Search in sources :

Example 26 with AuthConfig

use of io.fabric8.docker.api.model.AuthConfig in project docker-maven-plugin by fabric8io.

the class AwsSdkAuthConfigFactoryTest method reflectionWorksForSessionCredentials.

@Test
public void reflectionWorksForSessionCredentials() {
    String accessKey = randomUUID().toString();
    String secretKey = randomUUID().toString();
    String sessionToken = randomUUID().toString();
    environmentVariables.set("AWSCredentials.AWSAccessKeyId", accessKey);
    environmentVariables.set("AWSCredentials.AWSSecretKey", secretKey);
    environmentVariables.set("AWSSessionCredentials.SessionToken", sessionToken);
    AuthConfig authConfig = objectUnderTest.createAuthConfig();
    assertNotNull(authConfig);
    assertEquals(accessKey, authConfig.getUsername());
    assertEquals(secretKey, authConfig.getPassword());
    assertEquals(sessionToken, authConfig.getAuth());
    assertNull(authConfig.getIdentityToken());
}
Also used : AuthConfig(io.fabric8.maven.docker.access.AuthConfig) Test(org.junit.Test)

Example 27 with AuthConfig

use of io.fabric8.docker.api.model.AuthConfig in project docker-maven-plugin by fabric8io.

the class AwsSdkAuthConfigFactoryTest method nullValueIsPassedOn.

@Test
public void nullValueIsPassedOn() {
    AuthConfig authConfig = objectUnderTest.createAuthConfig();
    assertNull(authConfig);
}
Also used : AuthConfig(io.fabric8.maven.docker.access.AuthConfig) Test(org.junit.Test)

Example 28 with AuthConfig

use of io.fabric8.docker.api.model.AuthConfig in project docker-maven-plugin by fabric8io.

the class AuthConfigFactory method parseUser.

private AuthConfig parseUser(String userName, Map user) {
    if (user == null) {
        return null;
    }
    String token = (String) user.get("token");
    if (token == null) {
        return null;
    }
    // Strip off stuff after username
    Matcher matcher = Pattern.compile("^([^/]+).*$").matcher(userName);
    return new AuthConfig(matcher.matches() ? matcher.group(1) : userName, token, null, null);
}
Also used : Matcher(java.util.regex.Matcher) AuthConfig(io.fabric8.maven.docker.access.AuthConfig)

Example 29 with AuthConfig

use of io.fabric8.docker.api.model.AuthConfig in project docker-maven-plugin by fabric8io.

the class AuthConfigFactory method getAuthConfigFromPluginConfiguration.

private AuthConfig getAuthConfigFromPluginConfiguration(LookupMode lookupMode, Map authConfig) throws MojoExecutionException {
    Map mapToCheck = getAuthConfigMapToCheck(lookupMode, authConfig);
    if (mapToCheck != null && mapToCheck.containsKey(AuthConfig.AUTH_USERNAME)) {
        if (!mapToCheck.containsKey(AuthConfig.AUTH_PASSWORD)) {
            throw new MojoExecutionException("No 'password' given while using <authConfig> in configuration for mode " + lookupMode);
        }
        Map<String, String> cloneConfig = new HashMap<>(mapToCheck);
        cloneConfig.put(AuthConfig.AUTH_PASSWORD, decrypt(cloneConfig.get(AuthConfig.AUTH_PASSWORD)));
        return new AuthConfig(cloneConfig);
    } else {
        return null;
    }
}
Also used : MojoExecutionException(org.apache.maven.plugin.MojoExecutionException) HashMap(java.util.HashMap) AuthConfig(io.fabric8.maven.docker.access.AuthConfig) HashMap(java.util.HashMap) Map(java.util.Map)

Example 30 with AuthConfig

use of io.fabric8.docker.api.model.AuthConfig in project docker-maven-plugin by fabric8io.

the class AuthConfigFactory method createStandardAuthConfig.

/**
 * Create an authentication config object which can be used for communication with a Docker registry
 *
 * The authentication information is looked up at various places (in this order):
 *
 * <ul>
 *    <li>From system properties</li>
 *    <li>From the provided map which can contain key-value pairs</li>
 *    <li>From the openshift settings in ~/.config/kube</li>
 *    <li>From the Maven settings stored typically in ~/.m2/settings.xml</li>
 * </ul>
 *
 * The following properties (prefix with 'docker.' or 'registry.') and config key are evaluated:
 *
 * <ul>
 *     <li>username: User to authenticate</li>
 *     <li>password: Password to authenticate. Can be encrypted</li>
 *     <li>email: Optional EMail address which is send to the registry, too</li>
 * </ul>
 *
 * @param isPush if true this AuthConfig is created for a push, if false it's for a pull
 * @param authConfigMap String-String Map holding configuration info from the plugin's configuration. Can be <code>null</code> in
 *                   which case the settings are consulted.
 * @param settings the global Maven settings object
 * @param user user to check for
 * @param registry registry to use, might be null in which case a default registry is checked,
 * @return the authentication configuration or <code>null</code> if none could be found
 *
 * @throws MojoFailureException
 */
private AuthConfig createStandardAuthConfig(boolean isPush, Map authConfigMap, Settings settings, String user, String registry) throws MojoExecutionException {
    AuthConfig ret;
    // Check first for specific configuration based on direction (pull or push), then for a default value
    for (LookupMode lookupMode : new LookupMode[] { getLookupMode(isPush), LookupMode.DEFAULT, LookupMode.REGISTRY }) {
        // System properties docker.username and docker.password always take precedence
        ret = getAuthConfigFromSystemProperties(lookupMode);
        if (ret != null) {
            log.debug("AuthConfig: credentials from system properties");
            return ret;
        }
        // Check for openshift authentication either from the plugin config or from system props
        if (lookupMode != LookupMode.REGISTRY) {
            ret = getAuthConfigFromOpenShiftConfig(lookupMode, authConfigMap);
            if (ret != null) {
                log.debug("AuthConfig: OpenShift credentials");
                return ret;
            }
        }
        // Get configuration from global plugin config
        ret = getAuthConfigFromPluginConfiguration(lookupMode, authConfigMap);
        if (ret != null) {
            log.debug("AuthConfig: credentials from plugin config");
            return ret;
        }
    }
    // ===================================================================
    // These are lookups based on registry only, so the direction (push or pull) doesn't matter:
    // Now lets lookup the registry & user from ~/.m2/setting.xml
    ret = getAuthConfigFromSettings(settings, user, registry);
    if (ret != null) {
        log.debug("AuthConfig: credentials from ~/.m2/setting.xml");
        return ret;
    }
    // check EC2 instance role if registry is ECR
    if (EcrExtendedAuth.isAwsRegistry(registry)) {
        ret = getAuthConfigViaAwsSdk();
        if (ret != null) {
            log.debug("AuthConfig: AWS credentials from AWS SDK");
            return ret;
        }
        ret = getAuthConfigFromAwsEnvironmentVariables();
        if (ret != null) {
            log.debug("AuthConfig: AWS credentials from ENV variables");
            return ret;
        }
        try {
            ret = getAuthConfigFromEC2InstanceRole();
        } catch (ConnectTimeoutException ex) {
            log.debug("Connection timeout while retrieving instance meta-data, likely not an EC2 instance (%s)", ex.getMessage());
        } catch (IOException ex) {
            // don't make that an error since it may fail if not run on an EC2 instance
            log.warn("Error while retrieving EC2 instance credentials: %s", ex.getMessage());
        }
        if (ret != null) {
            log.debug("AuthConfig: credentials from EC2 instance role");
            return ret;
        }
        try {
            ret = getAuthConfigFromTaskRole();
        } catch (ConnectTimeoutException ex) {
            log.debug("Connection timeout while retrieving ECS meta-data, likely not an ECS instance (%s)", ex.getMessage());
        } catch (IOException ex) {
            log.warn("Error while retrieving ECS Task role credentials: %s", ex.getMessage());
        }
        if (ret != null) {
            log.debug("AuthConfig: credentials from ECS Task role");
            return ret;
        }
    }
    // No authentication found
    return null;
}
Also used : AuthConfig(io.fabric8.maven.docker.access.AuthConfig) IOException(java.io.IOException) ConnectTimeoutException(org.apache.http.conn.ConnectTimeoutException)

Aggregations

AuthConfig (io.fabric8.maven.docker.access.AuthConfig)38 Test (org.junit.Test)26 BuildImageConfiguration (io.fabric8.maven.docker.config.BuildImageConfiguration)5 CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)5 ImageConfiguration (io.fabric8.maven.docker.config.ImageConfiguration)4 ImageName (io.fabric8.maven.docker.util.ImageName)4 HashMap (java.util.HashMap)4 Credential (com.google.cloud.tools.jib.api.Credential)3 JsonObject (com.google.gson.JsonObject)3 IOException (java.io.IOException)3 Date (java.util.Date)3 Map (java.util.Map)3 MojoExecutionException (org.apache.maven.plugin.MojoExecutionException)3 ImmutableMap (com.google.common.collect.ImmutableMap)2 Collections.singletonMap (java.util.Collections.singletonMap)2 Expectations (mockit.Expectations)2 Verifications (mockit.Verifications)2 HttpPost (org.apache.http.client.methods.HttpPost)2 StringEntity (org.apache.http.entity.StringEntity)2 Gson (com.google.gson.Gson)1