Skip to content

Commit

Permalink
[auth] Do not run Gantry if log into registry failed.
Browse files Browse the repository at this point in the history
  • Loading branch information
@shizunge
shizunge committed Feb 13, 2024
1 parent fa0d4fb commit dcf6892
Show file tree
Hide file tree
Showing 2 changed files with 38 additions and 78 deletions.
50 changes: 34 additions & 16 deletions src/lib-gantry.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,9 +37,10 @@ _login_registry() {
# shellcheck disable=SC2086
if ! LOGIN_MSG=$(echo "${PASSWORD}" | docker ${DOCKER_CONFIG} login --username="${USER}" --password-stdin "${HOST}" 2>&1); then
log ERROR "Failed to login to registry${CONFIG_MESSAGE}. ${LOGIN_MSG}"
else
log INFO "Logged into registry${CONFIG_MESSAGE}. ${LOGIN_MSG}"
return 1
fi
log INFO "Logged into registry${CONFIG_MESSAGE}. ${LOGIN_MSG}"
return 0
}

gantry_read_registry_username() {
Expand Down Expand Up @@ -69,10 +70,15 @@ _authenticate_to_registries() {
if ! USER=$(gantry_read_registry_username 2>&1); then
log ERROR "Failed to set USER: ${USER}" && return 1;
fi
local ACCUMULATED_ERRORS=0
if [ -n "${USER}" ]; then
_login_registry "${USER}" "${PASSWORD}" "${HOST}" "${CONFIG}"
ACCUMULATED_ERRORS=$((ACCUMULATED_ERRORS + $?))
fi
if [ -z "${CONFIGS_FILE}" ]; then
[ ${ACCUMULATED_ERRORS} -gt 0 ] && return 1
return 0
fi
[ -z "${CONFIGS_FILE}" ] && return 0
[ ! -r "${CONFIGS_FILE}" ] && log ERROR "Failed to read ${CONFIGS_FILE}." && return 1
local LINE=
while read -r LINE; do
Expand All @@ -86,14 +92,24 @@ _authenticate_to_registries() {
USER=$(echo "${LINE}" | cut -d ' ' -f 3)
PASSWORD=$(echo "${LINE}" | cut -d ' ' -f 4)
OTHERS=$(echo "${LINE}" | cut -d ' ' -f 5-)
if [ -n "${OTHERS}" ] || [ -z "${CONFIG}" ] || \
[ -z "${HOST}" ] || [ -z "${USER}" ] || [ -z "${PASSWORD}" ]; then
log ERROR "CONFIGS_FILE ${CONFIGS_FILE} format error. A line should contains only \"<CONFIG> <HOST> <USER> <PASSWORD>\"."
local ERROR_MSG=
if [ -n "${OTHERS}" ]; then
ERROR_MSG="Found extra item(s)."
fi
if [ -z "${CONFIG}" ] || [ -z "${HOST}" ] || [ -z "${USER}" ] || [ -z "${PASSWORD}" ]; then
ERROR_MSG="Missing item(s)."
fi
if [ -n "${ERROR_MSG}" ]; then
log ERROR "CONFIGS_FILE ${CONFIGS_FILE} format error. ${ERROR_MSG} A line should contains exactly \"<CONFIG> <HOST> <USER> <PASSWORD>\"."
log DEBUG "CONFIGS_FILE ${CONFIGS_FILE} format error. Got \"${LINE}\"."
return 1
ACCUMULATED_ERRORS=$((ACCUMULATED_ERRORS + 1))
continue
fi
_login_registry "${USER}" "${PASSWORD}" "${HOST}" "${CONFIG}"
ACCUMULATED_ERRORS=$((ACCUMULATED_ERRORS + $?))
done < <(cat "${CONFIGS_FILE}"; echo;)
[ ${ACCUMULATED_ERRORS} -gt 0 ] && return 1
return 0
}

_send_notification() {
Expand Down Expand Up @@ -134,7 +150,7 @@ _remove_container() {
log ERROR "Failed to list ${STATUS} containers with image ${IMAGE}.";
echo "${CIDS}" | log_lines ERROR
return 1;
fi;
fi
local CID CNAME CRM_MSG
for CID in ${CIDS}; do
CNAME=$(docker container inspect --format '{{.Name}}' "${CID}");
Expand All @@ -144,8 +160,8 @@ _remove_container() {
continue;
fi
log INFO "Removed ${STATUS} container ${CNAME}. It was using image ${IMAGE}.";
done;
};
done
}

gantry_remove_images() {
local IMAGES_TO_REMOVE="${1}"
Expand All @@ -154,16 +170,16 @@ gantry_remove_images() {
if ! docker image inspect "${IMAGE}" 1>/dev/null 2>&1 ; then
log DEBUG "There is no image ${IMAGE} on the node.";
continue;
fi;
fi
_remove_container "${IMAGE}" exited;
_remove_container "${IMAGE}" dead;
if ! RMI_MSG=$(docker rmi "${IMAGE}" 2>&1); then
log ERROR "Failed to remove image ${IMAGE}.";
echo "${RMI_MSG}" | log_lines ERROR
continue;
fi;
fi
log INFO "Removed image ${IMAGE}.";
done;
done
log INFO "Done removing images.";
}

Expand Down Expand Up @@ -328,9 +344,9 @@ _current_container_name() {
_static_variable_add_unique_to_list STATIC_VAR_CURRENT_CONTAINER_NAME "${NAME}"
echo "${NAME}";
return 0;
done;
done;
done;
done
done
done
return 0;
}

Expand Down Expand Up @@ -631,6 +647,8 @@ _rollback_service() {
log INFO "Rolled back ${SERVICE_NAME}."
}

# return 0 when there is no error or failure.
# return 1 when there are error(s) or failure(s).
_update_single_service() {
local UPDATE_TIMEOUT_SECONDS="${GANTRY_UPDATE_TIMEOUT_SECONDS:-300}"
local UPDATE_OPTIONS="${GANTRY_UPDATE_OPTIONS:-""}"
Expand Down
66 changes: 4 additions & 62 deletions tests/gantry_login_spec.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,7 @@ Describe 'Login'
The stderr should satisfy spec_expect_no_message "${FAILED_TO_REMOVE_IMAGE}.*${IMAGE_WITH_TAG}"
End
End
Describe "test_login_REGISTRY_CONFIGS_FILE_bad_format_extra" "container_test:false"
Describe "test_login_REGISTRY_CONFIGS_FILE_bad_format" "container_test:false"
TEST_NAME="test_login_REGISTRY_CONFIGS_FILE_bad_format_extra"
IMAGE_WITH_TAG=$(get_image_with_tag)
SERVICE_NAME="gantry-test-$(unique_id)"
Expand All @@ -170,65 +170,6 @@ Describe 'Login'
docker service update --quiet --label-add "${LABEL}=${CONFIG}" "${SERVICE_NAME}"
# Add an extra item to the line.
echo "${CONFIG} ${REGISTRY} ${USERNAME} ${PASSWORD} Extra" >> "${CONFIGS_FILE}"
export GANTRY_REGISTRY_CONFIGS_FILE="${CONFIGS_FILE}"
local RETURN_VALUE=
run_gantry "${TEST_NAME}"
RETURN_VALUE="${?}"
rm "${CONFIGS_FILE}"
[ -d "${CONFIG}" ] && rm -r "${CONFIG}"
return "${RETURN_VALUE}"
}
Before "common_setup_new_image ${TEST_NAME} ${IMAGE_WITH_TAG} ${SERVICE_NAME}"
After "common_cleanup ${TEST_NAME} ${IMAGE_WITH_TAG} ${SERVICE_NAME}"
It 'run_gantry'
When call test_login_REGISTRY_CONFIGS_FILE_bad_format_extra "${TEST_NAME}" "${SERVICE_NAME}" "${TEST_REGISTRY}" "${TEST_USERNAME}" "${TEST_PASSWORD}"
The status should be failure
The stdout should satisfy display_output
The stderr should satisfy display_output
The stderr should satisfy spec_expect_message "format error.*A line should contains only \"<CONFIG> <HOST> <USER> <PASSWORD>\".*"
The stderr should satisfy spec_expect_no_message "Logged into registry *${TEST_REGISTRY} for config ${CONFIG}"
The stderr should satisfy spec_expect_message "${SKIP_UPDATING_ALL}.*${SKIP_REASON_PREVIOUS_ERRORS}"
The stderr should satisfy spec_expect_no_message "${SKIP_UPDATING}.*${SERVICE_NAME}"
The stderr should satisfy spec_expect_no_message "${PERFORM_UPDATING}.*${SERVICE_NAME}"
The stderr should satisfy spec_expect_no_message "${NUM_SERVICES_SKIP_JOBS}"
The stderr should satisfy spec_expect_no_message "${NUM_SERVICES_INSPECT_FAILURE}"
The stderr should satisfy spec_expect_no_message "${NUM_SERVICES_NO_NEW_IMAGES}"
The stderr should satisfy spec_expect_no_message "${NUM_SERVICES_UPDATING}"
The stderr should satisfy spec_expect_no_message "${ADDING_OPTIONS}.*--config.*"
The stderr should satisfy spec_expect_no_message "${UPDATED}.*${SERVICE_NAME}"
The stderr should satisfy spec_expect_no_message "${NO_UPDATES}.*${SERVICE_NAME}"
The stderr should satisfy spec_expect_no_message "${ROLLING_BACK}.*${SERVICE_NAME}"
The stderr should satisfy spec_expect_no_message "${FAILED_TO_ROLLBACK}.*${SERVICE_NAME}"
The stderr should satisfy spec_expect_no_message "${ROLLED_BACK}.*${SERVICE_NAME}"
The stderr should satisfy spec_expect_message "${NO_SERVICES_UPDATED}"
The stderr should satisfy spec_expect_no_message "${NUM_SERVICES_UPDATED}"
The stderr should satisfy spec_expect_no_message "${NUM_SERVICES_UPDATE_FAILED}"
The stderr should satisfy spec_expect_no_message "${NUM_SERVICES_ERRORS}"
The stderr should satisfy spec_expect_message "${NO_IMAGES_TO_REMOVE}"
The stderr should satisfy spec_expect_no_message "${REMOVING_NUM_IMAGES}"
The stderr should satisfy spec_expect_no_message "${SKIP_REMOVING_IMAGES}"
The stderr should satisfy spec_expect_no_message "${REMOVED_IMAGE}.*${IMAGE_WITH_TAG}"
The stderr should satisfy spec_expect_no_message "${FAILED_TO_REMOVE_IMAGE}.*${IMAGE_WITH_TAG}"
End
End
Describe "test_login_REGISTRY_CONFIGS_FILE_bad_format_missing" "container_test:false"
TEST_NAME="test_login_REGISTRY_CONFIGS_FILE_bad_format_missing"
IMAGE_WITH_TAG=$(get_image_with_tag)
SERVICE_NAME="gantry-test-$(unique_id)"
test_login_REGISTRY_CONFIGS_FILE_bad_format_missing() {
local TEST_NAME=${1}
local SERVICE_NAME=${2}
local REGISTRY=${3}
local USERNAME=${4}
local PASSWORD=${5}
if [ -z "${REGISTRY}" ] || [ -z "${USERNAME}" ] || [ -z "${PASSWORD}" ]; then
echo "No REGISTRY, USERNAME or PASSWORD provided." >&2
return 1
fi
local LABEL="gantry.auth.config"
CONFIG="C$(unique_id)"
CONFIGS_FILE=$(mktemp)
docker service update --quiet --label-add "${LABEL}=${CONFIG}" "${SERVICE_NAME}"
# Missing an item from the line.
echo "${REGISTRY} ${USERNAME} ${PASSWORD}" >> "${CONFIGS_FILE}"
export GANTRY_REGISTRY_CONFIGS_FILE="${CONFIGS_FILE}"
Expand All @@ -242,11 +183,12 @@ Describe 'Login'
Before "common_setup_new_image ${TEST_NAME} ${IMAGE_WITH_TAG} ${SERVICE_NAME}"
After "common_cleanup ${TEST_NAME} ${IMAGE_WITH_TAG} ${SERVICE_NAME}"
It 'run_gantry'
When call test_login_REGISTRY_CONFIGS_FILE_bad_format_missing "${TEST_NAME}" "${SERVICE_NAME}" "${TEST_REGISTRY}" "${TEST_USERNAME}" "${TEST_PASSWORD}"
When call test_login_REGISTRY_CONFIGS_FILE_bad_format_extra "${TEST_NAME}" "${SERVICE_NAME}" "${TEST_REGISTRY}" "${TEST_USERNAME}" "${TEST_PASSWORD}"
The status should be failure
The stdout should satisfy display_output
The stderr should satisfy display_output
The stderr should satisfy spec_expect_message "format error.*A line should contains only \"<CONFIG> <HOST> <USER> <PASSWORD>\".*"
The stderr should satisfy spec_expect_message "format error.*Found extra item\(s\)"
The stderr should satisfy spec_expect_message "format error.*Missing item\(s\)"
The stderr should satisfy spec_expect_no_message "Logged into registry *${TEST_REGISTRY} for config ${CONFIG}"
The stderr should satisfy spec_expect_message "${SKIP_UPDATING_ALL}.*${SKIP_REASON_PREVIOUS_ERRORS}"
The stderr should satisfy spec_expect_no_message "${SKIP_UPDATING}.*${SERVICE_NAME}"
Expand Down

0 comments on commit dcf6892

Please sign in to comment.