Skip to content

Add function to refresh credentials from config.json #1586

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 2, 2017
Merged

Add function to refresh credentials from config.json #1586

merged 2 commits into from
May 2, 2017

Conversation

terminalmage
Copy link
Contributor

@terminalmage terminalmage commented May 2, 2017
edited
Loading

SCENARIO

  1. docker-py performs an action that sets the X-Registry-Auth header in the API request (push, pull, etc.)
  2. Password is changed for a registry.
  3. docker login is performed on the CLI to update the config.json.
  4. Pushes for the client instance now fail, since it has cached the auth configuration.

SOLUTION

  • Add a refresh param (default: False) to docker.auth.get_config_header() which, when True, forces a refresh of the config.json.

  • Update all functions which call docker.auth.get_config_header() to support a refresh_credentials argument (default: False) which is passed through as refresh when get_config_header() is called.

  • Using client.push('myuser/myimage', tag='mytag', refresh_credentials=True), docker-py now has up-to-date auth configuration.

  • A function has been added to the DaemonApiMixin which allows for the auth to be reloaded for an existing APIClient instance (e.g. client.reload_config())

@GordonTheTurtle
Copy link

Please sign your commits following these rules:
https://github.com/moby/moby/blob/master/CONTRIBUTING.md#sign-your-work
The easiest way to do this is to amend the last commit:

$ git clone -b "refresh_credentials" git@github.com:terminalmage/docker-py.git somewhere
$ cd somewhere
$ git commit --amend -s --no-edit
$ git push -f

Amending updates the existing PR. You DO NOT need to open a new one.

@terminalmage terminalmage force-pushed the refresh_credentials branch from 0ca2663 to c6645c8 Compare May 2, 2017 17:53
@terminalmage terminalmage force-pushed the refresh_credentials branch from c6645c8 to 59e1ad0 Compare May 2, 2017 17:57
This was referenced May 2, 2017
Merged
Closed
shin-
shin- suggested changes May 2, 2017
View reviewed changes
Copy link
Contributor

@shin- shin- left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That feels like the wrong approach. You could have a Client.reload_config() instead that would be a one-liner, and much more flexible.

@terminalmage
Copy link
Contributor Author

@shin- That's a good idea. Would this be best added to the DaemonApiMixin, or to the APIClient itself?

@terminalmage
Copy link
Contributor Author

Since the _auth_configs are initially created in the APIClient, it's probably best to locate it there.

@terminalmage
Copy link
Contributor Author

Hmm, maybe not. It looks like, from a design perspective, the functionality in the APIClient is largely from the mixins, there are only a couple public functions in APIClient proper.

@terminalmage terminalmage changed the title Add argument to refresh credentials from config.json Add function to refresh credentials from config.json May 2, 2017
@terminalmage terminalmage force-pushed the refresh_credentials branch from 59e1ad0 to 81927f0 Compare May 2, 2017 19:51
@terminalmage
Copy link
Contributor Author

@shin- I've removed the earlier commit and added the function to the DaemonApiMixin. Let me know if you think other changes need to be made.

@terminalmage
Add a reload_config function to the DaemonApiMixin
0f84341 
This allows the client to reload the config.json for an existing
APIClient instance.

Signed-off-by: Erik Johnson <palehose@gmail.com>
@terminalmage terminalmage force-pushed the refresh_credentials branch from 81927f0 to 0f84341 Compare May 2, 2017 20:10
terminalmage added a commit to terminalmage/salt that referenced this pull request May 2, 2017
@terminalmage
Use proposed docker-py reload_config() func
b8d1dcc 
See docker/docker-py#1586

This allows an existing client instance to disregard its cached auth
config and use the most up-to-date login info from the config.json.
shin-
shin- suggested changes May 2, 2017
View reviewed changes
Copy link
Contributor

@shin- shin- left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

This is headed in the right direction. Just a few comments to address.

docker/api/daemon.py Outdated
url = self._url("/version", versioned_api=api_version)
return self._result(self._get(url), json=True)

def reload_config(self, dockercfg_path=None):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, since this is not an API call, it should probably be added to the APIClient class instead.

docker/api/daemon.py Outdated
# if so load that config.
if dockercfg_path and os.path.exists(dockercfg_path):
self._auth_configs = auth.load_config(dockercfg_path)
self._auth_configs = self.reload_config(dockercfg_path)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reload_config returns None, so this is probably not correct.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, duh. I was thinking of code re-use and obviously did not test this part of the code. Good catch. Since I'm moving this to the APIClient I'll just revert these two changes in the login func.

docker/api/daemon.py Outdated
self._auth_configs = self.reload_config(dockercfg_path)
elif not self._auth_configs:
self._auth_configs = auth.load_config()
self._auth_configs = self.reload_config()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here

docker/api/daemon.py Outdated

def reload_config(self, dockercfg_path=None):
"""
Forces a reload of the auth configuration
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: "Force" instead of "Forces"

@terminalmage
Move reload_config func into the APIClient
550c31e 
Also revert an incorrect change in the DaemonApiMixin's login func

Signed-off-by: Erik Johnson <palehose@gmail.com>
@terminalmage terminalmage force-pushed the refresh_credentials branch from 313cc9e to 550c31e Compare May 2, 2017 21:26
@terminalmage
Copy link
Contributor Author

@shin- Thanks for the comments, I believe I have addressed them all.

@shin- shin- added this to the 2.3.0 milestone May 2, 2017
shin-
shin- approved these changes May 2, 2017
View reviewed changes
Copy link
Contributor

@shin- shin- left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you, LGTM!

@shin- shin- merged commit 35b8c0a into docker:master May 2, 2017
@terminalmage
Copy link
Contributor Author

👍

@terminalmage terminalmage deleted the refresh_credentials branch October 26, 2017 15:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@shin- shin- shin- approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

2.3.0

Development

Successfully merging this pull request may close these issues.

3 participants

@terminalmage @GordonTheTurtle @shin-