summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-02-09 07:31:40 +0100
committerChristian Breunig <christian@breunig.cc>2023-02-09 07:31:40 +0100
commitf234b602c4b0554456c494451b438d32f3386d69 (patch)
treef6d1cd575a2533ec9e890ed0ad48740a38f9bf88
parent10ab68a018dd137ee9a6350c131f65ec6e12e446 (diff)
downloadvyos-1x-f234b602c4b0554456c494451b438d32f3386d69.tar.gz
vyos-1x-f234b602c4b0554456c494451b438d32f3386d69.zip
Revert "container: T4959: Add container registry authentication config for containers"
This reverts commit b17251334c57c2f6875c19ad4e6c6127aa9e1811.
-rw-r--r--data/templates/container/registries.conf.j27
-rw-r--r--interface-definitions/container.xml.in20
-rw-r--r--op-mode-definitions/container.xml.in2
-rwxr-xr-xsmoketest/scripts/cli/test_container.py23
-rwxr-xr-xsrc/conf_mode/container.py27
-rwxr-xr-xsrc/op_mode/container.py4
6 files changed, 5 insertions, 78 deletions
diff --git a/data/templates/container/registries.conf.j2 b/data/templates/container/registries.conf.j2
index 4dffae838..2e86466a1 100644
--- a/data/templates/container/registries.conf.j2
+++ b/data/templates/container/registries.conf.j2
@@ -22,11 +22,6 @@
# An array of host[:port] registries to try when pulling an unqualified image, in order.
# unqualified-search-registries = ["example.com"]
-{% set registry_value = [] %}
-{% if default_registry is vyos_defined %}
-{% set registry_value = default_registry %}
-{% endif %}
{% if registry is vyos_defined %}
-{% set registry_value = ((registry_value + (registry.keys() | list)) | unique | list) %}
+unqualified-search-registries = {{ registry }}
{% endif %}
-unqualified-search-registries = {{ registry_value | tojson }}
diff --git a/interface-definitions/container.xml.in b/interface-definitions/container.xml.in
index 0d1986a72..b61664125 100644
--- a/interface-definitions/container.xml.in
+++ b/interface-definitions/container.xml.in
@@ -332,27 +332,9 @@
</leafNode>
</children>
</tagNode>
- <tagNode name="registry">
+ <leafNode name="registry">
<properties>
<help>Registry Name</help>
- </properties>
- <children>
- #include <include/generic-disable-node.xml.i>
- <leafNode name="username">
- <properties>
- <help>User name for authentication</help>
- </properties>
- </leafNode>
- <leafNode name="password">
- <properties>
- <help>Password for authentication</help>
- </properties>
- </leafNode>
- </children>
- </tagNode>
- <leafNode name="default-registry">
- <properties>
- <help>Default registry to use alongside registry configuration</help>
<multi/>
</properties>
<defaultValue>docker.io quay.io</defaultValue>
diff --git a/op-mode-definitions/container.xml.in b/op-mode-definitions/container.xml.in
index 5e5873ed8..ada9a4d59 100644
--- a/op-mode-definitions/container.xml.in
+++ b/op-mode-definitions/container.xml.in
@@ -167,7 +167,7 @@
<path>container name</path>
</completionHelp>
</properties>
- <command>if cli-shell-api existsActive container name "$4"; then sudo podman pull --authfile /etc/containers/auth.json $(cli-shell-api returnActiveValue container name "$4" image); else echo "Container $4 does not exist"; fi</command>
+ <command>if cli-shell-api existsActive container name "$4"; then sudo podman pull $(cli-shell-api returnActiveValue container name "$4" image); else echo "Container $4 does not exist"; fi</command>
</tagNode>
</children>
</node>
diff --git a/smoketest/scripts/cli/test_container.py b/smoketest/scripts/cli/test_container.py
index ecf912872..902156ee6 100755
--- a/smoketest/scripts/cli/test_container.py
+++ b/smoketest/scripts/cli/test_container.py
@@ -14,7 +14,6 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-import re
import unittest
import glob
import json
@@ -32,7 +31,6 @@ prefix = '192.168.205.0/24'
net_name = 'NET01'
PROCESS_NAME = 'conmon'
PROCESS_PIDFILE = '/run/vyos-container-{0}.service.pid'
-config_containers_registry = '/etc/containers/registries.conf'
busybox_image_path = '/usr/share/vyos/busybox-stable.tar'
@@ -112,26 +110,5 @@ class TestContainer(VyOSUnitTestSHIM.TestCase):
self.assertEqual(json_subnet, prefix)
self.assertEqual(json_ip, cont_ip)
- def test_03_container_registry(self):
- def extract_rendered_registry(text_to_find):
- registry_pattern = re.compile(r'^unqualified-search-registries = (\[.*\])', re.M)
- return re.findall(registry_pattern, text_to_find)
-
- with open(config_containers_registry, 'r') as f:
- registry_conf_content = f.read()
-
- expected_default_render_registry = json.dumps(['docker.io', 'quay.io'])
- default_rendered_registry = extract_rendered_registry(registry_conf_content)
- self.assertNotEqual(0, len(default_rendered_registry))
- self.assertEqual(expected_default_render_registry, default_rendered_registry[-1])
-
- self.cli_set(base_path + ['registry', 'docker.io'])
- self.cli_set(base_path + ['registry', 'example.com'])
- self.cli_commit()
- expected_render_registry = json.dumps(['docker.io', 'quay.io', 'example.com'])
- rendered_registry = extract_rendered_registry(registry_conf_content)
- self.assertNotEqual(0, len(rendered_registry))
- self.assertEqual(expected_render_registry, rendered_registry[-1])
-
if __name__ == '__main__':
unittest.main(verbosity=2)
diff --git a/src/conf_mode/container.py b/src/conf_mode/container.py
index 8d2e1afec..08861053d 100755
--- a/src/conf_mode/container.py
+++ b/src/conf_mode/container.py
@@ -18,8 +18,8 @@ import os
from ipaddress import ip_address
from ipaddress import ip_network
+from time import sleep
from json import dumps as json_write
-from json import dump as json_write_file
from vyos.base import Warning
from vyos.config import Config
@@ -28,7 +28,6 @@ from vyos.configdict import node_changed
from vyos.util import call
from vyos.util import cmd
from vyos.util import run
-from vyos.util import rc_cmd
from vyos.util import write_file
from vyos.template import inc_ip
from vyos.template import is_ipv4
@@ -41,7 +40,6 @@ airbag.enable()
config_containers_registry = '/etc/containers/registries.conf'
config_containers_storage = '/etc/containers/storage.conf'
-config_containers_auth = '/etc/containers/auth.json'
systemd_unit_path = '/run/systemd/system'
def _cmd(command):
@@ -220,10 +218,6 @@ def verify(container):
if v6_prefix > 1:
raise ConfigError(f'Only one IPv6 prefix can be defined for network "{network}"!')
- if 'registry' in container:
- for registry, registry_config in container['registry'].items():
- if ('username' in registry_config) != ('password' in registry_config):
- raise ConfigError(f'Must either not defined username and password, or defined both for registry {registry}')
# A network attached to a container can not be deleted
if {'network_remove', 'name'} <= set(container):
@@ -306,12 +300,6 @@ def generate(container):
os.unlink(config_containers_storage)
return None
- # no matter we configure container registry or not, auth file is needed
- if os.path.exists(config_containers_auth):
- os.unlink(config_containers_auth)
- with open(config_containers_auth, "w") as f:
- json_write_file({}, f)
-
if 'network' in container:
for network, network_config in container['network'].items():
tmp = {
@@ -343,19 +331,6 @@ def generate(container):
write_file(f'/etc/cni/net.d/{network}.conflist', json_write(tmp, indent=2))
- if 'registry' in container:
- for registry, registry_config in container['registry'].items():
- if 'disable' in registry_config:
- continue
-
- if 'username' in registry_config and 'password' in registry_config:
- login_username = registry_config['username']
- login_password = registry_config['password']
- cmd = f'podman login --authfile {config_containers_auth} --username {login_username} --password {login_password} {registry}'
- rc, out = rc_cmd(cmd)
- if rc != 0:
- raise ConfigError(out)
-
render(config_containers_registry, 'container/registries.conf.j2', container)
render(config_containers_storage, 'container/storage.conf.j2', container)
diff --git a/src/op_mode/container.py b/src/op_mode/container.py
index e7f4b0813..d48766a0c 100755
--- a/src/op_mode/container.py
+++ b/src/op_mode/container.py
@@ -23,8 +23,6 @@ from vyos.util import cmd
import vyos.opmode
-config_containers_auth = '/etc/containers/auth.json'
-
def _get_json_data(command: str) -> list:
"""
Get container command format JSON
@@ -40,7 +38,7 @@ def _get_raw_data(command: str) -> list:
def add_image(name: str):
from vyos.util import rc_cmd
- rc, output = rc_cmd(f'podman image pull --authfile {config_containers_auth} {name}')
+ rc, output = rc_cmd(f'podman image pull {name}')
if rc != 0:
raise vyos.opmode.InternalError(output)