diff options
author | Christian Breunig <christian@breunig.cc> | 2023-02-09 07:31:40 +0100 |
---|---|---|
committer | Christian Breunig <christian@breunig.cc> | 2023-02-09 07:31:40 +0100 |
commit | f234b602c4b0554456c494451b438d32f3386d69 (patch) | |
tree | f6d1cd575a2533ec9e890ed0ad48740a38f9bf88 | |
parent | 10ab68a018dd137ee9a6350c131f65ec6e12e446 (diff) | |
download | vyos-1x-f234b602c4b0554456c494451b438d32f3386d69.tar.gz vyos-1x-f234b602c4b0554456c494451b438d32f3386d69.zip |
Revert "container: T4959: Add container registry authentication config for containers"
This reverts commit b17251334c57c2f6875c19ad4e6c6127aa9e1811.
-rw-r--r-- | data/templates/container/registries.conf.j2 | 7 | ||||
-rw-r--r-- | interface-definitions/container.xml.in | 20 | ||||
-rw-r--r-- | op-mode-definitions/container.xml.in | 2 | ||||
-rwxr-xr-x | smoketest/scripts/cli/test_container.py | 23 | ||||
-rwxr-xr-x | src/conf_mode/container.py | 27 | ||||
-rwxr-xr-x | src/op_mode/container.py | 4 |
6 files changed, 5 insertions, 78 deletions
diff --git a/data/templates/container/registries.conf.j2 b/data/templates/container/registries.conf.j2 index 4dffae838..2e86466a1 100644 --- a/data/templates/container/registries.conf.j2 +++ b/data/templates/container/registries.conf.j2 @@ -22,11 +22,6 @@ # An array of host[:port] registries to try when pulling an unqualified image, in order. # unqualified-search-registries = ["example.com"] -{% set registry_value = [] %} -{% if default_registry is vyos_defined %} -{% set registry_value = default_registry %} -{% endif %} {% if registry is vyos_defined %} -{% set registry_value = ((registry_value + (registry.keys() | list)) | unique | list) %} +unqualified-search-registries = {{ registry }} {% endif %} -unqualified-search-registries = {{ registry_value | tojson }} diff --git a/interface-definitions/container.xml.in b/interface-definitions/container.xml.in index 0d1986a72..b61664125 100644 --- a/interface-definitions/container.xml.in +++ b/interface-definitions/container.xml.in @@ -332,27 +332,9 @@ </leafNode> </children> </tagNode> - <tagNode name="registry"> + <leafNode name="registry"> <properties> <help>Registry Name</help> - </properties> - <children> - #include <include/generic-disable-node.xml.i> - <leafNode name="username"> - <properties> - <help>User name for authentication</help> - </properties> - </leafNode> - <leafNode name="password"> - <properties> - <help>Password for authentication</help> - </properties> - </leafNode> - </children> - </tagNode> - <leafNode name="default-registry"> - <properties> - <help>Default registry to use alongside registry configuration</help> <multi/> </properties> <defaultValue>docker.io quay.io</defaultValue> diff --git a/op-mode-definitions/container.xml.in b/op-mode-definitions/container.xml.in index 5e5873ed8..ada9a4d59 100644 --- a/op-mode-definitions/container.xml.in +++ b/op-mode-definitions/container.xml.in @@ -167,7 +167,7 @@ <path>container name</path> </completionHelp> </properties> - <command>if cli-shell-api existsActive container name "$4"; then sudo podman pull --authfile /etc/containers/auth.json $(cli-shell-api returnActiveValue container name "$4" image); else echo "Container $4 does not exist"; fi</command> + <command>if cli-shell-api existsActive container name "$4"; then sudo podman pull $(cli-shell-api returnActiveValue container name "$4" image); else echo "Container $4 does not exist"; fi</command> </tagNode> </children> </node> diff --git a/smoketest/scripts/cli/test_container.py b/smoketest/scripts/cli/test_container.py index ecf912872..902156ee6 100755 --- a/smoketest/scripts/cli/test_container.py +++ b/smoketest/scripts/cli/test_container.py @@ -14,7 +14,6 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -import re import unittest import glob import json @@ -32,7 +31,6 @@ prefix = '192.168.205.0/24' net_name = 'NET01' PROCESS_NAME = 'conmon' PROCESS_PIDFILE = '/run/vyos-container-{0}.service.pid' -config_containers_registry = '/etc/containers/registries.conf' busybox_image_path = '/usr/share/vyos/busybox-stable.tar' @@ -112,26 +110,5 @@ class TestContainer(VyOSUnitTestSHIM.TestCase): self.assertEqual(json_subnet, prefix) self.assertEqual(json_ip, cont_ip) - def test_03_container_registry(self): - def extract_rendered_registry(text_to_find): - registry_pattern = re.compile(r'^unqualified-search-registries = (\[.*\])', re.M) - return re.findall(registry_pattern, text_to_find) - - with open(config_containers_registry, 'r') as f: - registry_conf_content = f.read() - - expected_default_render_registry = json.dumps(['docker.io', 'quay.io']) - default_rendered_registry = extract_rendered_registry(registry_conf_content) - self.assertNotEqual(0, len(default_rendered_registry)) - self.assertEqual(expected_default_render_registry, default_rendered_registry[-1]) - - self.cli_set(base_path + ['registry', 'docker.io']) - self.cli_set(base_path + ['registry', 'example.com']) - self.cli_commit() - expected_render_registry = json.dumps(['docker.io', 'quay.io', 'example.com']) - rendered_registry = extract_rendered_registry(registry_conf_content) - self.assertNotEqual(0, len(rendered_registry)) - self.assertEqual(expected_render_registry, rendered_registry[-1]) - if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/src/conf_mode/container.py b/src/conf_mode/container.py index 8d2e1afec..08861053d 100755 --- a/src/conf_mode/container.py +++ b/src/conf_mode/container.py @@ -18,8 +18,8 @@ import os from ipaddress import ip_address from ipaddress import ip_network +from time import sleep from json import dumps as json_write -from json import dump as json_write_file from vyos.base import Warning from vyos.config import Config @@ -28,7 +28,6 @@ from vyos.configdict import node_changed from vyos.util import call from vyos.util import cmd from vyos.util import run -from vyos.util import rc_cmd from vyos.util import write_file from vyos.template import inc_ip from vyos.template import is_ipv4 @@ -41,7 +40,6 @@ airbag.enable() config_containers_registry = '/etc/containers/registries.conf' config_containers_storage = '/etc/containers/storage.conf' -config_containers_auth = '/etc/containers/auth.json' systemd_unit_path = '/run/systemd/system' def _cmd(command): @@ -220,10 +218,6 @@ def verify(container): if v6_prefix > 1: raise ConfigError(f'Only one IPv6 prefix can be defined for network "{network}"!') - if 'registry' in container: - for registry, registry_config in container['registry'].items(): - if ('username' in registry_config) != ('password' in registry_config): - raise ConfigError(f'Must either not defined username and password, or defined both for registry {registry}') # A network attached to a container can not be deleted if {'network_remove', 'name'} <= set(container): @@ -306,12 +300,6 @@ def generate(container): os.unlink(config_containers_storage) return None - # no matter we configure container registry or not, auth file is needed - if os.path.exists(config_containers_auth): - os.unlink(config_containers_auth) - with open(config_containers_auth, "w") as f: - json_write_file({}, f) - if 'network' in container: for network, network_config in container['network'].items(): tmp = { @@ -343,19 +331,6 @@ def generate(container): write_file(f'/etc/cni/net.d/{network}.conflist', json_write(tmp, indent=2)) - if 'registry' in container: - for registry, registry_config in container['registry'].items(): - if 'disable' in registry_config: - continue - - if 'username' in registry_config and 'password' in registry_config: - login_username = registry_config['username'] - login_password = registry_config['password'] - cmd = f'podman login --authfile {config_containers_auth} --username {login_username} --password {login_password} {registry}' - rc, out = rc_cmd(cmd) - if rc != 0: - raise ConfigError(out) - render(config_containers_registry, 'container/registries.conf.j2', container) render(config_containers_storage, 'container/storage.conf.j2', container) diff --git a/src/op_mode/container.py b/src/op_mode/container.py index e7f4b0813..d48766a0c 100755 --- a/src/op_mode/container.py +++ b/src/op_mode/container.py @@ -23,8 +23,6 @@ from vyos.util import cmd import vyos.opmode -config_containers_auth = '/etc/containers/auth.json' - def _get_json_data(command: str) -> list: """ Get container command format JSON @@ -40,7 +38,7 @@ def _get_raw_data(command: str) -> list: def add_image(name: str): from vyos.util import rc_cmd - rc, output = rc_cmd(f'podman image pull --authfile {config_containers_auth} {name}') + rc, output = rc_cmd(f'podman image pull {name}') if rc != 0: raise vyos.opmode.InternalError(output) |