Search in sources :

Example 1 with AuthorizationData

use of software.amazon.awssdk.services.ecr.model.AuthorizationData in project aws-greengrass-provisioner by awslabs.

the class DockerClientProvider method getRegistryAuthSupplier.

default RegistryAuthSupplier getRegistryAuthSupplier() {
    return new RegistryAuthSupplier() {

        @Override
        public RegistryAuth authFor(String imageName) {
            return standardAuth();
        }

        private RegistryAuth standardAuth() {
            AuthorizationData authorizationData = getAuthorizationData();
            String userPassword = new String(Base64.decode(authorizationData.authorizationToken()));
            String user = userPassword.substring(0, userPassword.indexOf(":"));
            String password = userPassword.substring(userPassword.indexOf(":") + 1);
            RegistryAuth registryAuth = RegistryAuth.builder().username(user).password(password).serverAddress(getDockerHost()).build();
            return registryAuth;
        }

        @Override
        public RegistryAuth authForSwarm() {
            throw new RuntimeException("Not implemented");
        }

        @Override
        public RegistryConfigs authForBuild() {
            return RegistryConfigs.builder().addConfig(getDockerHost(), standardAuth()).build();
        }
    };
}
Also used : AuthorizationData(software.amazon.awssdk.services.ecr.model.AuthorizationData) RegistryAuthSupplier(com.spotify.docker.client.auth.RegistryAuthSupplier) RegistryAuth(com.spotify.docker.client.messages.RegistryAuth)

Example 2 with AuthorizationData

use of software.amazon.awssdk.services.ecr.model.AuthorizationData in project aws-greengrass-nucleus by aws-greengrass.

the class DockerImageArtifactDownloadTest method before.

@BeforeEach
void before() throws Exception {
    Instant credentialsExpiry = Instant.now().plusSeconds(10);
    AuthorizationData authorizationData = AuthorizationData.builder().authorizationToken(Base64.getEncoder().encodeToString("username:password".getBytes(StandardCharsets.UTF_8))).expiresAt(credentialsExpiry).build();
    GetAuthorizationTokenResponse response = GetAuthorizationTokenResponse.builder().authorizationData(authorizationData).build();
    lenient().when(ecrClient.getAuthorizationToken(any(GetAuthorizationTokenRequest.class))).thenReturn(response);
    lenient().when(dockerClient.dockerInstalled()).thenReturn(true);
    AtomicBoolean mqttOnline = new AtomicBoolean(true);
    lenient().when(mqttClient.getMqttOnline()).thenReturn(mqttOnline);
    kernel = new Kernel();
    NucleusPaths nucleusPaths = kernel.getNucleusPaths();
    nucleusPaths.setComponentStorePath(tempRootDir);
    ComponentStore store = new ComponentStore(nucleusPaths, platformResolver, recipeLoader);
    EcrAccessor ecrAccessor = new EcrAccessor(ecrClient);
    kernel.getContext().put(ComponentStore.class, store);
    kernel.getContext().put(EcrAccessor.class, ecrAccessor);
    kernel.getContext().put(DefaultDockerClient.class, dockerClient);
    kernel.getContext().put(MqttClient.class, mqttClient);
    preloadLocalStoreContent();
    componentManager = kernel.getContext().get(ComponentManager.class);
}
Also used : GetAuthorizationTokenResponse(software.amazon.awssdk.services.ecr.model.GetAuthorizationTokenResponse) AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean) GetAuthorizationTokenRequest(software.amazon.awssdk.services.ecr.model.GetAuthorizationTokenRequest) AuthorizationData(software.amazon.awssdk.services.ecr.model.AuthorizationData) EcrAccessor(com.aws.greengrass.componentmanager.plugins.docker.EcrAccessor) NucleusPaths(com.aws.greengrass.util.NucleusPaths) Instant(java.time.Instant) ComponentManager(com.aws.greengrass.componentmanager.ComponentManager) Kernel(com.aws.greengrass.lifecyclemanager.Kernel) ComponentStore(com.aws.greengrass.componentmanager.ComponentStore) BeforeEach(org.junit.jupiter.api.BeforeEach)

Example 3 with AuthorizationData

use of software.amazon.awssdk.services.ecr.model.AuthorizationData in project aws-greengrass-nucleus by aws-greengrass.

the class EcrAccessor method getCredentials.

/**
 * Get credentials(auth token) for a private docker registry in ECR.
 *
 * @param registryId Registry id
 * @return Registry.Credentials - Registry's authorization information
 * @throws RegistryAuthException When authentication fails
 */
@SuppressWarnings("PMD.AvoidRethrowingException")
public Registry.Credentials getCredentials(String registryId) throws RegistryAuthException {
    try (EcrClient client = getClient()) {
        AuthorizationData authorizationData = client.getAuthorizationToken(GetAuthorizationTokenRequest.builder().registryIds(Collections.singletonList(registryId)).build()).authorizationData().get(0);
        // Decoded auth token is of the format <username>:<password>
        String[] authTokenParts = new String(Base64.getDecoder().decode(authorizationData.authorizationToken()), StandardCharsets.UTF_8).split(":");
        return new Registry.Credentials(authTokenParts[0], authTokenParts[1], authorizationData.expiresAt());
    } catch (ServerException | SdkClientException e) {
        // Errors we can retry on
        throw e;
    } catch (EcrException e) {
        throw new RegistryAuthException(String.format("Failed to get credentials for ECR registry - %s", registryId), e);
    }
}
Also used : RegistryAuthException(com.aws.greengrass.componentmanager.plugins.docker.exceptions.RegistryAuthException) EcrException(software.amazon.awssdk.services.ecr.model.EcrException) ServerException(software.amazon.awssdk.services.ecr.model.ServerException) AuthorizationData(software.amazon.awssdk.services.ecr.model.AuthorizationData) SdkClientException(software.amazon.awssdk.core.exception.SdkClientException) EcrClient(software.amazon.awssdk.services.ecr.EcrClient)

Example 4 with AuthorizationData

use of software.amazon.awssdk.services.ecr.model.AuthorizationData in project aws-greengrass-nucleus by aws-greengrass.

the class EcrAccessorTest method GIVEN_ecr_accessor_WHEN_get_credentials_success_THEN_return_registry_credentials.

@Test
void GIVEN_ecr_accessor_WHEN_get_credentials_success_THEN_return_registry_credentials() throws Exception {
    Instant credentialsExpiry = Instant.now().plusSeconds(10);
    AuthorizationData authorizationData = AuthorizationData.builder().authorizationToken(Base64.getEncoder().encodeToString("username:password".getBytes(StandardCharsets.UTF_8))).expiresAt(credentialsExpiry).build();
    GetAuthorizationTokenResponse response = GetAuthorizationTokenResponse.builder().authorizationData(authorizationData).build();
    when(ecrClient.getAuthorizationToken(any(GetAuthorizationTokenRequest.class))).thenReturn(response);
    Registry.Credentials credentials = ecrAccessor.getCredentials("some_registry_id");
    assertEquals("username", credentials.getUsername());
    assertEquals("password", credentials.getPassword());
    assertEquals(credentialsExpiry, credentials.getExpiresAt());
    verify(ecrClient).getAuthorizationToken(any(GetAuthorizationTokenRequest.class));
}
Also used : GetAuthorizationTokenResponse(software.amazon.awssdk.services.ecr.model.GetAuthorizationTokenResponse) GetAuthorizationTokenRequest(software.amazon.awssdk.services.ecr.model.GetAuthorizationTokenRequest) AuthorizationData(software.amazon.awssdk.services.ecr.model.AuthorizationData) Instant(java.time.Instant) Test(org.junit.jupiter.api.Test)

Example 5 with AuthorizationData

use of software.amazon.awssdk.services.ecr.model.AuthorizationData in project aws-greengrass-provisioner by awslabs.

the class OfficialGreengrassImageDockerClientProvider method getAuthorizationData.

@Override
public AuthorizationData getAuthorizationData() {
    Optional<List<String>> optionalRegistryIds = Optional.of(Arrays.asList(ggConstants.getOfficialGreengrassAccountId()));
    GetAuthorizationTokenRequest.Builder getAuthorizationTokenRequestBuilder = GetAuthorizationTokenRequest.builder();
    optionalRegistryIds.ifPresent(getAuthorizationTokenRequestBuilder::registryIds);
    GetAuthorizationTokenRequest getAuthorizationTokenRequest = getAuthorizationTokenRequestBuilder.build();
    GetAuthorizationTokenResponse getAuthorizationTokenResponse = getEcrClient().getAuthorizationToken(getAuthorizationTokenRequest);
    List<AuthorizationData> authorizationDataList = getAuthorizationTokenResponse.authorizationData();
    return authorizationDataList.get(0);
}
Also used : GetAuthorizationTokenResponse(software.amazon.awssdk.services.ecr.model.GetAuthorizationTokenResponse) GetAuthorizationTokenRequest(software.amazon.awssdk.services.ecr.model.GetAuthorizationTokenRequest) AuthorizationData(software.amazon.awssdk.services.ecr.model.AuthorizationData) List(java.util.List)

Aggregations

AuthorizationData (software.amazon.awssdk.services.ecr.model.AuthorizationData)6 GetAuthorizationTokenRequest (software.amazon.awssdk.services.ecr.model.GetAuthorizationTokenRequest)4 GetAuthorizationTokenResponse (software.amazon.awssdk.services.ecr.model.GetAuthorizationTokenResponse)4 Instant (java.time.Instant)2 ComponentManager (com.aws.greengrass.componentmanager.ComponentManager)1 ComponentStore (com.aws.greengrass.componentmanager.ComponentStore)1 EcrAccessor (com.aws.greengrass.componentmanager.plugins.docker.EcrAccessor)1 RegistryAuthException (com.aws.greengrass.componentmanager.plugins.docker.exceptions.RegistryAuthException)1 Kernel (com.aws.greengrass.lifecyclemanager.Kernel)1 NucleusPaths (com.aws.greengrass.util.NucleusPaths)1 RegistryAuthSupplier (com.spotify.docker.client.auth.RegistryAuthSupplier)1 RegistryAuth (com.spotify.docker.client.messages.RegistryAuth)1 List (java.util.List)1 AtomicBoolean (java.util.concurrent.atomic.AtomicBoolean)1 BeforeEach (org.junit.jupiter.api.BeforeEach)1 Test (org.junit.jupiter.api.Test)1 SdkClientException (software.amazon.awssdk.core.exception.SdkClientException)1 EcrClient (software.amazon.awssdk.services.ecr.EcrClient)1 EcrException (software.amazon.awssdk.services.ecr.model.EcrException)1 ServerException (software.amazon.awssdk.services.ecr.model.ServerException)1