Merge branch '2.4.x'

Closes gh-24794
pull/24817/head
Scott Frederick 4 years ago
commit 9925c4ccd2

@ -1,5 +1,5 @@
/* /*
* Copyright 2012-2020 the original author or authors. * Copyright 2012-2021 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -116,6 +116,7 @@ public class Builder {
ImageReference runImage = getRunImageReferenceForStack(builderStack); ImageReference runImage = getRunImageReferenceForStack(builderStack);
request = request.withRunImage(runImage); request = request.withRunImage(runImage);
} }
assertImageRegistriesMatch(request);
Image runImage = getImage(request, ImageType.RUNNER); Image runImage = getImage(request, ImageType.RUNNER);
assertStackIdsMatch(runImage, builderImage); assertStackIdsMatch(runImage, builderImage);
return request; return request;
@ -172,6 +173,14 @@ public class Builder {
? this.dockerConfiguration.getPublishRegistryAuthentication().getAuthHeader() : null; ? this.dockerConfiguration.getPublishRegistryAuthentication().getAuthHeader() : null;
} }
private void assertImageRegistriesMatch(BuildRequest request) {
if (getBuilderAuthHeader() != null) {
Assert.state(request.getRunImage().getDomain().equals(request.getBuilder().getDomain()),
"Builder image '" + request.getBuilder() + "' and run image '" + request.getRunImage()
+ "' must be pulled from the same authenticated registry");
}
}
private void assertStackIdsMatch(Image runImage, Image builderImage) { private void assertStackIdsMatch(Image runImage, Image builderImage) {
StackId runImageStackId = StackId.fromImage(runImage); StackId runImageStackId = StackId.fromImage(runImage);
StackId builderImageStackId = StackId.fromImage(builderImage); StackId builderImageStackId = StackId.fromImage(builderImage);

@ -1,5 +1,5 @@
/* /*
* Copyright 2012-2020 the original author or authors. * Copyright 2012-2021 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -308,6 +308,42 @@ class BuilderTests {
.withMessage("Builder lifecycle 'creator' failed with status code 9"); .withMessage("Builder lifecycle 'creator' failed with status code 9");
} }
@Test
void buildWhenDetectedRunImageInDifferentAuthenticatedRegistryThrowsException() throws Exception {
TestPrintStream out = new TestPrintStream();
DockerApi docker = mockDockerApi();
Image builderImage = loadImage("image-with-run-image-different-registry.json");
DockerConfiguration dockerConfiguration = new DockerConfiguration()
.withBuilderRegistryTokenAuthentication("builder token");
given(docker.image().pull(eq(ImageReference.of(BuildRequest.DEFAULT_BUILDER_IMAGE_NAME)), any(),
eq(dockerConfiguration.getBuilderRegistryAuthentication().getAuthHeader())))
.willAnswer(withPulledImage(builderImage));
Builder builder = new Builder(BuildLog.to(out), docker, dockerConfiguration);
BuildRequest request = getTestRequest();
assertThatIllegalStateException().isThrownBy(() -> builder.build(request))
.withMessageContaining(BuildRequest.DEFAULT_BUILDER_IMAGE_NAME)
.withMessageContaining("example.com/custom/run:latest")
.withMessageContaining("must be pulled from the same authenticated registry");
}
@Test
void buildWhenRequestedRunImageInDifferentAuthenticatedRegistryThrowsException() throws Exception {
TestPrintStream out = new TestPrintStream();
DockerApi docker = mockDockerApi();
Image builderImage = loadImage("image.json");
DockerConfiguration dockerConfiguration = new DockerConfiguration()
.withBuilderRegistryTokenAuthentication("builder token");
given(docker.image().pull(eq(ImageReference.of(BuildRequest.DEFAULT_BUILDER_IMAGE_NAME)), any(),
eq(dockerConfiguration.getBuilderRegistryAuthentication().getAuthHeader())))
.willAnswer(withPulledImage(builderImage));
Builder builder = new Builder(BuildLog.to(out), docker, dockerConfiguration);
BuildRequest request = getTestRequest().withRunImage(ImageReference.of("example.com/custom/run:latest"));
assertThatIllegalStateException().isThrownBy(() -> builder.build(request))
.withMessageContaining(BuildRequest.DEFAULT_BUILDER_IMAGE_NAME)
.withMessageContaining("example.com/custom/run:latest")
.withMessageContaining("must be pulled from the same authenticated registry");
}
private DockerApi mockDockerApi() throws IOException { private DockerApi mockDockerApi() throws IOException {
ContainerApi containerApi = mock(ContainerApi.class); ContainerApi containerApi = mock(ContainerApi.class);
ContainerReference reference = ContainerReference.of("container-ref"); ContainerReference reference = ContainerReference.of("container-ref");

Loading…
Cancel
Save