github.com/vtorhonen/terraform@v0.9.0-beta2.0.20170307220345-5d894e4ffda7/builtin/providers/docker/data_source_docker_registry_image.go (about)

     1  package docker
     2  
     3  import (
     4  	"encoding/json"
     5  	"fmt"
     6  	"io/ioutil"
     7  	"net/http"
     8  	"net/url"
     9  	"strings"
    10  
    11  	"github.com/hashicorp/terraform/helper/schema"
    12  )
    13  
    14  func dataSourceDockerRegistryImage() *schema.Resource {
    15  	return &schema.Resource{
    16  		Read: dataSourceDockerRegistryImageRead,
    17  
    18  		Schema: map[string]*schema.Schema{
    19  			"name": &schema.Schema{
    20  				Type:     schema.TypeString,
    21  				Optional: true,
    22  			},
    23  
    24  			"sha256_digest": &schema.Schema{
    25  				Type:     schema.TypeString,
    26  				Computed: true,
    27  			},
    28  		},
    29  	}
    30  }
    31  
    32  func dataSourceDockerRegistryImageRead(d *schema.ResourceData, meta interface{}) error {
    33  	pullOpts := parseImageOptions(d.Get("name").(string))
    34  
    35  	// Use the official Docker Hub if a registry isn't specified
    36  	if pullOpts.Registry == "" {
    37  		pullOpts.Registry = "registry.hub.docker.com"
    38  	} else {
    39  		// Otherwise, filter the registry name out of the repo name
    40  		pullOpts.Repository = strings.Replace(pullOpts.Repository, pullOpts.Registry+"/", "", 1)
    41  	}
    42  
    43  	// Docker prefixes 'library' to official images in the path; 'consul' becomes 'library/consul'
    44  	if !strings.Contains(pullOpts.Repository, "/") {
    45  		pullOpts.Repository = "library/" + pullOpts.Repository
    46  	}
    47  
    48  	if pullOpts.Tag == "" {
    49  		pullOpts.Tag = "latest"
    50  	}
    51  
    52  	digest, err := getImageDigest(pullOpts.Registry, pullOpts.Repository, pullOpts.Tag, "", "")
    53  
    54  	if err != nil {
    55  		return fmt.Errorf("Got error when attempting to fetch image version from registry: %s", err)
    56  	}
    57  
    58  	d.SetId(digest)
    59  	d.Set("sha256_digest", digest)
    60  
    61  	return nil
    62  }
    63  
    64  func getImageDigest(registry, image, tag, username, password string) (string, error) {
    65  	client := http.DefaultClient
    66  
    67  	req, err := http.NewRequest("GET", "https://"+registry+"/v2/"+image+"/manifests/"+tag, nil)
    68  
    69  	if err != nil {
    70  		return "", fmt.Errorf("Error creating registry request: %s", err)
    71  	}
    72  
    73  	if username != "" {
    74  		req.SetBasicAuth(username, password)
    75  	}
    76  
    77  	resp, err := client.Do(req)
    78  
    79  	if err != nil {
    80  		return "", fmt.Errorf("Error during registry request: %s", err)
    81  	}
    82  
    83  	switch resp.StatusCode {
    84  	// Basic auth was valid or not needed
    85  	case http.StatusOK:
    86  		return resp.Header.Get("Docker-Content-Digest"), nil
    87  
    88  	// Either OAuth is required or the basic auth creds were invalid
    89  	case http.StatusUnauthorized:
    90  		if strings.HasPrefix(resp.Header.Get("www-authenticate"), "Bearer") {
    91  			auth := parseAuthHeader(resp.Header.Get("www-authenticate"))
    92  			params := url.Values{}
    93  			params.Set("service", auth["service"])
    94  			params.Set("scope", auth["scope"])
    95  			tokenRequest, err := http.NewRequest("GET", auth["realm"]+"?"+params.Encode(), nil)
    96  
    97  			if err != nil {
    98  				return "", fmt.Errorf("Error creating registry request: %s", err)
    99  			}
   100  
   101  			if username != "" {
   102  				tokenRequest.SetBasicAuth(username, password)
   103  			}
   104  
   105  			tokenResponse, err := client.Do(tokenRequest)
   106  
   107  			if err != nil {
   108  				return "", fmt.Errorf("Error during registry request: %s", err)
   109  			}
   110  
   111  			if tokenResponse.StatusCode != http.StatusOK {
   112  				return "", fmt.Errorf("Got bad response from registry: " + tokenResponse.Status)
   113  			}
   114  
   115  			body, err := ioutil.ReadAll(tokenResponse.Body)
   116  			if err != nil {
   117  				return "", fmt.Errorf("Error reading response body: %s", err)
   118  			}
   119  
   120  			token := &TokenResponse{}
   121  			err = json.Unmarshal(body, token)
   122  			if err != nil {
   123  				return "", fmt.Errorf("Error parsing OAuth token response: %s", err)
   124  			}
   125  
   126  			req.Header.Set("Authorization", "Bearer "+token.Token)
   127  			digestResponse, err := client.Do(req)
   128  
   129  			if err != nil {
   130  				return "", fmt.Errorf("Error during registry request: %s", err)
   131  			}
   132  
   133  			if digestResponse.StatusCode != http.StatusOK {
   134  				return "", fmt.Errorf("Got bad response from registry: " + digestResponse.Status)
   135  			}
   136  
   137  			return digestResponse.Header.Get("Docker-Content-Digest"), nil
   138  		} else {
   139  			return "", fmt.Errorf("Bad credentials: " + resp.Status)
   140  		}
   141  
   142  	// Some unexpected status was given, return an error
   143  	default:
   144  		return "", fmt.Errorf("Got bad response from registry: " + resp.Status)
   145  	}
   146  }
   147  
   148  type TokenResponse struct {
   149  	Token string
   150  }
   151  
   152  // Parses key/value pairs from a WWW-Authenticate header
   153  func parseAuthHeader(header string) map[string]string {
   154  	parts := strings.SplitN(header, " ", 2)
   155  	parts = strings.Split(parts[1], ",")
   156  	opts := make(map[string]string)
   157  
   158  	for _, part := range parts {
   159  		vals := strings.SplitN(part, "=", 2)
   160  		key := vals[0]
   161  		val := strings.Trim(vals[1], "\", ")
   162  		opts[key] = val
   163  	}
   164  
   165  	return opts
   166  }