fix(docker/build): support pulling authenticated image from container…

… registry
tsuru · Mar 17, 2022 · 5011fc8 · 5011fc8
1 parent 7112043
commit 5011fc8
Show file tree

Hide file tree

Showing 6 changed files with 30 additions and 14 deletions.
diff --git a/internal/containerd/sidecar.go b/internal/containerd/sidecar.go
@@ -175,7 +175,7 @@ func (s *containerdSidecar) Upload(ctx context.Context, fileName string) error {
 	return nil
 }
 
-func (s *containerdSidecar) BuildAndPush(ctx context.Context, fileName string, destinationImages []string, reg sidecar.RegistryConfig, stdout, stderr io.Writer) error {
+func (s *containerdSidecar) BuildAndPush(ctx context.Context, fileName, sourceImage string, destinationImages []string, reg sidecar.RegistryConfig, stdout, stderr io.Writer) error {
 	// Hardcoded uid as it is directly related what's on the Dockerfile for
 	// deploy-agent.
 	const uid = 1000

diff --git a/internal/docker/docker.go b/internal/docker/docker.go
@@ -15,6 +15,7 @@ import (
 	"time"
 
 	docker "github.com/fsouza/go-dockerclient"
+	"github.com/tsuru/deploy-agent/internal/sidecar"
 )
 
 const (
@@ -130,8 +131,22 @@ func (c *client) inspect(ctx context.Context, img string) (*docker.Image, error)
 	return c.api.InspectImage(img)
 }
 
-func (c *client) buildImage(ctx context.Context, containerID string, imageName string, inputFile io.Reader, output io.Writer) error {
-	buildOptions := docker.BuildImageOptions{
+func (c *client) buildImage(ctx context.Context, containerID, sourceImage, imageName string, reg sidecar.RegistryConfig, inputFile io.Reader, output io.Writer) error {
+	acs := docker.AuthConfigurations{
+		Configs: make(map[string]docker.AuthConfiguration),
+	}
+	if reg.RegistryAuthUser != "" && reg.RegistryAuthPass != "" {
+		acs.Configs[reg.RegistryAddress] = docker.AuthConfiguration{
+			ServerAddress: reg.RegistryAddress,
+			Username:      reg.RegistryAuthUser,
+			Password:      reg.RegistryAuthPass,
+		}
+	}
+	imgRef := parseImageName(sourceImage)
+	if ac := loadCreds(imgRef.registry); ac != nil {
+		acs.Configs[imgRef.registry] = *ac
+	}
+	return c.api.BuildImage(docker.BuildImageOptions{
 		Name:              imageName,
 		Pull:              true,
 		NoCache:           true,
@@ -142,8 +157,8 @@ func (c *client) buildImage(ctx context.Context, containerID string, imageName s
 		InactivityTimeout: streamInactivityTimeout,
 		RawJSONStream:     true,
 		NetworkMode:       "container:" + containerID,
-	}
-	return c.api.BuildImage(buildOptions)
+		AuthConfigs:       acs,
+	})
 }
 
 func parseImageName(imageName string) image {

diff --git a/internal/docker/docker_test.go b/internal/docker/docker_test.go
@@ -12,6 +12,7 @@ import (
 	"testing"
 
 	docker "github.com/fsouza/go-dockerclient"
+	"github.com/tsuru/deploy-agent/internal/sidecar"
 
 	dockertest "github.com/fsouza/go-dockerclient/testing"
 	"gopkg.in/check.v1"
@@ -216,6 +217,6 @@ func (s *S) TestClientBuildImage(c *check.C) {
 	n, err := io.Copy(tw, data)
 	c.Assert(err, check.IsNil)
 	c.Assert(n, check.Equals, dataSize)
-	err = client.buildImage(context.Background(), "id", "tsuru/teste-go", buf, ioutil.Discard)
+	err = client.buildImage(context.Background(), "id", "tsuru/go", "tsuru/teste-go", sidecar.RegistryConfig{}, buf, ioutil.Discard)
 	c.Assert(err, check.IsNil)
 }
diff --git a/internal/docker/sidecar.go b/internal/docker/sidecar.go
@@ -107,15 +107,15 @@ func (s *dockerSidecar) Upload(ctx context.Context, fileName string) (err error)
 	return s.client.upload(ctx, s.primaryContainerID, "/", buf)
 }
 
-func (s *dockerSidecar) BuildAndPush(ctx context.Context, fileName string, destinationImages []string, reg sidecar.RegistryConfig, stdout, stderr io.Writer) error {
+func (s *dockerSidecar) BuildAndPush(ctx context.Context, fileName, sourceImage string, destinationImages []string, reg sidecar.RegistryConfig, stdout, stderr io.Writer) error {
 	file, err := os.Open(fileName)
 	if err != nil {
 		return fmt.Errorf("failed to open input file %q: %v", fileName, err)
 	}
 	defer file.Close()
-	err = s.client.buildImage(ctx, s.primaryContainerID, destinationImages[0], file, stdout)
+	err = s.client.buildImage(ctx, s.primaryContainerID, sourceImage, destinationImages[0], reg, file, stdout)
 	if err != nil {
-		return err
+		return fmt.Errorf("failed to build container image: %v", err)
 	}
 	return s.TagAndPush(ctx, destinationImages[0], destinationImages, reg, stdout)
 }
@@ -128,7 +128,7 @@ func (s *dockerSidecar) TagAndPush(ctx context.Context, baseImage string, destin
 	}
 	for _, destImg := range destinationImages {
 		registry, _, _ := splitImageName(destImg)
-		authConfig := loadCreds(registry, w)
+		authConfig := loadCreds(registry)
 		if authConfig == nil {
 			authConfig = baseAuthConfig
 		}
@@ -231,7 +231,7 @@ func getContainerID(ctx context.Context, dockerClient *client, filter map[string
 	}
 }
 
-func loadCreds(registry string, w io.Writer) *docker.AuthConfiguration {
+func loadCreds(registry string) *docker.AuthConfiguration {
 	authConfig, err := docker.NewAuthConfigurationsFromCredsHelpers(registry)
 	if err == nil {
 		return authConfig

diff --git a/internal/sidecar/sidecar.go b/internal/sidecar/sidecar.go
@@ -26,7 +26,7 @@ type Filesystem interface {
 type Sidecar interface {
 	Commit(ctx context.Context, image string) (string, error)
 	Upload(ctx context.Context, fileName string) error
-	BuildAndPush(ctx context.Context, fileName string, destinationImages []string, reg RegistryConfig, stdout, stderr io.Writer) error
+	BuildAndPush(ctx context.Context, fileName, sourceImage string, destinationImages []string, reg RegistryConfig, stdout, stderr io.Writer) error
 	TagAndPush(ctx context.Context, baseImage string, destinationImages []string, reg RegistryConfig, w io.Writer) error
 	Inspect(ctx context.Context, image string) (*ImageInspect, error)
 	Executor(ctx context.Context) exec.Executor

diff --git a/main.go b/main.go
@@ -98,7 +98,7 @@ func runAgent() error {
 		}
 
 		if config.DockerfileBuild {
-			if err = sc.BuildAndPush(ctx, config.InputFile, config.DestinationImages, regConfig, os.Stdout, os.Stderr); err != nil {
+			if err = sc.BuildAndPush(ctx, config.InputFile, config.SourceImage, config.DestinationImages, regConfig, os.Stdout, os.Stderr); err != nil {
 				return fmt.Errorf("failed to build image: %v", err)
 			}
 			return nil
@@ -133,7 +133,7 @@ func runAgent() error {
 				return fmt.Errorf("failed to generate Dockerfile: %w", err)
 			}
 
-			err = sc.BuildAndPush(ctx, dockerfile.Name(), config.DestinationImages, regConfig, os.Stdout, os.Stderr)
+			err = sc.BuildAndPush(ctx, dockerfile.Name(), config.SourceImage, config.DestinationImages, regConfig, os.Stdout, os.Stderr)
 			if err != nil {
 				return fmt.Errorf("cannot build and push generated container image: %w", err)
 			}