Example 1 with AuthorizationData
use of software.amazon.awssdk.services.ecr.model.AuthorizationData in project aws-greengrass-provisioner by awslabs.
the class DockerClientProvider method getRegistryAuthSupplier.
default RegistryAuthSupplier getRegistryAuthSupplier() {
return new RegistryAuthSupplier() {
@Override
public RegistryAuth authFor(String imageName) {
return standardAuth();
}
private RegistryAuth standardAuth() {
AuthorizationData authorizationData = getAuthorizationData();
String userPassword = new String(Base64.decode(authorizationData.authorizationToken()));
String user = userPassword.substring(0, userPassword.indexOf(":"));
String password = userPassword.substring(userPassword.indexOf(":") + 1);
RegistryAuth registryAuth = RegistryAuth.builder().username(user).password(password).serverAddress(getDockerHost()).build();
return registryAuth;
}
@Override
public RegistryAuth authForSwarm() {
throw new RuntimeException("Not implemented");
}
@Override
public RegistryConfigs authForBuild() {
return RegistryConfigs.builder().addConfig(getDockerHost(), standardAuth()).build();
}
};
}
Also used :
AuthorizationData(software.amazon.awssdk.services.ecr.model.AuthorizationData)
RegistryAuthSupplier(com.spotify.docker.client.auth.RegistryAuthSupplier)
RegistryAuth(com.spotify.docker.client.messages.RegistryAuth)
Example 2 with AuthorizationData
use of software.amazon.awssdk.services.ecr.model.AuthorizationData in project aws-greengrass-nucleus by aws-greengrass.
the class DockerImageArtifactDownloadTest method before.
@BeforeEach
void before() throws Exception {
Instant credentialsExpiry = Instant.now().plusSeconds(10);
AuthorizationData authorizationData = AuthorizationData.builder().authorizationToken(Base64.getEncoder().encodeToString("username:password".getBytes(StandardCharsets.UTF_8))).expiresAt(credentialsExpiry).build();
GetAuthorizationTokenResponse response = GetAuthorizationTokenResponse.builder().authorizationData(authorizationData).build();
lenient().when(ecrClient.getAuthorizationToken(any(GetAuthorizationTokenRequest.class))).thenReturn(response);
lenient().when(dockerClient.dockerInstalled()).thenReturn(true);
AtomicBoolean mqttOnline = new AtomicBoolean(true);
lenient().when(mqttClient.getMqttOnline()).thenReturn(mqttOnline);
kernel = new Kernel();
NucleusPaths nucleusPaths = kernel.getNucleusPaths();
nucleusPaths.setComponentStorePath(tempRootDir);
ComponentStore store = new ComponentStore(nucleusPaths, platformResolver, recipeLoader);
EcrAccessor ecrAccessor = new EcrAccessor(ecrClient);
kernel.getContext().put(ComponentStore.class, store);
kernel.getContext().put(EcrAccessor.class, ecrAccessor);
kernel.getContext().put(DefaultDockerClient.class, dockerClient);
kernel.getContext().put(MqttClient.class, mqttClient);
preloadLocalStoreContent();
componentManager = kernel.getContext().get(ComponentManager.class);
}
Also used :
GetAuthorizationTokenResponse(software.amazon.awssdk.services.ecr.model.GetAuthorizationTokenResponse)
AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean)
GetAuthorizationTokenRequest(software.amazon.awssdk.services.ecr.model.GetAuthorizationTokenRequest)
AuthorizationData(software.amazon.awssdk.services.ecr.model.AuthorizationData)
EcrAccessor(com.aws.greengrass.componentmanager.plugins.docker.EcrAccessor)
NucleusPaths(com.aws.greengrass.util.NucleusPaths)
Instant(java.time.Instant)
ComponentManager(com.aws.greengrass.componentmanager.ComponentManager)
Kernel(com.aws.greengrass.lifecyclemanager.Kernel)
ComponentStore(com.aws.greengrass.componentmanager.ComponentStore)
BeforeEach(org.junit.jupiter.api.BeforeEach)
Example 3 with AuthorizationData
use of software.amazon.awssdk.services.ecr.model.AuthorizationData in project aws-greengrass-nucleus by aws-greengrass.
the class EcrAccessor method getCredentials.
/**
* Get credentials(auth token) for a private docker registry in ECR.
*
* @param registryId Registry id
* @return Registry.Credentials - Registry's authorization information
* @throws RegistryAuthException When authentication fails
*/
@SuppressWarnings("PMD.AvoidRethrowingException")
public Registry.Credentials getCredentials(String registryId) throws RegistryAuthException {
try (EcrClient client = getClient()) {
AuthorizationData authorizationData = client.getAuthorizationToken(GetAuthorizationTokenRequest.builder().registryIds(Collections.singletonList(registryId)).build()).authorizationData().get(0);
// Decoded auth token is of the format <username>:<password>
String[] authTokenParts = new String(Base64.getDecoder().decode(authorizationData.authorizationToken()), StandardCharsets.UTF_8).split(":");
return new Registry.Credentials(authTokenParts[0], authTokenParts[1], authorizationData.expiresAt());
} catch (ServerException | SdkClientException e) {
// Errors we can retry on
throw e;
} catch (EcrException e) {
throw new RegistryAuthException(String.format("Failed to get credentials for ECR registry - %s", registryId), e);
}
}
Also used :
RegistryAuthException(com.aws.greengrass.componentmanager.plugins.docker.exceptions.RegistryAuthException)
EcrException(software.amazon.awssdk.services.ecr.model.EcrException)
ServerException(software.amazon.awssdk.services.ecr.model.ServerException)
AuthorizationData(software.amazon.awssdk.services.ecr.model.AuthorizationData)
SdkClientException(software.amazon.awssdk.core.exception.SdkClientException)
EcrClient(software.amazon.awssdk.services.ecr.EcrClient)
Example 4 with AuthorizationData
use of software.amazon.awssdk.services.ecr.model.AuthorizationData in project aws-greengrass-nucleus by aws-greengrass.
the class EcrAccessorTest method GIVEN_ecr_accessor_WHEN_get_credentials_success_THEN_return_registry_credentials.
@Test
void GIVEN_ecr_accessor_WHEN_get_credentials_success_THEN_return_registry_credentials() throws Exception {
Instant credentialsExpiry = Instant.now().plusSeconds(10);
AuthorizationData authorizationData = AuthorizationData.builder().authorizationToken(Base64.getEncoder().encodeToString("username:password".getBytes(StandardCharsets.UTF_8))).expiresAt(credentialsExpiry).build();
GetAuthorizationTokenResponse response = GetAuthorizationTokenResponse.builder().authorizationData(authorizationData).build();
when(ecrClient.getAuthorizationToken(any(GetAuthorizationTokenRequest.class))).thenReturn(response);
Registry.Credentials credentials = ecrAccessor.getCredentials("some_registry_id");
assertEquals("username", credentials.getUsername());
assertEquals("password", credentials.getPassword());
assertEquals(credentialsExpiry, credentials.getExpiresAt());
verify(ecrClient).getAuthorizationToken(any(GetAuthorizationTokenRequest.class));
}
Also used :
GetAuthorizationTokenResponse(software.amazon.awssdk.services.ecr.model.GetAuthorizationTokenResponse)
GetAuthorizationTokenRequest(software.amazon.awssdk.services.ecr.model.GetAuthorizationTokenRequest)
AuthorizationData(software.amazon.awssdk.services.ecr.model.AuthorizationData)
Instant(java.time.Instant)
Test(org.junit.jupiter.api.Test)
Example 5 with AuthorizationData
use of software.amazon.awssdk.services.ecr.model.AuthorizationData in project aws-greengrass-provisioner by awslabs.
the class OfficialGreengrassImageDockerClientProvider method getAuthorizationData.
@Override
public AuthorizationData getAuthorizationData() {
Optional<List<String>> optionalRegistryIds = Optional.of(Arrays.asList(ggConstants.getOfficialGreengrassAccountId()));
GetAuthorizationTokenRequest.Builder getAuthorizationTokenRequestBuilder = GetAuthorizationTokenRequest.builder();
optionalRegistryIds.ifPresent(getAuthorizationTokenRequestBuilder::registryIds);
GetAuthorizationTokenRequest getAuthorizationTokenRequest = getAuthorizationTokenRequestBuilder.build();
GetAuthorizationTokenResponse getAuthorizationTokenResponse = getEcrClient().getAuthorizationToken(getAuthorizationTokenRequest);
List<AuthorizationData> authorizationDataList = getAuthorizationTokenResponse.authorizationData();
return authorizationDataList.get(0);
}
Also used :
GetAuthorizationTokenResponse(software.amazon.awssdk.services.ecr.model.GetAuthorizationTokenResponse)
GetAuthorizationTokenRequest(software.amazon.awssdk.services.ecr.model.GetAuthorizationTokenRequest)
AuthorizationData(software.amazon.awssdk.services.ecr.model.AuthorizationData)
List(java.util.List)
Aggregations
AuthorizationData (software.amazon.awssdk.services.ecr.model.AuthorizationData)6
GetAuthorizationTokenRequest (software.amazon.awssdk.services.ecr.model.GetAuthorizationTokenRequest)4
GetAuthorizationTokenResponse (software.amazon.awssdk.services.ecr.model.GetAuthorizationTokenResponse)4
Instant (java.time.Instant)2
ComponentManager (com.aws.greengrass.componentmanager.ComponentManager)1
ComponentStore (com.aws.greengrass.componentmanager.ComponentStore)1
EcrAccessor (com.aws.greengrass.componentmanager.plugins.docker.EcrAccessor)1
RegistryAuthException (com.aws.greengrass.componentmanager.plugins.docker.exceptions.RegistryAuthException)1
Kernel (com.aws.greengrass.lifecyclemanager.Kernel)1
NucleusPaths (com.aws.greengrass.util.NucleusPaths)1
RegistryAuthSupplier (com.spotify.docker.client.auth.RegistryAuthSupplier)1
RegistryAuth (com.spotify.docker.client.messages.RegistryAuth)1
List (java.util.List)1
AtomicBoolean (java.util.concurrent.atomic.AtomicBoolean)1
BeforeEach (org.junit.jupiter.api.BeforeEach)1
Test (org.junit.jupiter.api.Test)1
SdkClientException (software.amazon.awssdk.core.exception.SdkClientException)1
EcrClient (software.amazon.awssdk.services.ecr.EcrClient)1
EcrException (software.amazon.awssdk.services.ecr.model.EcrException)1
ServerException (software.amazon.awssdk.services.ecr.model.ServerException)1
