From 304783236df87f7b3f22da41e096a7dbf2584f72 Mon Sep 17 00:00:00 2001 From: Georgios Andrianakis Date: Thu, 9 Apr 2020 14:08:27 +0300 Subject: [PATCH] Differentiate the username/password for pulling base image with Jib Fixes: #8498 --- .../image/jib/deployment/JibConfig.java | 15 +++++++++- .../image/jib/deployment/JibProcessor.java | 29 ++++++++++--------- .../deployment/ContainerImageConfig.java | 4 +-- 3 files changed, 32 insertions(+), 16 deletions(-) diff --git a/extensions/container-image/container-image-jib/deployment/src/main/java/io/quarkus/container/image/jib/deployment/JibConfig.java b/extensions/container-image/container-image-jib/deployment/src/main/java/io/quarkus/container/image/jib/deployment/JibConfig.java index 672da42456e21..4e4f3feef122e 100644 --- a/extensions/container-image/container-image-jib/deployment/src/main/java/io/quarkus/container/image/jib/deployment/JibConfig.java +++ b/extensions/container-image/container-image-jib/deployment/src/main/java/io/quarkus/container/image/jib/deployment/JibConfig.java @@ -2,6 +2,7 @@ import java.util.List; import java.util.Map; +import java.util.Optional; import io.quarkus.runtime.annotations.ConfigItem; import io.quarkus.runtime.annotations.ConfigPhase; @@ -44,5 +45,17 @@ public class JibConfig { * Custom labels to add to the generated image */ @ConfigItem - Map labels; + public Map labels; + + /** + * The username to use to authenticate with the registry used to pull the base JVM image + */ + @ConfigItem + public Optional baseRegistryUsername; + + /** + * The password to use to authenticate with the registry used to pull the base JVM image + */ + @ConfigItem + public Optional baseRegistryPassword; } diff --git a/extensions/container-image/container-image-jib/deployment/src/main/java/io/quarkus/container/image/jib/deployment/JibProcessor.java b/extensions/container-image/container-image-jib/deployment/src/main/java/io/quarkus/container/image/jib/deployment/JibProcessor.java index c9dd1654bf27a..4681e11b671f8 100644 --- a/extensions/container-image/container-image-jib/deployment/src/main/java/io/quarkus/container/image/jib/deployment/JibProcessor.java +++ b/extensions/container-image/container-image-jib/deployment/src/main/java/io/quarkus/container/image/jib/deployment/JibProcessor.java @@ -74,9 +74,9 @@ public void buildFromJar(ContainerImageConfig containerImageConfig, JibConfig ji return; } - JibContainerBuilder jibContainerBuilder = createContainerBuilderFromJar(containerImageConfig, jibConfig, + JibContainerBuilder jibContainerBuilder = createContainerBuilderFromJar(jibConfig, sourceJar, outputTarget, mainClass, containerImageLabels); - JibContainer container = containerize(applicationInfo, containerImageConfig, jibConfig, jibContainerBuilder, + JibContainer container = containerize(applicationInfo, containerImageConfig, jibContainerBuilder, pushRequest.isPresent()); ImageReference targetImage = container.getTargetImage(); @@ -107,7 +107,7 @@ public void buildFromNative(ContainerImageConfig containerImageConfig, JibConfig JibContainerBuilder jibContainerBuilder = createContainerBuilderFromNative(containerImageConfig, jibConfig, nativeImage, containerImageLabels); - JibContainer container = containerize(applicationInfo, containerImageConfig, jibConfig, jibContainerBuilder, + JibContainer container = containerize(applicationInfo, containerImageConfig, jibContainerBuilder, pushRequest.isPresent()); ImageReference targetImage = container.getTargetImage(); @@ -117,9 +117,8 @@ public void buildFromNative(ContainerImageConfig containerImageConfig, JibConfig } private JibContainer containerize(ApplicationInfoBuildItem applicationInfo, ContainerImageConfig containerImageConfig, - JibConfig jibConfig, JibContainerBuilder jibContainerBuilder, boolean pushRequested) { - Containerizer containerizer = createContainerizer(containerImageConfig, jibConfig, applicationInfo, pushRequested); + Containerizer containerizer = createContainerizer(containerImageConfig, applicationInfo, pushRequested); try { log.info("Starting container image build"); JibContainer container = jibContainerBuilder.containerize(containerizer); @@ -133,7 +132,7 @@ private JibContainer containerize(ApplicationInfoBuildItem applicationInfo, Cont } } - private Containerizer createContainerizer(ContainerImageConfig containerImageConfig, JibConfig jibConfig, + private Containerizer createContainerizer(ContainerImageConfig containerImageConfig, ApplicationInfoBuildItem applicationInfo, boolean pushRequested) { Containerizer containerizer; ImageReference imageReference = getImageReference(containerImageConfig, applicationInfo); @@ -142,7 +141,8 @@ private Containerizer createContainerizer(ContainerImageConfig containerImageCon if (!containerImageConfig.registry.isPresent()) { log.info("No container image registry was set, so 'docker.io' will be used"); } - RegistryImage registryImage = toRegistryImage(imageReference, containerImageConfig); + RegistryImage registryImage = toRegistryImage(imageReference, containerImageConfig.username, + containerImageConfig.password); containerizer = Containerizer.to(registryImage); } else { containerizer = Containerizer.to(DockerDaemonImage.named(imageReference)); @@ -157,14 +157,14 @@ private Containerizer createContainerizer(ContainerImageConfig containerImageCon return containerizer; } - private RegistryImage toRegistryImage(ImageReference imageReference, ContainerImageConfig containerImageConfig) { + private RegistryImage toRegistryImage(ImageReference imageReference, Optional username, Optional password) { CredentialRetrieverFactory credentialRetrieverFactory = CredentialRetrieverFactory.forImage(imageReference, log::info); RegistryImage registryImage = RegistryImage.named(imageReference); registryImage.addCredentialRetriever(credentialRetrieverFactory.wellKnownCredentialHelpers()); registryImage.addCredentialRetriever(credentialRetrieverFactory.dockerConfig()); - if (containerImageConfig.username.isPresent() && containerImageConfig.password.isPresent()) { - registryImage.addCredential(containerImageConfig.username.get(), containerImageConfig.password.get()); + if (username.isPresent() && password.isPresent()) { + registryImage.addCredential(username.get(), password.get()); } return registryImage; } @@ -190,7 +190,7 @@ private ImageReference getImageReference(ContainerImageConfig containerImageConf containerImageConfig.tag.orElse(applicationInfo.getVersion())); } - private JibContainerBuilder createContainerBuilderFromJar(ContainerImageConfig containerImageConfig, JibConfig jibConfig, + private JibContainerBuilder createContainerBuilderFromJar(JibConfig jibConfig, JarBuildItem sourceJarBuildItem, OutputTargetBuildItem outputTargetBuildItem, MainClassBuildItem mainClassBuildItem, List containerImageLabels) { @@ -199,7 +199,8 @@ private JibContainerBuilder createContainerBuilderFromJar(ContainerImageConfig c Path classesDir = outputTargetBuildItem.getOutputDirectory().resolve("jib"); ZipUtils.unzip(sourceJarBuildItem.getPath(), classesDir); JavaContainerBuilder javaContainerBuilder = JavaContainerBuilder - .from(toRegistryImage(ImageReference.parse(jibConfig.baseJvmImage), containerImageConfig)) + .from(toRegistryImage(ImageReference.parse(jibConfig.baseJvmImage), jibConfig.baseRegistryUsername, + jibConfig.baseRegistryPassword)) .addResources(classesDir, IS_CLASS_PREDICATE.negate()) .addClasses(classesDir, IS_CLASS_PREDICATE) .addJvmFlags(jibConfig.jvmArguments) @@ -231,7 +232,9 @@ private JibContainerBuilder createContainerBuilderFromNative(ContainerImageConfi entrypoint.addAll(jibConfig.nativeArguments); try { AbsoluteUnixPath workDirInContainer = AbsoluteUnixPath.get("/work"); - return Jib.from(toRegistryImage(ImageReference.parse(jibConfig.baseNativeImage), containerImageConfig)) + return Jib + .from(toRegistryImage(ImageReference.parse(jibConfig.baseNativeImage), containerImageConfig.username, + containerImageConfig.password)) .addLayer(LayerConfiguration.builder() .addEntry(nativeImageBuildItem.getPath(), workDirInContainer.resolve(BINARY_NAME_IN_CONTAINER), FilePermissions.fromOctalString("775")) diff --git a/extensions/container-image/deployment/src/main/java/io/quarkus/container/image/deployment/ContainerImageConfig.java b/extensions/container-image/deployment/src/main/java/io/quarkus/container/image/deployment/ContainerImageConfig.java index 2cd100c42fbff..1becfd23b8d53 100644 --- a/extensions/container-image/deployment/src/main/java/io/quarkus/container/image/deployment/ContainerImageConfig.java +++ b/extensions/container-image/deployment/src/main/java/io/quarkus/container/image/deployment/ContainerImageConfig.java @@ -33,13 +33,13 @@ public class ContainerImageConfig { public Optional registry; /** - * The username to use to authenticate with the registry + * The username to use to authenticate with the registry where the built image will be pushed */ @ConfigItem public Optional username; /** - * The password to use to authenticate with the registry + * The password to use to authenticate with the registry where the built image will be pushed */ @ConfigItem public Optional password;