YARN-8329. Docker client configuration can still be set incorrectly. Contributed by Shane Kumpf

This commit is contained in:
Jason Lowe 2018-05-29 14:43:17 -05:00
parent e3236a9680
commit 4827e9a908
3 changed files with 19 additions and 15 deletions

View File

@ -154,14 +154,15 @@ public static Credentials getCredentialsFromTokensByteBuffer(
* @param outConfigFile the File to write the Docker client configuration to. * @param outConfigFile the File to write the Docker client configuration to.
* @param credentials the populated Credentials object. * @param credentials the populated Credentials object.
* @throws IOException if the write fails. * @throws IOException if the write fails.
* @return true if a Docker credential is found in the supplied credentials.
*/ */
public static void writeDockerCredentialsToPath(File outConfigFile, public static boolean writeDockerCredentialsToPath(File outConfigFile,
Credentials credentials) throws IOException { Credentials credentials) throws IOException {
boolean foundDockerCred = false;
if (credentials.numberOfTokens() > 0) {
ObjectMapper mapper = new ObjectMapper(); ObjectMapper mapper = new ObjectMapper();
ObjectNode rootNode = mapper.createObjectNode(); ObjectNode rootNode = mapper.createObjectNode();
ObjectNode registryUrlNode = mapper.createObjectNode(); ObjectNode registryUrlNode = mapper.createObjectNode();
boolean foundDockerCred = false;
if (credentials.numberOfTokens() > 0) {
for (Token<? extends TokenIdentifier> tk : credentials.getAllTokens()) { for (Token<? extends TokenIdentifier> tk : credentials.getAllTokens()) {
if (tk.getKind().equals(DockerCredentialTokenIdentifier.KIND)) { if (tk.getKind().equals(DockerCredentialTokenIdentifier.KIND)) {
foundDockerCred = true; foundDockerCred = true;
@ -176,12 +177,14 @@ public static void writeDockerCredentialsToPath(File outConfigFile,
} }
} }
} }
}
if (foundDockerCred) { if (foundDockerCred) {
rootNode.put(CONFIG_AUTHS_KEY, registryUrlNode); rootNode.put(CONFIG_AUTHS_KEY, registryUrlNode);
String json = String json = mapper.writerWithDefaultPrettyPrinter()
mapper.writerWithDefaultPrettyPrinter().writeValueAsString(rootNode); .writeValueAsString(rootNode);
FileUtils.writeStringToFile(outConfigFile, json, StandardCharsets.UTF_8); FileUtils.writeStringToFile(
outConfigFile, json, StandardCharsets.UTF_8);
} }
} }
return foundDockerCred;
}
} }

View File

@ -116,8 +116,8 @@ public void testWriteDockerCredentialsToPath() throws Exception {
Credentials credentials = Credentials credentials =
DockerClientConfigHandler.readCredentialsFromConfigFile( DockerClientConfigHandler.readCredentialsFromConfigFile(
new Path(file.toURI()), conf, APPLICATION_ID); new Path(file.toURI()), conf, APPLICATION_ID);
DockerClientConfigHandler.writeDockerCredentialsToPath(outFile, assertTrue(DockerClientConfigHandler.writeDockerCredentialsToPath(outFile,
credentials); credentials));
assertTrue(outFile.exists()); assertTrue(outFile.exists());
String fileContents = FileUtils.readFileToString(outFile); String fileContents = FileUtils.readFileToString(outFile);
assertTrue(fileContents.contains("auths")); assertTrue(fileContents.contains("auths"));

View File

@ -1299,14 +1299,15 @@ private void addDockerClientConfigToRunCommand(ContainerRuntimeContext ctx,
.getParent(); .getParent();
File dockerConfigPath = new File(nmPrivateDir + "/config.json"); File dockerConfigPath = new File(nmPrivateDir + "/config.json");
try { try {
DockerClientConfigHandler if (DockerClientConfigHandler
.writeDockerCredentialsToPath(dockerConfigPath, credentials); .writeDockerCredentialsToPath(dockerConfigPath, credentials)) {
dockerRunCommand.setClientConfigDir(dockerConfigPath.getParent());
}
} catch (IOException e) { } catch (IOException e) {
throw new ContainerExecutionException( throw new ContainerExecutionException(
"Unable to write Docker client credentials to " "Unable to write Docker client credentials to "
+ dockerConfigPath); + dockerConfigPath);
} }
dockerRunCommand.setClientConfigDir(dockerConfigPath.getParent());
} }
} }
} }