[2/6] hadoop git commit: Validate docker image name before launching container.

wang Fri, 26 May 2017 14:04:31 -0700

Validate docker image name before launching container.

(cherry picked from commit e120ee865aa78eaff4a80122c5f3207a97b4924d)


 Conflicts:
        
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/0319e74c
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/0319e74c
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/0319e74c

Branch: refs/heads/branch-3.0.0-alpha3
Commit: 0319e74c2512d47d47ab9df834f5b6455be7d968
Parents: a0786d7
Author: Varun Vasudev <vvasu...@apache.org>
Authored: Thu May 18 10:29:34 2017 +0530
Committer: Andrew Wang <w...@apache.org>
Committed: Mon May 22 15:07:47 2017 -0700

----------------------------------------------------------------------
 .../runtime/DockerLinuxContainerRuntime.java    | 24 +++++++++++++---
 .../runtime/TestDockerContainerRuntime.java     | 29 ++++++++++++++++++++
 2 files changed, 49 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hadoop/blob/0319e74c/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java
----------------------------------------------------------------------
diff --git 
a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java
 
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java
index b70a4e1..6bdaf30 100644
--- 
a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java
+++ 
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java
@@ -57,6 +57,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
 import java.util.Set;
+import java.util.regex.Pattern;
 
 import static 
org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime.LinuxContainerRuntimeConstants.*;
 
@@ -128,6 +129,12 @@ public class DockerLinuxContainerRuntime implements 
LinuxContainerRuntime {
   private static final Log LOG = LogFactory.getLog(
       DockerLinuxContainerRuntime.class);
 
+  // This validates that the image is a proper docker image
+  public static final String DOCKER_IMAGE_PATTERN =
+      "^(([a-zA-Z0-9.-]+)(:\\d+)?/)?([a-z0-9_./-]+)(:[\\w.-]+)?$";
+  private static final Pattern dockerImagePattern =
+      Pattern.compile(DOCKER_IMAGE_PATTERN);
+
   @InterfaceAudience.Private
   public static final String ENV_DOCKER_CONTAINER_IMAGE =
       "YARN_CONTAINER_RUNTIME_DOCKER_IMAGE";
@@ -413,10 +420,7 @@ public class DockerLinuxContainerRuntime implements 
LinuxContainerRuntime {
 
     validateContainerNetworkType(network);
 
-    if (imageName == null) {
-      throw new ContainerExecutionException(ENV_DOCKER_CONTAINER_IMAGE
-          + " not set!");
-    }
+    validateImageName(imageName);
 
     String containerIdStr = container.getContainerId().toString();
     String runAsUser = ctx.getExecutionAttribute(RUN_AS_USER);
@@ -635,4 +639,16 @@ public class DockerLinuxContainerRuntime implements 
LinuxContainerRuntime {
     }
     return null;
   }
+
+  public static void validateImageName(String imageName)
+      throws ContainerExecutionException {
+    if (imageName == null || imageName.isEmpty()) {
+      throw new ContainerExecutionException(
+          ENV_DOCKER_CONTAINER_IMAGE + " not set!");
+    }
+    if (!dockerImagePattern.matcher(imageName).matches()) {
+      throw new ContainerExecutionException("Image name '" + imageName
+          + "' doesn't match docker image name pattern");
+    }
+  }
 }

http://git-wip-us.apache.org/repos/asf/hadoop/blob/0319e74c/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java
----------------------------------------------------------------------
diff --git 
a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java
 
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java
index 3253394..a5993a6 100644
--- 
a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java
+++ 
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java
@@ -891,4 +891,33 @@ public class TestDockerContainerRuntime {
     return conf;
   }
 
+  @Test
+  public void testDockerImageNamePattern() throws Exception {
+    String[] validNames =
+        { "ubuntu", "fedora/httpd:version1.0",
+            "fedora/httpd:version1.0.test",
+            "fedora/httpd:version1.0.TEST",
+            "myregistryhost:5000/ubuntu",
+            "myregistryhost:5000/fedora/httpd:version1.0",
+            "myregistryhost:5000/fedora/httpd:version1.0.test",
+            "myregistryhost:5000/fedora/httpd:version1.0.TEST"};
+
+    String[] invalidNames = { "Ubuntu", "ubuntu || fedora", "ubuntu#",
+        "myregistryhost:50AB0/ubuntu", "myregistry#host:50AB0/ubuntu",
+        ":8080/ubuntu"
+    };
+
+    for (String name : validNames) {
+      DockerLinuxContainerRuntime.validateImageName(name);
+    }
+
+    for (String name : invalidNames) {
+      try {
+        DockerLinuxContainerRuntime.validateImageName(name);
+        Assert.fail(name + " is an invalid name and should fail the regex");
+      } catch (ContainerExecutionException ce) {
+        continue;
+      }
+    }
+  }
 }


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-commits-h...@hadoop.apache.org

[2/6] hadoop git commit: Validate docker image name before launching container.

Reply via email to