Supported Image::Secret in docker URI fetcher plugin. Review: https://reviews.apache.org/r/59018
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/4faca73e Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/4faca73e Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/4faca73e Branch: refs/heads/master Commit: 4faca73e9608664a5fcf46cc95951c318a64861f Parents: 4932045 Author: Gilbert Song <songzihao1...@gmail.com> Authored: Mon May 22 20:48:26 2017 +0800 Committer: Gilbert Song <songzihao1...@gmail.com> Committed: Thu May 25 01:04:30 2017 +0800 ---------------------------------------------------------------------- src/uri/fetchers/docker.cpp | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/4faca73e/src/uri/fetchers/docker.cpp ---------------------------------------------------------------------- diff --git a/src/uri/fetchers/docker.cpp b/src/uri/fetchers/docker.cpp index 6436f74..7f3e4e7 100644 --- a/src/uri/fetchers/docker.cpp +++ b/src/uri/fetchers/docker.cpp @@ -499,13 +499,15 @@ Future<Nothing> DockerFetcherPlugin::fetch( process.get(), &DockerFetcherPluginProcess::fetch, uri, - directory); + directory, + data); } Future<Nothing> DockerFetcherPluginProcess::fetch( const URI& uri, - const string& directory) + const string& directory, + const Option<string>& data) { // TODO(gilbert): Convert the `uri` to ::docker::spec::ImageReference // and pass it all the way down to avoid the complicated URI conversion @@ -531,8 +533,25 @@ Future<Nothing> DockerFetcherPluginProcess::fetch( directory + "': " + mkdir.error()); } + hashmap<string, spec::Config::Auth> _auths; + + // 'data' is expected as a docker config in JSON format. + if (data.isSome()) { + Try<hashmap<string, spec::Config::Auth>> secretAuths = + spec::parseAuthConfig(data.get()); + + if (secretAuths.isError()) { + return Failure("Failed to parse docker config: " + secretAuths.error()); + } + + _auths = secretAuths.get(); + } + + // The 'secretAuths' takes the precedence over the default auths. + _auths.insert(auths.begin(), auths.end()); + // Use the 'Basic' credential to pull the manifest/blob by default. - http::Headers basicAuthHeaders = getAuthHeaderBasic(uri, auths); + http::Headers basicAuthHeaders = getAuthHeaderBasic(uri, _auths); if (uri.scheme() == "docker-blob") { return fetchBlob(uri, directory, basicAuthHeaders);