You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@mesos.apache.org by Gilbert Song <so...@gmail.com> on 2017/01/03 22:39:22 UTC
Re: Review Request 54537: Support 'Basic' auth docker registry on
Unified Containerizer.
> On Dec. 16, 2016, 11:49 a.m., Jie Yu wrote:
> > src/uri/fetchers/docker.cpp, lines 809-829
> > <https://reviews.apache.org/r/54537/diff/2/?file=1586506#file1586506line809>
> >
> > Let's add a Header abstraction in process::http and move the parsing logic there:
> >
> > ```
> > namespace http {
> >
> > namespace header {
> >
> > // https://tools.ietf.org/html/rfc2617.
> > class WWWAuthenticate
> > {
> > public:
> > constexpr char NAME[] = "WWW-Authenticate";
> >
> > static Try<WWWAuthenticate> create(const string& value);
> >
> > string scheme();
> > vector<string> challenges();
> > };
> >
> > }
> >
> > class Headers
> > {
> > typedef hashmap<
> > string,
> > string,
> > CaseInsensitiveHash,
> > CaseInsensitiveEqual> Type;
> >
> > template <typename T>
> > Result<T> get()
> > {
> > Option<string> value = get(T::NAME);
> > if (value.isNone()) {
> > return None();
> > }
> > Try<T> header = T::create(value.get());
> > if (header.isError()) {
> > return Error(header.error());
> > }
> > return header.get();
> > }
> >
> > Try<header::WWWAuthenticate> header =
> > header::WWWAuthenticate::create(value.get());
> > ...
> > }
> >
> > Option<string> get(const string& key);
> >
> > string& operator[] (const string& key);
> >
> > typename Type::iterator begin();
> > typename Type::iterator end();
> > typename Type::const_iterator begin() const;
> > typename Type::const_iterator end() const;
> >
> > Type values;
> > };
> > }
> > ```
Let me detach the patch from the chain. And use another chain for `basic auth`.
- Gilbert
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/54537/#review159483
-----------------------------------------------------------
On Dec. 15, 2016, 9:55 a.m., Gilbert Song wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/54537/
> -----------------------------------------------------------
>
> (Updated Dec. 15, 2016, 9:55 a.m.)
>
>
> Review request for mesos, Artem Harutyunyan, Jie Yu, Shuai Lin, and Timothy Chen.
>
>
> Bugs: MESOS-6758
> https://issues.apache.org/jira/browse/MESOS-6758
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This patch implements the support for 'Basic' docker registry
> authorization. It is tested by a local authenticated private
> registry using 'localhost:443/alpine' docker image.
> Please note that the AWS ECS uses Basic authorization but it
> does not work yet due to the redirect issue MESOS-5172.
>
>
> Diffs
> -----
>
> src/uri/fetchers/docker.cpp 3f38dddfb4c089322fe4e13b1ef2070b4835885c
>
> Diff: https://reviews.apache.org/r/54537/diff/
>
>
> Testing
> -------
>
> make check
>
> Tested with local authenticated registry. Please follow the steps below:
>
> 1. Start a local private registry and push an image to it.
> ```
> docker run -d -p 443:5000 --restart=always --name registry \
> -v `pwd`/auth:/auth \
> -e "REGISTRY_AUTH=htpasswd" \
> -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
> -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
> -v `pwd`/certs:/certs \
> -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/localhost.crt \
> -e REGISTRY_HTTP_TLS_KEY=/certs/localhost.key \
> registry:2
> ```
> (*Note: need to generate TLS certificate file and key first)
>
> Then, push an image to the registry.
> ```
> docker push localhost:443/alpine
> ```
>
> 2. Use `mesos-execute` to test the `localhost:443/alpine` image.
> (*Note: need to configure the curl using the curl's default RC file), e.g., in `~/.curlrc` file:
> cacert = "/path/to/cacert.pem"
>
>
> Thanks,
>
> Gilbert Song
>
>