graph-builder/registry: switch to using dkregistry with authenticated…

… calls Switch to using dkregistry for all registry requests which supports asynchronous authenticated calls towards image registries. This commit also adds the parameter `--credentials-file` which takes a path to a JSON file as produced by `docker login`[1]. [1]: https://docs.docker.com/engine/reference/commandline/login/
openshift · Nov 16, 2018 · b074a25 · b074a25
1 parent d4524d5
commit b074a25
Show file tree

Hide file tree

Showing 5 changed files with 282 additions and 86 deletions.
diff --git a/graph-builder/src/config.rs b/graph-builder/src/config.rs
@@ -14,6 +14,7 @@
 
 use std::net::IpAddr;
 use std::num::ParseIntError;
+use std::path::PathBuf;
 use std::str::FromStr;
 use std::time::Duration;
 
@@ -46,6 +47,10 @@ pub struct Options {
     /// Port to which the server will bind
     #[structopt(long = "port", default_value = "8080")]
     pub port: u16,
+
+    /// Credentials file for authentication against the image registry
+    #[structopt(long = "credentials-file", parse(from_os_str))]
+    pub credentials_path: Option<PathBuf>,
 }
 
 fn parse_duration(src: &str) -> Result<Duration, ParseIntError> {

diff --git a/graph-builder/src/graph.rs b/graph-builder/src/graph.rs
@@ -12,6 +12,8 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+extern crate dkregistry;
+
 use actix_web::http::header::{self, HeaderValue};
 use actix_web::{HttpMessage, HttpRequest, HttpResponse};
 use cincinnati::{AbstractRelease, Graph, Release, CONTENT_TYPE};
@@ -51,9 +53,18 @@ impl State {
 }
 
 pub fn run(opts: &config::Options, state: &State) -> ! {
+    // Read the credentials outside the loop to avoid re-reading the file
+    let (username, password) =
+        registry::read_credentials(opts.credentials_path.as_ref(), &opts.registry)
+            .expect("could not read credentials");
+
     loop {
         debug!("Updating graph...");
-        match create_graph(&opts) {
+        match create_graph(
+            &opts,
+            username.as_ref().map(String::as_ref),
+            password.as_ref().map(String::as_ref),
+        ) {
             Ok(graph) => match serde_json::to_string(&graph) {
                 Ok(json) => *state.json.write().expect("json lock has been poisoned") = json,
                 Err(err) => error!("Failed to serialize graph: {}", err),
@@ -64,10 +75,14 @@ pub fn run(opts: &config::Options, state: &State) -> ! {
     }
 }
 
-fn create_graph(opts: &config::Options) -> Result<Graph, Error> {
+fn create_graph(
+    opts: &config::Options,
+    username: Option<&str>,
+    password: Option<&str>,
+) -> Result<Graph, Error> {
     let mut graph = Graph::default();
 
-    registry::fetch_releases(&opts.registry, &opts.repository)
+    registry::fetch_releases(&opts.registry, &opts.repository, username, password)
         .context("failed to fetch all release metadata")?
         .into_iter()
         .try_for_each(|release| {

diff --git a/graph-builder/src/main.rs b/graph-builder/src/main.rs
@@ -14,6 +14,7 @@
 
 extern crate actix_web;
 extern crate cincinnati;
+extern crate dkregistry;
 extern crate env_logger;
 extern crate itertools;
 #[macro_use]