public async Task TestGetRegistryAuthenticatorAsync()
{
RegistryClient registryClient =
RegistryClient.CreateFactory(EventHandlers.NONE, "registry.hub.docker.com", "library/busybox")
.NewRegistryClient();
RegistryAuthenticator registryAuthenticator = await registryClient.GetRegistryAuthenticatorAsync().ConfigureAwait(false);
Assert.IsNotNull(registryAuthenticator);
Authorization authorization = await registryAuthenticator.AuthenticatePullAsync(null).ConfigureAwait(false);
RegistryClient authorizedRegistryClient =
RegistryClient.CreateFactory(EventHandlers.NONE, "registry.hub.docker.com", "library/busybox")
.SetAuthorization(authorization)
.NewRegistryClient();
await authorizedRegistryClient.PullManifestAsync("latest").ConfigureAwait(false);
}
public async Task TestAuthenticateAsync()
{
ImageReference dockerHubImageReference = ImageReference.Parse("library/busybox");
RegistryAuthenticator registryAuthenticator =
await RegistryClient.CreateFactory(
EventHandlers.NONE,
dockerHubImageReference.GetRegistry(),
dockerHubImageReference.GetRepository())
.NewRegistryClient()
.GetRegistryAuthenticatorAsync().ConfigureAwait(false);
Assert.IsNotNull(registryAuthenticator);
Authorization authorization = await registryAuthenticator.AuthenticatePullAsync(null).ConfigureAwait(false);
// Checks that some token was received.
Assert.IsTrue(0 < authorization.GetToken().Length);
}
private async Task <BaseImageWithAuthorization> GetOauthBaseImage(IEventHandlers eventHandlers, ProgressEventDispatcher progressEventDispatcher)
{
try
{
RetrieveRegistryCredentialsStep retrieveBaseRegistryCredentialsStep =
RetrieveRegistryCredentialsStep.ForBaseImage(
buildConfiguration,
progressEventDispatcher.NewChildProducer(), this.Index);
Credential registryCredential =
await retrieveBaseRegistryCredentialsStep.GetFuture().ConfigureAwait(false);
Authorization registryAuthorization =
registryCredential?.IsOAuth2RefreshToken() != false
? null
: Authorization.FromBasicCredentials(
registryCredential.GetUsername(), registryCredential.GetPassword());
RegistryAuthenticator registryAuthenticator =
await buildConfiguration
.NewBaseImageRegistryClientFactory()
.NewRegistryClient()
.GetRegistryAuthenticatorAsync().ConfigureAwait(false);
if (registryAuthenticator != null)
{
Authorization pullAuthorization =
await registryAuthenticator.AuthenticatePullAsync(registryCredential, eventHandlers)
.ConfigureAwait(false);
return(new BaseImageWithAuthorization(
await PullBaseImageAsync(pullAuthorization, progressEventDispatcher)
.ConfigureAwait(false), pullAuthorization));
}
}
catch (Exception e)
{
// Cannot skip certificate validation or use HTTP; fall through.
eventHandlers.Dispatch(LogEvent.Error(Resources.PullBaseImageStepAuthenticationErrorMessage + ",err:" + e.Message));
throw;
}
eventHandlers.Dispatch(LogEvent.Error(Resources.PullBaseImageStepAuthenticationErrorMessage + ",err:BaseImageCredential not config "));
throw new Exception("BaseImageCredential not config");
}
public async Task <BaseImageWithAuthorization> CallAsync()
{
IEventHandlers eventHandlers = buildConfiguration.GetEventHandlers();
// Skip this step if this is a scratch image
ImageConfiguration baseImageConfiguration = buildConfiguration.GetBaseImageConfiguration();
string description = string.Format(
CultureInfo.CurrentCulture,
Resources.PullBaseImageStepDescriptionFormat,
buildConfiguration.GetBaseImageConfiguration().GetImage());
eventHandlers.Dispatch(LogEvent.Progress(description));
if (baseImageConfiguration.GetImage().IsScratch())
{
return(new BaseImageWithAuthorization(
Image.CreateBuilder(buildConfiguration.GetTargetFormat()).Build(), null));
}
if (buildConfiguration.IsOffline())
{
return(new BaseImageWithAuthorization(PullBaseImageOffline(), null));
}
using (ProgressEventDispatcher progressEventDispatcher = progressEventDispatcherFactory.Create(description, 2))
using (new TimerEventDispatcher(buildConfiguration.GetEventHandlers(), description))
{
// First, try with no credentials.
try
{
return(new BaseImageWithAuthorization(await PullBaseImageAsync(null, progressEventDispatcher).ConfigureAwait(false), null));
}
catch (RegistryUnauthorizedException)
{
eventHandlers.Dispatch(
LogEvent.Lifecycle(
"The base image requires auth. Trying again for "
+ buildConfiguration.GetBaseImageConfiguration().GetImage()
+ "..."));
// If failed, then, retrieve base registry credentials and try with retrieved credentials.
// TODO: Refactor the logic in RetrieveRegistryCredentialsStep out to
// registry.credentials.RegistryCredentialsRetriever to avoid this direct executor hack.
RetrieveRegistryCredentialsStep retrieveBaseRegistryCredentialsStep =
RetrieveRegistryCredentialsStep.ForBaseImage(
buildConfiguration,
progressEventDispatcher.NewChildProducer());
Credential registryCredential = await retrieveBaseRegistryCredentialsStep.GetFuture().ConfigureAwait(false);
Authorization registryAuthorization =
registryCredential?.IsOAuth2RefreshToken() != false
? null
: Authorization.FromBasicCredentials(
registryCredential.GetUsername(), registryCredential.GetPassword());
try
{
return(new BaseImageWithAuthorization(
await PullBaseImageAsync(registryAuthorization, progressEventDispatcher).ConfigureAwait(false), registryAuthorization));
}
catch (RegistryUnauthorizedException)
{
// The registry requires us to authenticate using the Docker Token Authentication.
// See https://docs.docker.com/registry/spec/auth/token
try
{
RegistryAuthenticator registryAuthenticator =
await buildConfiguration
.NewBaseImageRegistryClientFactory()
.NewRegistryClient()
.GetRegistryAuthenticatorAsync().ConfigureAwait(false);
if (registryAuthenticator != null)
{
Authorization pullAuthorization =
await registryAuthenticator.AuthenticatePullAsync(registryCredential).ConfigureAwait(false);
return(new BaseImageWithAuthorization(
await PullBaseImageAsync(pullAuthorization, progressEventDispatcher).ConfigureAwait(false), pullAuthorization));
}
}
catch (InsecureRegistryException)
{
// Cannot skip certificate validation or use HTTP; fall through.
}
eventHandlers.Dispatch(LogEvent.Error(Resources.PullBaseImageStepAuthenticationErrorMessage));
throw;
}
}
}
}