mirror of
https://github.com/kreuzwerker/terraform-provider-docker.git
synced 2025-12-24 08:39:59 -05:00
5df0c5a7f2
* Reused code from docker CLI to parse docker config file * Resolve credential managers and retrieve credentials. * Discarded any custom code that the provider had, which duplicated docker CLI functionality. Closes #252 Signed-off-by: Sergei Ivanov <sergei_ivanov@mail.ru>
268 lines
8.8 KiB
Go
268 lines
8.8 KiB
Go
package docker
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"io"
|
|
"log"
|
|
"os"
|
|
"os/user"
|
|
"strings"
|
|
|
|
"github.com/docker/cli/cli/config/configfile"
|
|
"github.com/docker/docker/api/types"
|
|
|
|
"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
|
|
"github.com/hashicorp/terraform-plugin-sdk/terraform"
|
|
)
|
|
|
|
// Provider creates the Docker provider
|
|
func Provider() terraform.ResourceProvider {
|
|
return &schema.Provider{
|
|
Schema: map[string]*schema.Schema{
|
|
"host": {
|
|
Type: schema.TypeString,
|
|
Required: true,
|
|
DefaultFunc: schema.EnvDefaultFunc("DOCKER_HOST", "unix:///var/run/docker.sock"),
|
|
Description: "The Docker daemon address",
|
|
},
|
|
|
|
"ca_material": {
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
DefaultFunc: schema.EnvDefaultFunc("DOCKER_CA_MATERIAL", ""),
|
|
Description: "PEM-encoded content of Docker host CA certificate",
|
|
},
|
|
"cert_material": {
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
DefaultFunc: schema.EnvDefaultFunc("DOCKER_CERT_MATERIAL", ""),
|
|
Description: "PEM-encoded content of Docker client certificate",
|
|
},
|
|
"key_material": {
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
DefaultFunc: schema.EnvDefaultFunc("DOCKER_KEY_MATERIAL", ""),
|
|
Description: "PEM-encoded content of Docker client private key",
|
|
},
|
|
|
|
"cert_path": {
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
DefaultFunc: schema.EnvDefaultFunc("DOCKER_CERT_PATH", ""),
|
|
Description: "Path to directory with Docker TLS config",
|
|
},
|
|
|
|
"registry_auth": {
|
|
Type: schema.TypeSet,
|
|
Optional: true,
|
|
Elem: &schema.Resource{
|
|
Schema: map[string]*schema.Schema{
|
|
"address": {
|
|
Type: schema.TypeString,
|
|
Required: true,
|
|
Description: "Address of the registry",
|
|
},
|
|
|
|
"username": {
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
ConflictsWith: []string{"registry_auth.config_file", "registry_auth.config_file_content"},
|
|
DefaultFunc: schema.EnvDefaultFunc("DOCKER_REGISTRY_USER", ""),
|
|
Description: "Username for the registry",
|
|
},
|
|
|
|
"password": {
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
Sensitive: true,
|
|
ConflictsWith: []string{"registry_auth.config_file", "registry_auth.config_file_content"},
|
|
DefaultFunc: schema.EnvDefaultFunc("DOCKER_REGISTRY_PASS", ""),
|
|
Description: "Password for the registry",
|
|
},
|
|
|
|
"config_file": {
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
ConflictsWith: []string{"registry_auth.username", "registry_auth.password", "registry_auth.config_file_content"},
|
|
DefaultFunc: schema.EnvDefaultFunc("DOCKER_CONFIG", "~/.docker/config.json"),
|
|
Description: "Path to docker json file for registry auth",
|
|
},
|
|
|
|
"config_file_content": {
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
ConflictsWith: []string{"registry_auth.username", "registry_auth.password", "registry_auth.config_file"},
|
|
Description: "Plain content of the docker json file for registry auth",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
|
|
ResourcesMap: map[string]*schema.Resource{
|
|
"docker_container": resourceDockerContainer(),
|
|
"docker_image": resourceDockerImage(),
|
|
"docker_network": resourceDockerNetwork(),
|
|
"docker_volume": resourceDockerVolume(),
|
|
"docker_config": resourceDockerConfig(),
|
|
"docker_secret": resourceDockerSecret(),
|
|
"docker_service": resourceDockerService(),
|
|
},
|
|
|
|
DataSourcesMap: map[string]*schema.Resource{
|
|
"docker_registry_image": dataSourceDockerRegistryImage(),
|
|
"docker_network": dataSourceDockerNetwork(),
|
|
},
|
|
|
|
ConfigureFunc: providerConfigure,
|
|
}
|
|
}
|
|
|
|
func providerConfigure(d *schema.ResourceData) (interface{}, error) {
|
|
config := Config{
|
|
Host: d.Get("host").(string),
|
|
Ca: d.Get("ca_material").(string),
|
|
Cert: d.Get("cert_material").(string),
|
|
Key: d.Get("key_material").(string),
|
|
CertPath: d.Get("cert_path").(string),
|
|
}
|
|
|
|
client, err := config.NewClient()
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Error initializing Docker client: %s", err)
|
|
}
|
|
|
|
ctx := context.Background()
|
|
_, err = client.Ping(ctx)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Error pinging Docker server: %s", err)
|
|
}
|
|
|
|
authConfigs := &AuthConfigs{}
|
|
|
|
if v, ok := d.GetOk("registry_auth"); ok { // TODO load them anyway
|
|
authConfigs, err = providerSetToRegistryAuth(v.(*schema.Set))
|
|
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Error loading registry auth config: %s", err)
|
|
}
|
|
}
|
|
|
|
providerConfig := ProviderConfig{
|
|
DockerClient: client,
|
|
AuthConfigs: authConfigs,
|
|
}
|
|
|
|
return &providerConfig, nil
|
|
}
|
|
|
|
// AuthConfigs represents authentication options to use for the
|
|
// PushImage method accommodating the new X-Registry-Config header
|
|
type AuthConfigs struct {
|
|
Configs map[string]types.AuthConfig `json:"configs"`
|
|
}
|
|
|
|
// Take the given registry_auth schemas and return a map of registry auth configurations
|
|
func providerSetToRegistryAuth(authSet *schema.Set) (*AuthConfigs, error) {
|
|
authConfigs := AuthConfigs{
|
|
Configs: make(map[string]types.AuthConfig),
|
|
}
|
|
|
|
for _, authInt := range authSet.List() {
|
|
auth := authInt.(map[string]interface{})
|
|
authConfig := types.AuthConfig{}
|
|
authConfig.ServerAddress = normalizeRegistryAddress(auth["address"].(string))
|
|
registryHostname := convertToHostname(authConfig.ServerAddress)
|
|
|
|
// For each registry_auth block, generate an AuthConfiguration using either
|
|
// username/password or the given config file
|
|
if username, ok := auth["username"]; ok && username.(string) != "" {
|
|
log.Println("[DEBUG] Using username for registry auths:", username)
|
|
authConfig.Username = auth["username"].(string)
|
|
authConfig.Password = auth["password"].(string)
|
|
|
|
// Note: check for config_file_content first because config_file has a default which would be used
|
|
// nevertheless config_file_content is set or not. The default has to be kept to check for the
|
|
// environment variable and to be backwards compatible
|
|
} else if configFileContent, ok := auth["config_file_content"]; ok && configFileContent.(string) != "" {
|
|
log.Println("[DEBUG] Parsing file content for registry auths:", configFileContent.(string))
|
|
r := strings.NewReader(configFileContent.(string))
|
|
|
|
c, err := loadConfigFile(r)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Error parsing docker registry config json: %v", err)
|
|
}
|
|
authFileConfig, err := c.GetAuthConfig(registryHostname)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Couldn't find registry config for '%s' in file content", registryHostname)
|
|
}
|
|
authConfig.Username = authFileConfig.Username
|
|
authConfig.Password = authFileConfig.Password
|
|
|
|
// As last step we check if a config file path is given
|
|
} else if configFile, ok := auth["config_file"]; ok && configFile.(string) != "" {
|
|
filePath := configFile.(string)
|
|
log.Println("[DEBUG] Parsing file for registry auths:", filePath)
|
|
|
|
// We manually expand the path and do not use the 'pathexpand' interpolation function
|
|
// because in the default of this varable we refer to '~/.docker/config.json'
|
|
if strings.HasPrefix(filePath, "~/") {
|
|
usr, err := user.Current()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
filePath = strings.Replace(filePath, "~", usr.HomeDir, 1)
|
|
}
|
|
|
|
r, err := os.Open(filePath)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Error opening docker registry config file: %v", err)
|
|
}
|
|
|
|
c, err := loadConfigFile(r)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Error parsing docker registry config json: %v", err)
|
|
}
|
|
authFileConfig, err := c.GetAuthConfig(registryHostname)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Couldn't find registry config for '%s' in file: %s",
|
|
registryHostname, filePath)
|
|
}
|
|
authConfig.Username = authFileConfig.Username
|
|
authConfig.Password = authFileConfig.Password
|
|
}
|
|
|
|
authConfigs.Configs[authConfig.ServerAddress] = authConfig
|
|
}
|
|
|
|
return &authConfigs, nil
|
|
}
|
|
|
|
func loadConfigFile(configData io.Reader) (*configfile.ConfigFile, error) {
|
|
configFile := configfile.New("")
|
|
if err := configFile.LoadFromReader(configData); err != nil {
|
|
log.Println("[DEBUG] Error parsing registry config: ", err)
|
|
log.Println("[DEBUG] Will try parsing from legacy format")
|
|
if err := configFile.LegacyLoadFromReader(configData); err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
return configFile, nil
|
|
}
|
|
|
|
// ConvertToHostname converts a registry url which has http|https prepended
|
|
// to just an hostname.
|
|
// Copied from github.com/docker/docker/registry.ConvertToHostname to reduce dependencies.
|
|
func convertToHostname(url string) string {
|
|
stripped := url
|
|
if strings.HasPrefix(url, "http://") {
|
|
stripped = strings.TrimPrefix(url, "http://")
|
|
} else if strings.HasPrefix(url, "https://") {
|
|
stripped = strings.TrimPrefix(url, "https://")
|
|
}
|
|
|
|
nameParts := strings.SplitN(stripped, "/", 2)
|
|
|
|
return nameParts[0]
|
|
}
|