Skip to content

Refactoring of DockerClientConfig #447

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Feb 7, 2016
Merged

Refactoring of DockerClientConfig #447

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
552b05d
Refactoring of DockerClientConfig to better match with docker CLI
Jan 30, 2016
3a15277
Add withDockerTlsVerify(Boolean dockerTlsVerify)
Feb 7, 2016
4bafd14
Fix README.md
Feb 7, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
64 changes: 35 additions & 29 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,56 +85,62 @@ For code examples, please look at the [Wiki](https://github.com/docker-java/dock

There are a couple of configuration items, all of which have sensible defaults:

* `url` The Docker URL, e.g. `https://localhost:2376` or `unix:///var/run/docker.sock`
* `version` The API version, e.g. `1.16`.
* `username` Your registry username (required to push containers).
* `password` Your registry password.
* `email` Your registry email.
* `serverAddress` Your registry's address.
* `dockerCertPath` Path to the docker certs.
* `DOCKER_HOST` The Docker Host URL, e.g. `tcp://localhost:2376` or `unix:///var/run/docker.sock`
* `DOCKER_TLS_VERIFY` enable/disable TLS verification (switch between `http` and `https` protocol)
* `DOCKER_CERT_PATH` Path to the certificates needed for TLS verification
* `DOCKER_CONFIG` Path for additional docker configuration files (like `.dockercfg`)
* `api.version` The API version, e.g. `1.21`.
* `registry.url` Your registry's address.
* `registry.username` Your registry username (required to push containers).
* `registry.password` Your registry password.
* `registry.email` Your registry email.

There are three ways to configure, in descending order of precedence:

#### Programmatic:
In your application, e.g.

DockerClientConfig config = DockerClientConfig.createDefaultConfigBuilder()
.withVersion("1.16")
.withUri("https://my-docker-host.tld:2376")
.withUsername("dockeruser")
.withPassword("ilovedocker")
.withEmail("dockeruser@github.com")
.withServerAddress("https://index.docker.io/v1/")
.withDockerCertPath("/home/user/.docker")
.withDockerHost("tcp://my-docker-host.tld:2376")
.withDockerTlsVerify(true)
.withDockerCertPath("/home/user/.docker/certs")
.withDockerConfig("/home/user/.docker")
.withApiVersion("1.21")
.withRegistryUrl("https://index.docker.io/v1/")
.withRegistryUsername("dockeruser")
.withRegistryPassword("ilovedocker")
.withRegistryEmail("dockeruser@github.com")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why do you need registry related things in client initialisation?
I.e. if you have 2 auth registries you should call auth cmd and only then push.
I also not sure what will happen with parallel pushes...
PS. found, pull/push supports optional auth methods.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Btw, how AuthCmd should work?

        final AuthConfig authConfig = new AuthConfig();
        authConfig.setPassword("docker-registry-password");
        authConfig.setUsername("docker-registry-login");
        authConfig.setEmail("sdf@sdf.com");
        authConfig.setServerAddress(String.format("%s:%d", d.getHost(), nginxContainer.getExposedPort()));

        DockerClientConfig clientConfig = new DockerClientConfig.DockerClientConfigBuilder()
       //         .withUsername("docker-registry-login")
       //         .withServerAddress(String.format("http://%s:%d", d.getHost(), nginxContainer.getExposedPort()))
                .withUri(String.format("http://%s:44447", d.getHost()))
                .build();

        DockerCmdExecFactoryImpl dockerCmdExecFactory = new DockerCmdExecFactoryImpl()
                .withReadTimeout(0)
                .withConnectTimeout(10000);

        DockerClient dockerClient = DockerClientBuilder.getInstance(clientConfig)
                .withDockerCmdExecFactory(dockerCmdExecFactory)
                .build();

        final AuthResponse authResponse = dockerClient.authCmd()
                .withAuthConfig(authConfig)
                .exec();

        LOG.debug(authResponse.getStatus());

With uncommented lines fails because authCmd() checks for username+server:

java.lang.NullPointerException: Configured username is null.

    at com.github.kostyasha.yad.docker_java.com.google.common.base.Preconditions.checkNotNull(Preconditions.java:226)
    at com.github.kostyasha.yad.docker_java.com.github.dockerjava.core.DockerClientImpl.authConfig(DockerClientImpl.java:141)
    at com.github.kostyasha.yad.docker_java.com.github.dockerjava.core.DockerClientImpl.authCmd(DockerClientImpl.java:162)

And it impossible to set new auth with later command.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think credentials in config originated from times when only docker hub was there and no private registries existed. So currently you can think of it as a default credential. There is an open issue #316 that is related to a refactoring of the auth configurations also. IMHO these authentication issues are out of scope of this PR and should be fixed in a separate one.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok, 🏧 developing ability to specify credentials for pull/push images for jenkins plugin and decided to ask during refactoring.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#452

.build();
DockerClient docker = DockerClientBuilder.getInstance(config).build();

#### Properties

docker.io.url=https://localhost:2376
docker.io.version=1.16
docker.io.username=dockeruser
docker.io.password=ilovedocker
docker.io.email=dockeruser@github.com
docker.io.serverAddress=https://index.docker.io/v1/
docker.io.dockerCertPath=/home/user/.docker
#### Properties (docker-java.properties)

DOCKER_HOST=tcp://localhost:2376
DOCKER_TLS_VERIFY=1
DOCKER_CERT_PATH=/home/user/.docker/certs
DOCKER_CONFIG=/home/user/.docker
api.version=1.21
registry.url=https://index.docker.io/v1/
registry.username=dockeruser
registry.password=ilovedocker
registry.email=dockeruser@github.com

##### System Properties:

java -Ddocker.io.username=dockeruser pkg.Main
java -Dregistry.username=dockeruser pkg.Main

##### System Environment

export DOCKER_URL=http://localhost:2376

Note: we also auto-detect defaults. If you use `DOCKER_HOST` we use that value, and if `DOCKER_CERT_PATH` or `DOCKER_TLS_VERIFY=1` is set, we switch to SSL.
export DOCKER_URL=tcp://localhost:2376
export DOCKER_TLS_VERIFY=1
export DOCKER_CERT_PATH=/home/user/.docker/certs
export DOCKER_CONFIG=/home/user/.docker

##### File System

In `$HOME/.docker.io.properties`
In `$HOME/.docker-java.properties`

##### Class Path

In the class path at `/docker.io.properties`
In the class path at `/docker-java.properties`

4 changes: 4 additions & 0 deletions src/main/java/com/github/dockerjava/api/command/DockerCmdExecFactory.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@
import java.io.Closeable;
import java.io.IOException;

import javax.net.ssl.SSLContext;

import com.github.dockerjava.core.DockerClientConfig;

public interface DockerCmdExecFactory extends Closeable {
Expand Down Expand Up @@ -105,6 +107,8 @@ public interface DockerCmdExecFactory extends Closeable {

public DisconnectFromNetworkCmd.Exec createDisconnectFromNetworkCmdExec();

public DockerCmdExecFactory withSSLContext(SSLContext sslContext);

@Override
public void close() throws IOException;

Expand Down
Loading