source registry secrets from db

This commit is contained in:
Brad Rydzewski 2017-04-07 01:04:25 +09:00
parent 7a98bf5398
commit 4502e5a256
13 changed files with 129 additions and 45 deletions

View file

@ -17,7 +17,7 @@ var registryCreateCmd = cli.Command{
cli.StringFlag{
Name: "hostname",
Usage: "registry hostname",
Value: "index.docker.io",
Value: "docker.io",
},
cli.StringFlag{
Name: "username",

View file

@ -19,7 +19,7 @@ var registryInfoCmd = cli.Command{
cli.StringFlag{
Name: "hostname",
Usage: "registry hostname",
Value: "index.docker.io",
Value: "docker.io",
},
cli.StringFlag{
Name: "format",

View file

@ -14,7 +14,7 @@ var registryDeleteCmd = cli.Command{
cli.StringFlag{
Name: "hostname",
Usage: "registry hostname",
Value: "index.docker.io",
Value: "docker.io",
},
},
}

View file

@ -17,7 +17,7 @@ var registryUpdateCmd = cli.Command{
cli.StringFlag{
Name: "hostname",
Usage: "registry hostname",
Value: "index.docker.io",
Value: "docker.io",
},
cli.StringFlag{
Name: "username",

View file

@ -201,6 +201,10 @@ func PostApproval(c *gin.Context) {
if err != nil {
logrus.Debugf("Error getting secrets for %s#%d. %s", repo.FullName, build.Number, err)
}
regs, err := store.FromContext(c).RegistryList(repo)
if err != nil {
logrus.Debugf("Error getting registry credentials for %s#%d. %s", repo.FullName, build.Number, err)
}
defer func() {
uri := fmt.Sprintf("%s/%s/%d", httputil.GetURL(c.Request), repo.FullName, build.Number)
@ -216,6 +220,7 @@ func PostApproval(c *gin.Context) {
Last: last,
Netrc: netrc,
Secs: secs,
Regs: regs,
Link: httputil.GetURL(c.Request),
Yaml: string(raw),
}
@ -475,6 +480,10 @@ func PostBuild(c *gin.Context) {
if err != nil {
logrus.Debugf("Error getting secrets for %s#%d. %s", repo.FullName, build.Number, err)
}
regs, err := store.FromContext(c).RegistryList(repo)
if err != nil {
logrus.Debugf("Error getting registry credentials for %s#%d. %s", repo.FullName, build.Number, err)
}
b := builder{
Repo: repo,
@ -482,6 +491,7 @@ func PostBuild(c *gin.Context) {
Last: last,
Netrc: netrc,
Secs: secs,
Regs: regs,
Link: httputil.GetURL(c.Request),
Yaml: string(raw),
}

View file

@ -159,6 +159,11 @@ func PostHook(c *gin.Context) {
logrus.Debugf("Error getting secrets for %s#%d. %s", repo.FullName, build.Number, err)
}
regs, err := store.FromContext(c).RegistryList(repo)
if err != nil {
logrus.Debugf("Error getting registry credentials for %s#%d. %s", repo.FullName, build.Number, err)
}
var mustApprove bool
if build.Event == model.EventPull {
for _, sec := range secs {
@ -255,6 +260,7 @@ func PostHook(c *gin.Context) {
Last: last,
Netrc: netrc,
Secs: secs,
Regs: regs,
Link: httputil.GetURL(c.Request),
Yaml: string(raw),
}
@ -411,6 +417,7 @@ type builder struct {
Last *model.Build
Netrc *model.Netrc
Secs []*model.Secret
Regs []*model.Registry
Link string
Yaml string
}
@ -491,6 +498,15 @@ func (b *builder) Build() ([]*buildItem, error) {
return nil, err
}
var registries []compiler.Registry
for _, reg := range b.Regs {
registries = append(registries, compiler.Registry{
Username: reg.Username,
Password: reg.Password,
Email: reg.Email,
})
}
ir := compiler.New(
compiler.WithEnviron(environ),
// TODO ability to customize the escalated plugins
@ -504,6 +520,7 @@ func (b *builder) Build() ([]*buildItem, error) {
),
b.Repo.IsPrivate,
),
compiler.WithRegistry(registries...),
compiler.WithPrefix(
fmt.Sprintf(
"%d_%d",

View file

@ -12,17 +12,26 @@ import (
// TODO(bradrydzewski) compiler should handle user-defined volumes from YAML
// TODO(bradrydzewski) compiler should handle user-defined networks from YAML
type Registry struct {
Hostname string
Username string
Password string
Email string
Token string
}
// Compiler compiles the yaml
type Compiler struct {
local bool
escalated []string
prefix string
volumes []string
env map[string]string
base string
path string
metadata frontend.Metadata
aliases []string
local bool
escalated []string
prefix string
volumes []string
env map[string]string
base string
path string
metadata frontend.Metadata
registries []Registry
aliases []string
}
// New creates a new Compiler with options.

View file

@ -88,6 +88,20 @@ func (c *Compiler) createProcess(name string, container *yaml.Container) *backen
environment["SHELL"] = "/bin/sh"
}
authConfig := backend.Auth{
Username: container.AuthConfig.Username,
Password: container.AuthConfig.Password,
Email: container.AuthConfig.Email,
}
for _, registry := range c.registries {
if matchHostname(image, registry.Hostname) {
authConfig.Username = registry.Username
authConfig.Password = registry.Password
authConfig.Email = registry.Email
break
}
}
return &backend.Step{
Name: name,
Alias: container.Name,
@ -112,12 +126,8 @@ func (c *Compiler) createProcess(name string, container *yaml.Container) *backen
CPUQuota: int64(container.CPUQuota),
CPUShares: int64(container.CPUShares),
CPUSet: container.CPUSet,
AuthConfig: backend.Auth{
Username: container.AuthConfig.Username,
Password: container.AuthConfig.Password,
Email: container.AuthConfig.Email,
},
OnSuccess: container.Constraints.Status.Match("success"),
AuthConfig: authConfig,
OnSuccess: container.Constraints.Status.Match("success"),
OnFailure: (len(container.Constraints.Status.Include)+
len(container.Constraints.Status.Exclude) != 0) &&
container.Constraints.Status.Match("failure"),

View file

@ -34,3 +34,13 @@ func matchImage(from string, to ...string) bool {
}
return false
}
// matchHostname returns true if the image hostname
// matches the specified hostname.
func matchHostname(image, hostname string) bool {
ref, err := reference.ParseNamed(image)
if err != nil {
return false
}
return ref.Hostname() == hostname
}

View file

@ -31,6 +31,14 @@ func WithVolumes(volumes ...string) Option {
}
}
// WithRegistry configures the compiler with registry credentials
// that should be used to download images.
func WithRegistry(registries ...Registry) Option {
return func(compiler *Compiler) {
compiler.registries = registries
}
}
// WithMetadata configutes the compiler with the repostiory, build
// and system metadata. The metadata is used to remove steps from
// the compiled pipeline configuration that should be skipped. The

17
vendor/github.com/cncd/queue/fifo.go generated vendored
View file

@ -92,6 +92,23 @@ func (q *fifo) Error(c context.Context, id string, err error) error {
return nil
}
// Evict removes a pending task from the queue.
func (q *fifo) Evict(c context.Context, id string) error {
q.Lock()
defer q.Unlock()
var next *list.Element
for e := q.pending.Front(); e != nil; e = next {
next = e.Next()
task, ok := e.Value.(*Task)
if ok && task.ID == id {
q.pending.Remove(e)
return nil
}
}
return ErrNotFound
}
// Wait waits until the item is done executing.
func (q *fifo) Wait(c context.Context, id string) error {
q.Lock()

View file

@ -59,6 +59,9 @@ type Queue interface {
// Error signals the task is complete with errors.
Error(c context.Context, id string, err error) error
// Evict removes a pending task from the queue.
Evict(c context.Context, id string) error
// Wait waits until the task is complete.
Wait(c context.Context, id string) error

52
vendor/vendor.json vendored
View file

@ -28,68 +28,68 @@
{
"checksumSHA1": "W3AuK8ocqHwlUajGmQLFvnRhTZE=",
"path": "github.com/cncd/pipeline/pipeline",
"revision": "4b348532eddd31220de9a179c197d31a78b200f5",
"revisionTime": "2017-03-29T08:36:18Z"
"revision": "087d10834b19bbb8d1665152696ca63883610021",
"revisionTime": "2017-04-06T15:46:03Z"
},
{
"checksumSHA1": "Qu2FreqaMr8Yx2bW9O0cxAGgjr0=",
"path": "github.com/cncd/pipeline/pipeline/backend",
"revision": "4b348532eddd31220de9a179c197d31a78b200f5",
"revisionTime": "2017-03-29T08:36:18Z"
"revision": "087d10834b19bbb8d1665152696ca63883610021",
"revisionTime": "2017-04-06T15:46:03Z"
},
{
"checksumSHA1": "0CGXRaYwZhJxGIrGhn8WGpkFqPo=",
"path": "github.com/cncd/pipeline/pipeline/backend/docker",
"revision": "4b348532eddd31220de9a179c197d31a78b200f5",
"revisionTime": "2017-03-29T08:36:18Z"
"revision": "087d10834b19bbb8d1665152696ca63883610021",
"revisionTime": "2017-04-06T15:46:03Z"
},
{
"checksumSHA1": "/8wE+cVb7T4PQZgpLNu0DHzKGuE=",
"path": "github.com/cncd/pipeline/pipeline/frontend",
"revision": "4b348532eddd31220de9a179c197d31a78b200f5",
"revisionTime": "2017-03-29T08:36:18Z"
"revision": "087d10834b19bbb8d1665152696ca63883610021",
"revisionTime": "2017-04-06T15:46:03Z"
},
{
"checksumSHA1": "O0sulBQAHJeNLg3lO38Cq5uf/eg=",
"path": "github.com/cncd/pipeline/pipeline/frontend/yaml",
"revision": "4b348532eddd31220de9a179c197d31a78b200f5",
"revisionTime": "2017-03-29T08:36:18Z"
"revision": "087d10834b19bbb8d1665152696ca63883610021",
"revisionTime": "2017-04-06T15:46:03Z"
},
{
"checksumSHA1": "ftyr9EJQl9D5OvzOcqGBS6stt0g=",
"checksumSHA1": "4gmWpW2MkXgWGSSvSoRFu1YjGbQ=",
"path": "github.com/cncd/pipeline/pipeline/frontend/yaml/compiler",
"revision": "4b348532eddd31220de9a179c197d31a78b200f5",
"revisionTime": "2017-03-29T08:36:18Z"
"revision": "087d10834b19bbb8d1665152696ca63883610021",
"revisionTime": "2017-04-06T15:46:03Z"
},
{
"checksumSHA1": "Q0GkNUFamVYIA1Fd8r0A5M6Gx54=",
"path": "github.com/cncd/pipeline/pipeline/frontend/yaml/linter",
"revision": "4b348532eddd31220de9a179c197d31a78b200f5",
"revisionTime": "2017-03-29T08:36:18Z"
"revision": "087d10834b19bbb8d1665152696ca63883610021",
"revisionTime": "2017-04-06T15:46:03Z"
},
{
"checksumSHA1": "kx2sPUIMozPC/g6E4w48h3FfH3k=",
"path": "github.com/cncd/pipeline/pipeline/frontend/yaml/matrix",
"revision": "4b348532eddd31220de9a179c197d31a78b200f5",
"revisionTime": "2017-03-29T08:36:18Z"
"revision": "087d10834b19bbb8d1665152696ca63883610021",
"revisionTime": "2017-04-06T15:46:03Z"
},
{
"checksumSHA1": "2/3f3oNmxXy5kcrRLCFa24Oc9O4=",
"path": "github.com/cncd/pipeline/pipeline/interrupt",
"revision": "4b348532eddd31220de9a179c197d31a78b200f5",
"revisionTime": "2017-03-29T08:36:18Z"
"revision": "087d10834b19bbb8d1665152696ca63883610021",
"revisionTime": "2017-04-06T15:46:03Z"
},
{
"checksumSHA1": "uOjTfke7Qxosrivgz/nVTHeIP5g=",
"path": "github.com/cncd/pipeline/pipeline/multipart",
"revision": "4b348532eddd31220de9a179c197d31a78b200f5",
"revisionTime": "2017-03-29T08:36:18Z"
"revision": "087d10834b19bbb8d1665152696ca63883610021",
"revisionTime": "2017-04-06T15:46:03Z"
},
{
"checksumSHA1": "TP5lK1T8cOKv5QjZ2nqdlYczSTo=",
"path": "github.com/cncd/pipeline/pipeline/rpc",
"revision": "4b348532eddd31220de9a179c197d31a78b200f5",
"revisionTime": "2017-03-29T08:36:18Z"
"revision": "087d10834b19bbb8d1665152696ca63883610021",
"revisionTime": "2017-04-06T15:46:03Z"
},
{
"checksumSHA1": "7Qj1DK0ceAXkYztW0l3+L6sn+V8=",
@ -98,10 +98,10 @@
"revisionTime": "2017-03-03T07:06:35Z"
},
{
"checksumSHA1": "AG4M07wOZNTnSFHJIfdXT2ymnts=",
"checksumSHA1": "7/jDRi3wCIn5jExBspvFRzRQsGE=",
"path": "github.com/cncd/queue",
"revision": "1ce1ada7160f1eda015a16c1b7f9ea497fa36873",
"revisionTime": "2017-03-03T07:04:55Z"
"revision": "63b1974bbcc9b4b251ed18f88edc3a643eb64ff7",
"revisionTime": "2017-04-06T02:25:48Z"
},
{
"origin": "github.com/stretchr/testify/vendor/github.com/davecgh/go-spew/spew",