Refine error handling logic so that HTTP 407 (Proxy Authentication
Required) responses from the Docker daemon are treated as plain
text rather than JSON.
See gh-47180
Signed-off-by: Siva Sai Udayagiri <udayagirishivasai@gmail.com>
Before this commit, the credential helper used the serverUrl from
the Map.Entry<String,Auth> as a fallback. However, the helper only uses
the email from the auths.
See gh-45345
Signed-off-by: Dmytro Nosan <dimanosan@gmail.com>
Add `DockerRegistryAuthentication` implementation that uses standard
Docker config to authenticate requests.
Prior to this commit, we only supported username/password and token
based authentication. This commit allows authentication based on
the contents of the Docker configuration file, including support
for executing credential helpers.
See gh-45269
Signed-off-by: Dmytro Nosan <dimanosan@gmail.com>
Co-authored-by: Phillip Webb <phil.webb@broadcom.com>
Update `DockerConfigurationMetadata` with support for `credsStore`,
`credHelpers` and `auth` sections. These values will be required to
support credential helper based authentication.
See gh-45269
Signed-off-by: Dmytro Nosan <dimanosan@gmail.com>
Relate `DockerConfiguration` from `...platform.docker` to
`...platform.build` since it contains build specific concepts.
This commit also refactors a few other areas of the code to make it
easier to support credential helpers in the future.
Closes gh-45283
Update `EphemeralBuilder` so that it adds an additional layer that
containing an empty application (aka workspace) directory owned by
the build user.
Prior to this commit, the directory was only bound. This could cause
issues on Podman where, unlike Docker, the bound directory is owned
by `root`.
Fixes gh-45233
Before this commit, if the status code was 4xx or 500, we tried to read the errors
object, consuming the http entity. When we tried to deserialize the message,
the http entity was already consumed, an IOException has been thrown and null
is returned for the message.
Now, we read the content in a byte[] and deserialize the errors and the message
from that. This ensures that we can read both the errors and the message.
Closes gh-44628
This commit introduces a new constructor in `DockerApi`
that accepts `DockerLogger` as a parameter.
The `DockerLogger` is a pretty simple callback interface used to
provide DockerApi output logging.
See gh-44412
Signed-off-by: Dmytro Nosan <dimanosan@gmail.com>
Update `DockerApi` so that calls are made using a fixed version. For
most calls this will be `v1.24`, however, for calls with a platform
we must use the `v1.41`.
When possible, we check that the Docker version in use meets the
required minimum, however, if we can't detect the running version
we now proceed and let the actual API call fail. This is due to the
fact that the `/_ping` endpoint may not always be available. For
example, it is restricted when building from a BitBucket CI pipeline.
Fixes gh-43452
Phillip Webb
SSUday
Vincent Potucek
Andy Wilkinson
Stéphane Nicoll
Dmytro Nosan
Johnny Lim
Moritz Halbritter
Yanming Zhou
youngjin_dev
Wolfgang Kronberg