use of software.amazon.awssdk.services.ecr.model.AuthorizationData in project aws-greengrass-provisioner by awslabs.
the class DockerClientProvider method getRegistryAuthSupplier.
default RegistryAuthSupplier getRegistryAuthSupplier() {
return new RegistryAuthSupplier() {
@Override
public RegistryAuth authFor(String imageName) {
return standardAuth();
}
private RegistryAuth standardAuth() {
AuthorizationData authorizationData = getAuthorizationData();
String userPassword = new String(Base64.decode(authorizationData.authorizationToken()));
String user = userPassword.substring(0, userPassword.indexOf(":"));
String password = userPassword.substring(userPassword.indexOf(":") + 1);
RegistryAuth registryAuth = RegistryAuth.builder().username(user).password(password).serverAddress(getDockerHost()).build();
return registryAuth;
}
@Override
public RegistryAuth authForSwarm() {
throw new RuntimeException("Not implemented");
}
@Override
public RegistryConfigs authForBuild() {
return RegistryConfigs.builder().addConfig(getDockerHost(), standardAuth()).build();
}
};
}
use of software.amazon.awssdk.services.ecr.model.AuthorizationData in project aws-greengrass-nucleus by aws-greengrass.
the class DockerImageArtifactDownloadTest method before.
@BeforeEach
void before() throws Exception {
Instant credentialsExpiry = Instant.now().plusSeconds(10);
AuthorizationData authorizationData = AuthorizationData.builder().authorizationToken(Base64.getEncoder().encodeToString("username:password".getBytes(StandardCharsets.UTF_8))).expiresAt(credentialsExpiry).build();
GetAuthorizationTokenResponse response = GetAuthorizationTokenResponse.builder().authorizationData(authorizationData).build();
lenient().when(ecrClient.getAuthorizationToken(any(GetAuthorizationTokenRequest.class))).thenReturn(response);
lenient().when(dockerClient.dockerInstalled()).thenReturn(true);
AtomicBoolean mqttOnline = new AtomicBoolean(true);
lenient().when(mqttClient.getMqttOnline()).thenReturn(mqttOnline);
kernel = new Kernel();
NucleusPaths nucleusPaths = kernel.getNucleusPaths();
nucleusPaths.setComponentStorePath(tempRootDir);
ComponentStore store = new ComponentStore(nucleusPaths, platformResolver, recipeLoader);
EcrAccessor ecrAccessor = new EcrAccessor(ecrClient);
kernel.getContext().put(ComponentStore.class, store);
kernel.getContext().put(EcrAccessor.class, ecrAccessor);
kernel.getContext().put(DefaultDockerClient.class, dockerClient);
kernel.getContext().put(MqttClient.class, mqttClient);
preloadLocalStoreContent();
componentManager = kernel.getContext().get(ComponentManager.class);
}
use of software.amazon.awssdk.services.ecr.model.AuthorizationData in project aws-greengrass-nucleus by aws-greengrass.
the class EcrAccessor method getCredentials.
/**
* Get credentials(auth token) for a private docker registry in ECR.
*
* @param registryId Registry id
* @return Registry.Credentials - Registry's authorization information
* @throws RegistryAuthException When authentication fails
*/
@SuppressWarnings("PMD.AvoidRethrowingException")
public Registry.Credentials getCredentials(String registryId) throws RegistryAuthException {
try (EcrClient client = getClient()) {
AuthorizationData authorizationData = client.getAuthorizationToken(GetAuthorizationTokenRequest.builder().registryIds(Collections.singletonList(registryId)).build()).authorizationData().get(0);
// Decoded auth token is of the format <username>:<password>
String[] authTokenParts = new String(Base64.getDecoder().decode(authorizationData.authorizationToken()), StandardCharsets.UTF_8).split(":");
return new Registry.Credentials(authTokenParts[0], authTokenParts[1], authorizationData.expiresAt());
} catch (ServerException | SdkClientException e) {
// Errors we can retry on
throw e;
} catch (EcrException e) {
throw new RegistryAuthException(String.format("Failed to get credentials for ECR registry - %s", registryId), e);
}
}
use of software.amazon.awssdk.services.ecr.model.AuthorizationData in project aws-greengrass-nucleus by aws-greengrass.
the class EcrAccessorTest method GIVEN_ecr_accessor_WHEN_get_credentials_success_THEN_return_registry_credentials.
@Test
void GIVEN_ecr_accessor_WHEN_get_credentials_success_THEN_return_registry_credentials() throws Exception {
Instant credentialsExpiry = Instant.now().plusSeconds(10);
AuthorizationData authorizationData = AuthorizationData.builder().authorizationToken(Base64.getEncoder().encodeToString("username:password".getBytes(StandardCharsets.UTF_8))).expiresAt(credentialsExpiry).build();
GetAuthorizationTokenResponse response = GetAuthorizationTokenResponse.builder().authorizationData(authorizationData).build();
when(ecrClient.getAuthorizationToken(any(GetAuthorizationTokenRequest.class))).thenReturn(response);
Registry.Credentials credentials = ecrAccessor.getCredentials("some_registry_id");
assertEquals("username", credentials.getUsername());
assertEquals("password", credentials.getPassword());
assertEquals(credentialsExpiry, credentials.getExpiresAt());
verify(ecrClient).getAuthorizationToken(any(GetAuthorizationTokenRequest.class));
}
use of software.amazon.awssdk.services.ecr.model.AuthorizationData in project aws-greengrass-provisioner by awslabs.
the class OfficialGreengrassImageDockerClientProvider method getAuthorizationData.
@Override
public AuthorizationData getAuthorizationData() {
Optional<List<String>> optionalRegistryIds = Optional.of(Arrays.asList(ggConstants.getOfficialGreengrassAccountId()));
GetAuthorizationTokenRequest.Builder getAuthorizationTokenRequestBuilder = GetAuthorizationTokenRequest.builder();
optionalRegistryIds.ifPresent(getAuthorizationTokenRequestBuilder::registryIds);
GetAuthorizationTokenRequest getAuthorizationTokenRequest = getAuthorizationTokenRequestBuilder.build();
GetAuthorizationTokenResponse getAuthorizationTokenResponse = getEcrClient().getAuthorizationToken(getAuthorizationTokenRequest);
List<AuthorizationData> authorizationDataList = getAuthorizationTokenResponse.authorizationData();
return authorizationDataList.get(0);
}
Aggregations