Merge pull request #3045 from vyos/mergify/bp/sagitta/pr-3044

container: T5909: move registry login to op-mode (backport #3044)
author: Christian Breunig <christian@breunig.cc> 2024-02-24 10:03:50 +0100
committer: GitHub <noreply@github.com> 2024-02-24 10:03:50 +0100
commit: 88911dbdf78ea1d82dde08eff19f9f3eed7448dd (patch)
tree: 49ce298230be3dfb53449cb65037b78ded92329a
parent: 9086748f7a3f83482f5c39ca2d611ec22b329296 (diff)
parent: fcebadea51c1df88553e608a0866a6f2a1dcaa2b (diff)
download: vyos-1x-88911dbdf78ea1d82dde08eff19f9f3eed7448dd.tar.gz
vyos-1x-88911dbdf78ea1d82dde08eff19f9f3eed7448dd.zip
2 files changed, 28 insertions, 23 deletions
diff --git a/src/conf_mode/container.py b/src/conf_mode/container.py
index 321d00abf..e967bee71 100755
--- a/src/conf_mode/container.py
+++ b/src/conf_mode/container.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2021-2023 VyOS maintainers and contributors
+# Copyright (C) 2021-2024 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -32,7 +32,6 @@ from vyos.utils.file import write_file
 from vyos.utils.process import call
 from vyos.utils.process import cmd
 from vyos.utils.process import run
-from vyos.utils.process import rc_cmd
 from vyos.template import bracketize_ipv6
 from vyos.template import inc_ip
 from vyos.template import is_ipv4
@@ -251,7 +250,7 @@ def verify(container):
             if 'authentication' not in registry_config:
                 continue
             if not {'username', 'password'} <= set(registry_config['authentication']):
-                raise ConfigError('If registry username or or password is defined, so must be the other!')
+                raise ConfigError('Container registry requires both username and password to be set!')
 
     return None
 
@@ -401,24 +400,6 @@ def generate(container):
 
             write_file(f'/etc/containers/networks/{network}.json', json_write(tmp, indent=2))
 
-    if 'registry' in container:
-        cmd = f'podman logout --all'
-        rc, out = rc_cmd(cmd)
-        if rc != 0:
-            raise ConfigError(out)
-
-        for registry, registry_config in container['registry'].items():
-            if 'disable' in registry_config:
-                continue
-            if 'authentication' in registry_config:
-                if {'username', 'password'} <= set(registry_config['authentication']):
-                    username = registry_config['authentication']['username']
-                    password = registry_config['authentication']['password']
-                    cmd = f'podman login --username {username} --password {password} {registry}'
-                    rc, out = rc_cmd(cmd)
-                    if rc != 0:
-                        raise ConfigError(out)
-
     render(config_containers, 'container/containers.conf.j2', container)
     render(config_registry, 'container/registries.conf.j2', container)
     render(config_storage, 'container/storage.conf.j2', container)
diff --git a/src/op_mode/container.py b/src/op_mode/container.py
index 5a022d0c0..385843b37 100755
--- a/src/op_mode/container.py
+++ b/src/op_mode/container.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2022 VyOS maintainers and contributors
+# Copyright (C) 2022-2024 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -20,6 +20,8 @@ import sys
 from sys import exit
 
 from vyos.utils.process import cmd
+from vyos.utils.process import call
+from vyos.utils.process import rc_cmd
 
 import vyos.opmode
 
@@ -36,12 +38,34 @@ def _get_raw_data(command: str) -> list:
     return data
 
 def add_image(name: str):
-    from vyos.utils.process import rc_cmd
+    """ Pull image from container registry. If registry authentication
+    is defined within VyOS CLI, credentials are used to login befroe pull """
+    from vyos.configquery import ConfigTreeQuery
+
+    conf = ConfigTreeQuery()
+    container = conf.get_config_dict(['container', 'registry'])
+
+    do_logout = False
+    if 'registry' in container:
+        for registry, registry_config in container['registry'].items():
+            if 'disable' in registry_config:
+                continue
+            if 'authentication' in registry_config:
+                do_logout = True
+                if {'username', 'password'} <= set(registry_config['authentication']):
+                    username = registry_config['authentication']['username']
+                    password = registry_config['authentication']['password']
+                    cmd = f'podman login --username {username} --password {password} {registry}'
+                    rc, out = rc_cmd(cmd)
+                    if rc != 0: raise vyos.opmode.InternalError(out)
 
     rc, output = rc_cmd(f'podman image pull {name}')
     if rc != 0:
         raise vyos.opmode.InternalError(output)
 
+    if do_logout:
+        rc_cmd('podman logout --all')
+
 def delete_image(name: str):
     from vyos.utils.process import rc_cmd
author	Christian Breunig <christian@breunig.cc>	2024-02-24 10:03:50 +0100
committer	GitHub <noreply@github.com>	2024-02-24 10:03:50 +0100
commit	88911dbdf78ea1d82dde08eff19f9f3eed7448dd (patch)
tree	49ce298230be3dfb53449cb65037b78ded92329a
parent	9086748f7a3f83482f5c39ca2d611ec22b329296 (diff)
parent	fcebadea51c1df88553e608a0866a6f2a1dcaa2b (diff)
download	vyos-1x-88911dbdf78ea1d82dde08eff19f9f3eed7448dd.tar.gz vyos-1x-88911dbdf78ea1d82dde08eff19f9f3eed7448dd.zip