Skip to content

Commit 6fdc65a

Browse files
author
Prince Rachit Sinha
committed
[image-builder-bob] Use separate auth for target and base
1 parent 39049b3 commit 6fdc65a

File tree

2 files changed

+29
-17
lines changed

2 files changed

+29
-17
lines changed

components/image-builder-bob/cmd/proxy.go

Lines changed: 24 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -19,8 +19,8 @@ import (
1919

2020
var proxyOpts struct {
2121
BaseRef, TargetRef string
22-
Auth string
23-
AdditionalAuth string
22+
BaseAuth string
23+
TargetAuth string
2424
}
2525

2626
// proxyCmd represents the build command
@@ -31,15 +31,24 @@ var proxyCmd = &cobra.Command{
3131
log.Init("bob", "", true, os.Getenv("SUPERVISOR_DEBUG_ENABLE") == "true")
3232
log := log.WithField("command", "proxy")
3333

34-
authP, err := proxy.NewAuthorizerFromDockerEnvVar(proxyOpts.Auth)
34+
authBase, err := proxy.NewAuthorizerFromDockerEnvVar(proxyOpts.BaseAuth)
3535
if err != nil {
36-
log.WithError(err).WithField("auth", proxyOpts.Auth).Fatal("cannot unmarshal auth")
36+
log.WithError(err).WithField("auth", proxyOpts.BaseAuth).Fatal("cannot unmarshal authBase")
3737
}
38-
authA, err := proxy.NewAuthorizerFromEnvVar(proxyOpts.AdditionalAuth)
38+
authTarget, err := proxy.NewAuthorizerFromEnvVar(proxyOpts.TargetAuth)
3939
if err != nil {
40-
log.WithError(err).WithField("auth", proxyOpts.Auth).Fatal("cannot unmarshal auth")
40+
log.WithError(err).WithField("auth", proxyOpts.TargetAuth).Fatal("cannot unmarshal authTarget")
41+
}
42+
// fallback: Add missing auth to authBase from authTarget
43+
authBase = authBase.AddIfNotExists(authTarget)
44+
45+
// Just reuse authBase as authTarget if authTarget has not been supplied
46+
if authTarget == nil {
47+
authTarget = authBase
48+
} else {
49+
// fallback: Add missing auth to authTarget from authBase
50+
authTarget = authTarget.AddIfNotExists(authBase)
4151
}
42-
authP = authP.AddIfNotExists(authA)
4352

4453
baseref, err := reference.ParseNormalizedNamed(proxyOpts.BaseRef)
4554
if err != nil {
@@ -58,19 +67,22 @@ var proxyCmd = &cobra.Command{
5867
targettag = r.Tag()
5968
}
6069

61-
auth := func() docker.Authorizer { return docker.NewDockerAuthorizer(docker.WithAuthCreds(authP.Authorize)) }
70+
authB := func() docker.Authorizer { return docker.NewDockerAuthorizer(docker.WithAuthCreds(authBase.Authorize)) }
71+
authT := func() docker.Authorizer {
72+
return docker.NewDockerAuthorizer(docker.WithAuthCreds(authTarget.Authorize))
73+
}
6274
prx, err := proxy.NewProxy(&url.URL{Host: "localhost:8080", Scheme: "http"}, map[string]proxy.Repo{
6375
"base": {
6476
Host: reference.Domain(baseref),
6577
Repo: reference.Path(baseref),
6678
Tag: basetag,
67-
Auth: auth,
79+
Auth: authB,
6880
},
6981
"target": {
7082
Host: reference.Domain(targetref),
7183
Repo: reference.Path(targetref),
7284
Tag: targettag,
73-
Auth: auth,
85+
Auth: authT,
7486
},
7587
})
7688
if err != nil {
@@ -92,6 +104,6 @@ func init() {
92104
// These env vars start with `WORKSPACEKIT_` so that they aren't passed on to ring2
93105
proxyCmd.Flags().StringVar(&proxyOpts.BaseRef, "base-ref", os.Getenv("WORKSPACEKIT_BOBPROXY_BASEREF"), "ref of the base image")
94106
proxyCmd.Flags().StringVar(&proxyOpts.TargetRef, "target-ref", os.Getenv("WORKSPACEKIT_BOBPROXY_TARGETREF"), "ref of the target image")
95-
proxyCmd.Flags().StringVar(&proxyOpts.Auth, "auth", os.Getenv("WORKSPACEKIT_BOBPROXY_AUTH"), "authentication to use")
96-
proxyCmd.Flags().StringVar(&proxyOpts.AdditionalAuth, "additional-auth", os.Getenv("WORKSPACEKIT_BOBPROXY_ADDITIONALAUTH"), "additional authentication to use")
107+
proxyCmd.Flags().StringVar(&proxyOpts.BaseAuth, "base-auth", os.Getenv("WORKSPACEKIT_BOBPROXY_AUTH"), "authentication to use for base ref")
108+
proxyCmd.Flags().StringVar(&proxyOpts.TargetAuth, "target-auth", os.Getenv("WORKSPACEKIT_BOBPROXY_TARGETAUTH"), "authentication to use for target ref")
97109
}

components/image-builder-mk3/pkg/orchestrator/orchestrator.go

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -330,9 +330,9 @@ func (o *Orchestrator) Build(req *protocol.BuildRequest, resp protocol.ImageBuil
330330
bobBaseref += ":latest"
331331
}
332332
wsref, err := reference.ParseNamed(wsrefstr)
333-
var additionalAuth []byte
333+
var baseRefAuth []byte
334334
if err == nil {
335-
additionalAuth, err = json.Marshal(reqauth.GetImageBuildAuthFor([]string{
335+
baseRefAuth, err = json.Marshal(reqauth.GetImageBuildAuthFor([]string{
336336
reference.Domain(wsref),
337337
}))
338338
if err != nil {
@@ -374,15 +374,15 @@ func (o *Orchestrator) Build(req *protocol.BuildRequest, resp protocol.ImageBuil
374374
{Name: "WORKSPACEKIT_BOBPROXY_BASEREF", Value: baseref},
375375
{Name: "WORKSPACEKIT_BOBPROXY_TARGETREF", Value: wsrefstr},
376376
{
377-
Name: "WORKSPACEKIT_BOBPROXY_AUTH",
377+
Name: "WORKSPACEKIT_BOBPROXY_TARGETAUTH",
378378
Secret: &wsmanapi.EnvironmentVariable_SecretKeyRef{
379379
SecretName: o.Config.PullSecret,
380380
Key: ".dockerconfigjson",
381381
},
382382
},
383383
{
384-
Name: "WORKSPACEKIT_BOBPROXY_ADDITIONALAUTH",
385-
Value: string(additionalAuth),
384+
Name: "WORKSPACEKIT_BOBPROXY_AUTH",
385+
Value: string(baseRefAuth),
386386
},
387387
{Name: "SUPERVISOR_DEBUG_ENABLE", Value: fmt.Sprintf("%v", log.Log.Logger.IsLevelEnabled(logrus.DebugLevel))},
388388
},

0 commit comments

Comments
 (0)