From baf30d8319ef4d0f0cc4cdf0f7c12f03f8a492b6 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Fri, 23 Feb 2024 21:49:50 +0100
Subject: container: T5909: move registry login to op-mode

It does not make sense to perform the "podman login" command when setting up
containers, as images are not automatically pulled in from the registry - due
to issues with the default route during startup.

The same issue manifests in "podman login" where we can not login to a registry
unless there is a default route present.

This commit changes the behavior that the container registry is part of the
configuration, but it is only referenced during "add container image" and thus
never during system boot.
---
 src/op_mode/container.py | 28 ++++++++++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

(limited to 'src/op_mode')

diff --git a/src/op_mode/container.py b/src/op_mode/container.py
index 5a022d0c0..385843b37 100755
--- a/src/op_mode/container.py
+++ b/src/op_mode/container.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2022 VyOS maintainers and contributors
+# Copyright (C) 2022-2024 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -20,6 +20,8 @@ import sys
 from sys import exit
 
 from vyos.utils.process import cmd
+from vyos.utils.process import call
+from vyos.utils.process import rc_cmd
 
 import vyos.opmode
 
@@ -36,12 +38,34 @@ def _get_raw_data(command: str) -> list:
     return data
 
 def add_image(name: str):
-    from vyos.utils.process import rc_cmd
+    """ Pull image from container registry. If registry authentication
+    is defined within VyOS CLI, credentials are used to login befroe pull """
+    from vyos.configquery import ConfigTreeQuery
+
+    conf = ConfigTreeQuery()
+    container = conf.get_config_dict(['container', 'registry'])
+
+    do_logout = False
+    if 'registry' in container:
+        for registry, registry_config in container['registry'].items():
+            if 'disable' in registry_config:
+                continue
+            if 'authentication' in registry_config:
+                do_logout = True
+                if {'username', 'password'} <= set(registry_config['authentication']):
+                    username = registry_config['authentication']['username']
+                    password = registry_config['authentication']['password']
+                    cmd = f'podman login --username {username} --password {password} {registry}'
+                    rc, out = rc_cmd(cmd)
+                    if rc != 0: raise vyos.opmode.InternalError(out)
 
     rc, output = rc_cmd(f'podman image pull {name}')
     if rc != 0:
         raise vyos.opmode.InternalError(output)
 
+    if do_logout:
+        rc_cmd('podman logout --all')
+
 def delete_image(name: str):
     from vyos.utils.process import rc_cmd
 
-- 
cgit v1.2.3