Try all aliases for retrieving Docker confg creds

GoogleContainerTools · Jul 16, 2018 · b641be1 · b641be1
1 parent e4c3f39
commit b641be1
Show file tree

Hide file tree

Showing 5 changed files with 138 additions and 1 deletion.
diff --git a/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAliasGroup.java b/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAliasGroup.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2018 Google LLC. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package com.google.cloud.tools.jib.registry;
+
+import com.google.common.collect.ImmutableList;
+import java.util.ArrayDeque;
+
+public class RegistryAliasGroup {
+
+  private static final ImmutableList<ImmutableList<String>> REGISTRY_ALIAS_GROUPS =
+      ImmutableList.of(
+          // Docker Hub alias group
+          ImmutableList.of("registry.hub.docker.com", "index.docker.io"));
+
+  /**
+   * Returns the list of registry aliases for the given {@code registry}, including {@code registry}
+   * as the first element.
+   *
+   * @param registry the registry for which the alias group is requested
+   * @return non-empty list of registries where {@code registry} is the first element
+   */
+  public static ImmutableList<String> getAliasesGroup(String registry) {
+    for (ImmutableList<String> aliasGroup : REGISTRY_ALIAS_GROUPS) {
+      if (aliasGroup.contains(registry)) {
+        // Found a group. Move the requested "registry" to the front before returning it.
+        ArrayDeque<String> requestedRegistryAtHead = new ArrayDeque<>(aliasGroup);
+        requestedRegistryAtHead.remove(registry);
+        requestedRegistryAtHead.addFirst(registry);
+        return ImmutableList.copyOf(requestedRegistryAtHead);
+      }
+    }
+
+    return ImmutableList.of(registry);
+  }
+}
diff --git a/...java/com/google/cloud/tools/jib/registry/credentials/DockerConfigCredentialRetriever.java b/...java/com/google/cloud/tools/jib/registry/credentials/DockerConfigCredentialRetriever.java
@@ -19,6 +19,7 @@
 import com.google.cloud.tools.jib.http.Authorization;
 import com.google.cloud.tools.jib.http.Authorizations;
 import com.google.cloud.tools.jib.json.JsonTemplateMapper;
+import com.google.cloud.tools.jib.registry.RegistryAliasGroup;
 import com.google.cloud.tools.jib.registry.credentials.json.DockerConfigTemplate;
 import com.google.common.annotations.VisibleForTesting;
 import java.io.IOException;
@@ -86,6 +87,17 @@ public Authorization retrieve() throws IOException {
       return null;
     }
 
+    for (String registry : RegistryAliasGroup.getAliasesGroup(registry)) {
+      Authorization authorization = retrieve(dockerConfigTemplate, registry);
+      if (authorization != null) {
+        return authorization;
+      }
+    }
+    return null;
+  }
+
+  @Nullable
+  private Authorization retrieve(DockerConfigTemplate dockerConfigTemplate, String registry) {
     // First, tries to find defined auth.
     String auth = dockerConfigTemplate.getAuthFor(registry);
     if (auth != null) {

diff --git a/jib-core/src/test/java/com/google/cloud/tools/jib/registry/RegistryAliasGroupTest.java b/jib-core/src/test/java/com/google/cloud/tools/jib/registry/RegistryAliasGroupTest.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2018 Google LLC. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package com.google.cloud.tools.jib.registry;
+
+import com.google.common.collect.ImmutableList;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class RegistryAliasGroupTest {
+
+  @Test
+  public void testGetAliasesGroup_noKnownAliases() {
+    ImmutableList<String> singleton = RegistryAliasGroup.getAliasesGroup("something.gcr.io");
+    Assert.assertEquals(1, singleton.size());
+    Assert.assertEquals("something.gcr.io", singleton.get(0));
+  }
+
+  @Test
+  public void testGetAliasesGroup_registryHubDockerCom() {
+    Assert.assertArrayEquals(
+        RegistryAliasGroup.getAliasesGroup("registry.hub.docker.com").toArray(new String[0]),
+        new String[] {"registry.hub.docker.com", "index.docker.io"});
+  }
+
+  @Test
+  public void testGetAliasesGroup_indexDockerIo() {
+    Assert.assertArrayEquals(
+        RegistryAliasGroup.getAliasesGroup("index.docker.io").toArray(new String[0]),
+        new String[] {"index.docker.io", "registry.hub.docker.com"});
+  }
+}
diff --git a/.../com/google/cloud/tools/jib/registry/credentials/DockerConfigCredentialRetrieverTest.java b/.../com/google/cloud/tools/jib/registry/credentials/DockerConfigCredentialRetrieverTest.java
@@ -118,4 +118,21 @@ public void testRetrieve_none() throws IOException {
 
     Assert.assertNull(dockerConfigCredentialRetriever.retrieve());
   }
+
+  @Test
+  public void testRetrieve_credentialFromAlias() throws IOException {
+    Mockito.when(mockDockerCredentialHelperFactory.withCredentialHelperSuffix(Mockito.anyString()))
+        .thenReturn(Mockito.mock(DockerCredentialHelper.class));
+    Mockito.when(
+            mockDockerCredentialHelperFactory.withCredentialHelperSuffix(
+                "index.docker.io credential helper"))
+        .thenReturn(mockDockerCredentialHelper);
+
+    DockerConfigCredentialRetriever dockerConfigCredentialRetriever =
+        new DockerConfigCredentialRetriever(
+            "registry.hub.docker.com", dockerConfigFile, mockDockerCredentialHelperFactory);
+
+    Authorization authorization = dockerConfigCredentialRetriever.retrieve();
+    Assert.assertEquals(mockAuthorization, authorization);
+  }
 }
diff --git a/jib-core/src/test/resources/json/dockerconfig.json b/jib-core/src/test/resources/json/dockerconfig.json
@@ -1 +1,15 @@
-{"auths":{"some other registry":{"auth":"some other auth"},"some registry":{"auth":"some auth","password":"ignored"},"https://registry":{"auth":"token"},"just registry":{},"https://with.protocol":{}},"credsStore":"some credential store","credHelpers":{"another registry":"another credential helper","some registry":"some credential helper"}}
+{
+  "auths":{
+    "some other registry":{"auth":"some other auth"},
+    "some registry":{"auth":"some auth","password":"ignored"},
+    "https://registry":{"auth":"token"},
+    "just registry":{},
+    "https://with.protocol":{}
+  },
+  "credsStore":"some credential store",
+  "credHelpers":{
+    "another registry":"another credential helper",
+    "some registry":"some credential helper",
+    "index.docker.io":"index.docker.io credential helper"
+  }
+}