + imageReference + ": " + wwwAuthenticate));
                registryClient.authPullByWwwAuthenticate(wwwAuthenticate);
                return new ImagesAndRegistryClient(pullBaseImages(registryClient, progressDispatcher.newChildProducer()), registryClient);
            } else {
                // TODO: consider removing this fallback branch.
                if (credential != null && !credential.isOAuth2RefreshToken()) {
                    eventHandlers.dispatch(LogEvent.debug("Trying basic auth as fallback for " + imageReference + "..."));
                    registryClient.configureBasicAuth();
                    try {
                        return new ImagesAndRegistryClient(pullBaseImages(registryClient, progressDispatcher.newChildProducer()), registryClient);
                    } catch (RegistryUnauthorizedException ignored) {
                    // Fall back to try bearer auth.
                    }
                }
                eventHandlers.dispatch(LogEvent.debug("Trying bearer auth as fallback for " + imageReference + "..."));
                registryClient.doPullBearerAuth();
                return new ImagesAndRegistryClient(pullBaseImages(registryClient, progressDispatcher.newChildProducer()), registryClient);
            }
        }
    }
}
Also used : Credential(com.google.cloud.tools.jib.api.Credential) Platform(com.google.cloud.tools.jib.api.buildplan.Platform) ProgressEventDispatcher(com.google.cloud.tools.jib.builder.ProgressEventDispatcher) ImmutableList(com.google.common.collect.ImmutableList) IOException(java.io.IOException) Image(com.google.cloud.tools.jib.image.Image) ImageReference(com.google.cloud.tools.jib.api.ImageReference) ImagesAndRegistryClient(com.google.cloud.tools.jib.builder.steps.PullBaseImageStep.ImagesAndRegistryClient) RegistryUnauthorizedException(com.google.cloud.tools.jib.api.RegistryUnauthorizedException) TimerEventDispatcher(com.google.cloud.tools.jib.builder.TimerEventDispatcher) ArrayList(java.util.ArrayList) ImmutableList(com.google.common.collect.ImmutableList) List(java.util.List) ImagesAndRegistryClient(com.google.cloud.tools.jib.builder.steps.PullBaseImageStep.ImagesAndRegistryClient) RegistryClient(com.google.cloud.tools.jib.registry.RegistryClient) EventHandlers(com.google.cloud.tools.jib.event.EventHandlers)

Example 8 with ImagesAndRegistryClient

use of com.google.cloud.tools.jib.builder.steps.PullBaseImageStep.ImagesAndRegistryClient in project jib by google.

the class PullBaseImageStepTest method testCall_offlineMode_cached.

@Test
public void testCall_offlineMode_cached() throws LayerPropertyNotFoundException, RegistryException, LayerCountMismatchException, BadContainerConfigurationFormatException, CacheCorruptedException, CredentialRetrievalException, InvalidImageReferenceException, IOException {
    ImageReference imageReference = ImageReference.parse("cat");
    Mockito.when(imageConfiguration.getImage()).thenReturn(imageReference);
    Mockito.when(buildContext.isOffline()).thenReturn(true);
    ContainerConfigurationTemplate containerConfigJson = new ContainerConfigurationTemplate();
    containerConfigJson.setArchitecture("slim arch");
    containerConfigJson.setOs("fat system");
    ManifestAndConfigTemplate manifestAndConfig = new ManifestAndConfigTemplate(new V22ManifestTemplate(), containerConfigJson, "sha256:digest");
    ImageMetadataTemplate imageMetadata = new ImageMetadataTemplate(null, Arrays.asList(manifestAndConfig));
    Mockito.when(cache.retrieveMetadata(imageReference)).thenReturn(Optional.of(imageMetadata));
    ImagesAndRegistryClient result = pullBaseImageStep.call();
    Assert.assertEquals("fat system", result.images.get(0).getOs());
    Assert.assertNull(result.registryClient);
    Mockito.verify(buildContext, Mockito.never()).newBaseImageRegistryClientFactory();
}
Also used : ImageReference(com.google.cloud.tools.jib.api.ImageReference) V22ManifestTemplate(com.google.cloud.tools.jib.image.json.V22ManifestTemplate) ContainerConfigurationTemplate(com.google.cloud.tools.jib.image.json.ContainerConfigurationTemplate) ImagesAndRegistryClient(com.google.cloud.tools.jib.builder.steps.PullBaseImageStep.ImagesAndRegistryClient) ManifestAndConfigTemplate(com.google.cloud.tools.jib.image.json.ManifestAndConfigTemplate) ImageMetadataTemplate(com.google.cloud.tools.jib.image.json.ImageMetadataTemplate) Test(org.junit.Test)

Example 9 with ImagesAndRegistryClient

use of com.google.cloud.tools.jib.builder.steps.PullBaseImageStep.ImagesAndRegistryClient in project jib by google.

the class PullBaseImageStepTest method testCall_digestBaseImage.

@Test
public void testCall_digestBaseImage() throws LayerPropertyNotFoundException, IOException, RegistryException, LayerCountMismatchException, BadContainerConfigurationFormatException, CacheCorruptedException, CredentialRetrievalException, InvalidImageReferenceException {
    ImageReference imageReference = ImageReference.parse("awesome@sha256:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
    Assert.assertTrue(imageReference.getDigest().isPresent());
    Mockito.when(imageConfiguration.getImage()).thenReturn(imageReference);
    ContainerConfigurationTemplate containerConfigJson = new ContainerConfigurationTemplate();
    containerConfigJson.setArchitecture("slim arch");
    containerConfigJson.setOs("fat system");
    ManifestAndConfigTemplate manifestAndConfig = new ManifestAndConfigTemplate(new V22ManifestTemplate(), containerConfigJson, "sha256:digest");
    ImageMetadataTemplate imageMetadata = new ImageMetadataTemplate(null, Arrays.asList(manifestAndConfig));
    Mockito.when(cache.retrieveMetadata(imageReference)).thenReturn(Optional.of(imageMetadata));
    ImagesAndRegistryClient result = pullBaseImageStep.call();
    Assert.assertEquals("fat system", result.images.get(0).getOs());
    Assert.assertEquals(registryClient, result.registryClient);
}
Also used : ImageReference(com.google.cloud.tools.jib.api.ImageReference) V22ManifestTemplate(com.google.cloud.tools.jib.image.json.V22ManifestTemplate) ContainerConfigurationTemplate(com.google.cloud.tools.jib.image.json.ContainerConfigurationTemplate) ImagesAndRegistryClient(com.google.cloud.tools.jib.builder.steps.PullBaseImageStep.ImagesAndRegistryClient) ManifestAndConfigTemplate(com.google.cloud.tools.jib.image.json.ManifestAndConfigTemplate) ImageMetadataTemplate(com.google.cloud.tools.jib.image.json.ImageMetadataTemplate) Test(org.junit.Test)

Example 10 with ImagesAndRegistryClient

use of com.google.cloud.tools.jib.builder.steps.PullBaseImageStep.ImagesAndRegistryClient in project jib by google.

the class PullBaseImageStepTest method testCall_scratch_singlePlatform.

@Test
public void testCall_scratch_singlePlatform() throws LayerPropertyNotFoundException, IOException, RegistryException, LayerCountMismatchException, BadContainerConfigurationFormatException, CacheCorruptedException, CredentialRetrievalException {
    Mockito.when(imageConfiguration.getImage()).thenReturn(ImageReference.scratch());
    ImagesAndRegistryClient result = pullBaseImageStep.call();
    Assert.assertEquals(1, result.images.size());
    Assert.assertEquals("slim arch", result.images.get(0).getArchitecture());
    Assert.assertEquals("fat system", result.images.get(0).getOs());
    Assert.assertNull(result.registryClient);
}
Also used : ImagesAndRegistryClient(com.google.cloud.tools.jib.builder.steps.PullBaseImageStep.ImagesAndRegistryClient) Test(org.junit.Test)

Aggregations

ImagesAndRegistryClient (com.google.cloud.tools.jib.builder.steps.PullBaseImageStep.ImagesAndRegistryClient)22 Test (org.junit.Test)18 RegistryClient (com.google.cloud.tools.jib.registry.RegistryClient)8 InOrder (org.mockito.InOrder)8 ImageReference (com.google.cloud.tools.jib.api.ImageReference)6 RegistryException (com.google.cloud.tools.jib.api.RegistryException)6 Image (com.google.cloud.tools.jib.image.Image)6 IOException (java.io.IOException)6 Platform (com.google.cloud.tools.jib.api.buildplan.Platform)4 ProgressEventDispatcher (com.google.cloud.tools.jib.builder.ProgressEventDispatcher)4 TimerEventDispatcher (com.google.cloud.tools.jib.builder.TimerEventDispatcher)4 EventHandlers (com.google.cloud.tools.jib.event.EventHandlers)4 ContainerConfigurationTemplate (com.google.cloud.tools.jib.image.json.ContainerConfigurationTemplate)4 ImageMetadataTemplate (com.google.cloud.tools.jib.image.json.ImageMetadataTemplate)4 ManifestAndConfigTemplate (com.google.cloud.tools.jib.image.json.ManifestAndConfigTemplate)4 V22ManifestTemplate (com.google.cloud.tools.jib.image.json.V22ManifestTemplate)4 Credential (com.google.cloud.tools.jib.api.Credential)2 DescriptorDigest (com.google.cloud.tools.jib.api.DescriptorDigest)2 RegistryUnauthorizedException (com.google.cloud.tools.jib.api.RegistryUnauthorizedException)2 DigestOnlyLayer (com.google.cloud.tools.jib.image.DigestOnlyLayer)2