Support registry v2 auth (#14)

* Bump docker-api gem to a version that supports registry auth * debify now uses `~/.docker/config` auth if pulling an image fails due to auth * Docker auth fallback when building test image * Ease up docker-api gem pin
conjurinc · Mar 30, 2017 · bb48190 · bb48190
1 parent 7b40c33
commit bb48190
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 7 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+# 1.5.3
+
+* debify now uses `~/.docker/config` auth if pulling an image fails due to auth
+
 # 1.5.2
 
 * Use new conjurops variables in `publish` command, fall back to old conjurops

diff --git a/debify.gemspec b/debify.gemspec
@@ -18,7 +18,7 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_dependency "gli"
-  spec.add_dependency "docker-api"
+  spec.add_dependency "docker-api", "~> 1.33"
   spec.add_dependency "conjur-cli"
 
   spec.add_development_dependency "bundler", "~> 1.7"

diff --git a/lib/conjur/debify.rb b/lib/conjur/debify.rb
@@ -2,6 +2,8 @@
 require 'docker'
 require 'fileutils'
 require 'gli'
+require 'json'
+require 'base64'
 
 include GLI::App
 
@@ -84,6 +86,20 @@ def git_files
   (`git ls-files -z`.split("\x0") + ['Gemfile.lock']).uniq
 end
 
+def login_to_registry(appliance_image_id)
+  config_file = File.expand_path('~/.docker/config.json')
+  if File.exist? config_file
+    json_config = JSON.parse(File.read(config_file))
+    registry = appliance_image_id.split('/')[0]
+
+    json_auth = json_config['auths'][registry]['auth']
+    if json_auth
+      username, password = Base64.decode64(json_auth).split(':')
+      Docker.authenticate! username: username, password: password, serveraddress: registry
+    end
+  end
+end
+
 desc "Clean current working directory of non-Git-managed files"
 long_desc <<DESC
 Reliable builds depend on having a clean working directory.
@@ -341,7 +357,7 @@ def wait_for_conjur appliance_image, container
     raise "project-name is required" unless project_name = args.shift
     raise "test-script is required" unless test_script = args.shift
     raise "Received extra command-line arguments" if args.shift
-    
+
     dir = cmd_options[:dir] || '.'
     dir = File.expand_path(dir)
 
@@ -355,8 +371,15 @@ def wait_for_conjur appliance_image, container
       package_name = "conjur-#{project_name}_#{version}_amd64.deb"
 
       raise "#{test_script} does not exist or is not a file" unless File.file?(test_script)
-
-      Docker::Image.create 'fromImage' => appliance_image_id, &DebugMixin::DOCKER if cmd_options[:pull]
+
+      begin
+        tries ||=2
+        Docker::Image.create 'fromImage' => appliance_image_id, &DebugMixin::DOCKER if cmd_options[:pull]
+      rescue
+        login_to_registry appliance_image_id
+        retry unless (tries -= 1).zero?
+      end
+
 
       def build_test_image(appliance_image_id, project_name, package_name)
         dockerfile = <<-DOCKERFILE
@@ -384,7 +407,13 @@ def build_test_image(appliance_image_id, project_name, package_name)
         end
       end
 
-      appliance_image = build_test_image(appliance_image_id, project_name, package_name)
+      begin
+        tries ||=2
+        appliance_image = build_test_image(appliance_image_id, project_name, package_name)
+      rescue
+        login_to_registry appliance_image_id
+        retry unless (tries -= 1).zero?
+      end
 
       vendor_dir = File.expand_path("tmp/debify/#{project_name}/vendor", ENV['HOME'])
       dot_bundle_dir = File.expand_path("tmp/debify/#{project_name}/.bundle", ENV['HOME'])
@@ -511,7 +540,13 @@ def build_test_image(appliance_image_id, project_name, package_name)
       appliance_image_id = [ cmd_options[:image], image_tag ].join(":")
 
       appliance_image = if cmd_options[:pull]
-        Docker::Image.create 'fromImage' => appliance_image_id, &DebugMixin::DOCKER if cmd_options[:pull]
+        begin
+          tries ||=2
+          Docker::Image.create 'fromImage' => appliance_image_id, &DebugMixin::DOCKER if cmd_options[:pull]
+        rescue
+          login_to_registry appliance_image_id
+          retry unless (tries -= 1).zero?
+        end
       else
         Docker::Image.get appliance_image_id
       end

diff --git a/lib/conjur/debify/version.rb b/lib/conjur/debify/version.rb
@@ -1,5 +1,5 @@
 module Conjur
   module Debify
-    VERSION = "1.5.2"
+    VERSION = "1.5.3"
   end
 end