def login(self, registry, docker_secret_path):
"""
login to docker registry
:param registry: registry name
:param docker_secret_path: path to docker config directory
"""
logger.info("logging in: registry '%s', secret path '%s'", registry, docker_secret_path)
# Docker-py needs username
dockercfg = Dockercfg(docker_secret_path)
credentials = dockercfg.get_credentials(registry)
unpacked_auth = dockercfg.unpack_auth_b64(registry)
username = credentials.get('username')
if unpacked_auth:
username = unpacked_auth.username
if not username:
raise RuntimeError("Failed to extract a username from '%s'" % dockercfg)
logger.info("found username %s for registry %s", username, registry)
response = self.d.login(registry=registry, username=username,
dockercfg_path=dockercfg.json_secret_path)
if not response:
raise RuntimeError("Failed to login to '%s' with config '%s'" % (registry, dockercfg))
if u'Status' in response and response[u'Status'] == u'Login Succeeded':
logger.info("login succeeded")
else:
if not(isinstance(response, dict) and 'password' in response.keys()):
# for some reason docker-py returns the contents of the dockercfg - we shouldn't
# be displaying that
logger.debug("response: %r", response)
def login(self, registry, docker_secret_path):
"""
login to docker registry
:param registry: registry name
:param docker_secret_path: path to docker config directory
"""
logger.info("logging in: registry '%s', secret path '%s'", registry, docker_secret_path)
# Docker-py needs username
dockercfg = Dockercfg(docker_secret_path)
credentials = dockercfg.get_credentials(registry)
unpacked_auth = dockercfg.unpack_auth_b64(registry)
username = credentials.get('username')
if unpacked_auth:
username = unpacked_auth.username
if not username:
raise RuntimeError("Failed to extract a username from '%s'" % dockercfg)
logger.info("found username %s for registry %s", username, registry)
response = self.d.login(registry=registry, username=username,
dockercfg_path=dockercfg.json_secret_path)
if not response:
raise RuntimeError("Failed to login to '%s' with config '%s'" % (registry, dockercfg))
if u'Status' in response and response[u'Status'] == u'Login Succeeded':
logger.info("login succeeded")
else:
if not(isinstance(response, dict) and 'password' in response.keys()):
# for some reason docker-py returns the contents of the dockercfg - we shouldn't
# be displaying that
logger.debug("response: %r", response)
def push_with_skopeo(self, registry_image, insecure, docker_push_secret):
# If the last image has type OCI_TAR, then hunt back and find the
# the untarred version, since skopeo only supports OCI's as an
# untarred directory
image = [
x for x in self.workflow.exported_image_sequence
if x['type'] != IMAGE_TYPE_OCI_TAR
][-1]
cmd = ['skopeo', 'copy']
if docker_push_secret is not None:
dockercfg = Dockercfg(docker_push_secret)
dest_creds = None
unpacked_auth_b64 = None
try:
unpacked_auth_b64 = dockercfg.unpack_auth_b64(
registry_image.registry)
except ValueError:
self.log.warning("Invalid 'auth' value in '%s'",
docker_push_secret)
if unpacked_auth_b64:
dest_creds = unpacked_auth_b64.raw_str
else:
credentials = dockercfg.get_credentials(
registry_image.registry)
username = credentials.get('username')
password = credentials.get('password')
if username and password:
dest_creds = username + ':' + password
if dest_creds:
cmd.append('--dest-creds=' + dest_creds)
else:
self.log.warning("No credentials found in '%s'",
docker_push_secret)
if insecure:
cmd.append('--dest-tls-verify=false')
if image['type'] == IMAGE_TYPE_OCI:
source_img = 'oci:{path}:{ref_name}'.format(**image)
elif image['type'] == IMAGE_TYPE_DOCKER_ARCHIVE:
source_img = 'docker-archive://{path}'.format(**image)
else:
raise RuntimeError(
"Attempt to push unsupported image type %s with skopeo" %
image['type'])
dest_img = 'docker://' + registry_image.to_str()
# Make sure we don't log the credentials
cmd += [source_img, dest_img]
log_cmd = [
re.sub(r'^--dest-creds=.*', '--dest-creds=<HIDDEN>', arg)
for arg in cmd
]
self.log.info("Calling: %s", ' '.join(log_cmd))
try:
subprocess.check_output(cmd, stderr=subprocess.STDOUT)
except subprocess.CalledProcessError as e:
self.log.error("push failed with output:\n%s", e.output)
e.cmd = log_cmd # hide credentials
raise
