moby-derp 0.6.0 → 0.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 513a47c0b56a264731bf12050cbc651c7799c4ec60955c06e8cff46377328825
-  data.tar.gz: 01d2f26f2fa6300cdddf599b9f544616d1781c4a53879ec009bec1d4dd340b9d
+  metadata.gz: 0c2890cb17a2175bed1a51fce4f28ac8e898555b62c28f626ff7d87bd26b21ec
+  data.tar.gz: c49fe1673ac2380e964c7b37b5605c18a52b6f0ec095e6ffba8c345afcf179c6
 SHA512:
-  metadata.gz: 307556e56b26e97437df00b9db1277f254554ba88af5a22d9b786de2daba8a30d91f5c932c3b28f4cebb972175958c7c1be81d3cd8ad718a23638d8f696aaa12
-  data.tar.gz: eb0c7f7f7514dbb93911cc65037a129aadfc1888454529071f2811e606dd3291dc57e5f2ced377df3896bbaccbac22c163bd5fad4e90cc0435304bb32b65ef6a
+  metadata.gz: c2d2cae1b30c7c75a021adfb5c40b5cf1a658828383236e0852fec61c79e5ddf4ff50bdecff8fa1319b3afc35624c03d79410a2505385ffc9ebaefb4121f25ea
+  data.tar.gz: f51fce566d449b97f8a938722f58484668d1e3b220e95f53aee4788ef9f72d2f2f54073cbb55770546e92304e42d36006e1ce67b524da36f81cea6cde9482aa6

data/lib/moby_derp/container.rb

@@ -5,6 +5,8 @@ require "docker-api"
 require "ipaddr"
 require "json/canonicalization"
 
+require_relative "./freedom_patches/docker/credential"
+
 module MobyDerp
 	class Container
 		include LoggingHelpers

data/lib/moby_derp/container_config.rb

@@ -1,4 +1,4 @@
-require_relative "../freedom_patches/docker/image"
+require_relative "./freedom_patches/docker/image"
 require_relative "./error"
 require_relative "./mount"
 

data/lib/moby_derp/freedom_patches/docker/credential.rb

@@ -0,0 +1,91 @@
+require "json"
+require "open3"
+require "pathname"
+require "uri"
+
+module Docker
+	module Credential
+		#:nocov:
+		def self.for(ref)
+			image_cred(ref)
+		end
+
+		private
+
+		def self.image_cred(ref)
+			cred_helper = hunt_for_image_domain_cred(ref, docker_config.fetch("credHelpers", {}))
+
+			if cred_helper
+				out, rv = Open3.capture2e("docker-credential-#{cred_helper}", "get", stdin_data: image_domain(ref))
+
+				if rv.exitstatus == 0
+					cred_data = JSON.parse(out)
+
+					{ username: cred_data["Username"], password: cred_data["Secret"], serveraddress: image_domain(ref) }
+				else
+					raise RuntimeError, "Credential helper docker-credential-#{cred_helper} exited with #{rv.exitstatus}: #{out}"
+				end
+			else
+				cred = hunt_for_image_domain_cred(ref, docker_config.fetch("auths", {}))
+
+				if cred
+					user, pass = JSON.parse(cred.fetch("auth", "null"))&.unpack("m")&.first&.split(":", 2)
+
+					if user && pass
+						{ username: user, password: pass, serveraddress: image_domain(ref) }
+					else
+						{}
+					end
+				else
+					{}
+				end
+			end
+		end
+
+		def self.hunt_for_image_domain_cred(ref, section)
+			section.find do |k, v|
+				if k =~ /:\/\//
+					# Doin' it URL style
+					URI(k).host == image_domain(ref)
+				else
+					k == image_domain(ref)
+				end
+			end&.last
+		end
+
+		def self.image_domain(ref)
+			if match_data = ref.match(Docker::Image::IMAGE_REFERENCE)
+				if match_data[1] =~ /[.:]/
+					match_data[1].gsub(/\/\z/, '')
+				else
+					"index.docker.io"
+				end
+			else
+				raise ArgumentError, "Could not parse image ref #{ref.inspect}"
+			end
+		end
+
+		def self.docker_config
+			if (f = Pathname.new(ENV.fetch("DOCKER_CONFIG", "~/.docker")).expand_path.join("config.json")).exist?
+				JSON.parse(f.read)
+			else
+				{}
+			end
+		end
+
+		module ImageClassMixin
+			def create(opts = {}, creds = nil, conn = Docker.connection, &block)
+				if creds.nil?
+					image = opts["fromImage"] || opts[:fromImage]
+
+					creds = Docker::Credential.for(image)
+				end
+
+				super(opts, creds, conn, &block)
+			end
+		end
+		#:nocov:
+	end
+end
+
+Docker::Image.singleton_class.prepend(Docker::Credential::ImageClassMixin)

data/lib/moby_derp/pod.rb

@@ -18,6 +18,20 @@ module MobyDerp
 
 			@logger.debug(logloc) { "Root container ID is #{@root_container_id}" }
 
+			desired_container_names = @config.containers.map(&:name)
+
+			Docker::Container.all(all: true).each do |c|
+				c_name = c.info["Names"].first.sub(/^\//, '')
+
+				if c.info["Labels"]["org.hezmatt.moby-derp.pod-name"] == name &&
+						!c.info["Labels"]["org.hezmatt.moby-derp.root-container-id"].nil? &&
+						!desired_container_names.include?(c_name.split(".", 2).last)
+					@logger.info(logloc) { "Removing stale container #{c_name}" }
+					c.stop
+					c.delete
+				end
+			end
+
 			@config.containers.each do |cfg|
 				@logger.info(logloc) { "Checking container #{cfg.name}" }
 

data/lib/moby_derp/pod_config.rb

@@ -115,6 +115,11 @@ module MobyDerp
 					raise ConfigurationError,
 						"container name #{name.inspect} is invalid (must contain only alphanumerics, underscores, and hyphens)"
 				end
+
+				unless data.is_a?(Hash)
+					raise ConfigurationError,
+					      "container data must be a hash"
+				end
 			end
 
 			begin

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: moby-derp
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.7.0
 platform: ruby
 authors:
 - Matt Palmer
@@ -194,11 +194,12 @@ files:
 - README.md
 - bin/moby-derp
 - example.yml
-- lib/freedom_patches/docker/image.rb
 - lib/moby_derp/config_file.rb
 - lib/moby_derp/container.rb
 - lib/moby_derp/container_config.rb
 - lib/moby_derp/error.rb
+- lib/moby_derp/freedom_patches/docker/credential.rb
+- lib/moby_derp/freedom_patches/docker/image.rb
 - lib/moby_derp/logging_helpers.rb
 - lib/moby_derp/mount.rb
 - lib/moby_derp/pod.rb