diff --git a/api/src/config.rs b/api/src/config.rs index 257bfb2624e..e606770ddc9 100644 --- a/api/src/config.rs +++ b/api/src/config.rs @@ -207,6 +207,17 @@ impl ConfigV2 { false } } + + /// Fill authorization for registry backend. + pub fn update_registry_auth_info(&mut self, auth: &Option) { + if let Some(auth) = auth { + if let Some(backend) = self.backend.as_mut() { + if let Some(registry) = backend.registry.as_mut() { + registry.auth = Some(auth.to_string()); + } + } + } + } } impl FromStr for ConfigV2 { @@ -2123,4 +2134,48 @@ mod tests { assert_eq!(&config.id, "id1"); assert_eq!(config.backend.as_ref().unwrap().backend_type, "localfs"); } + + #[test] + fn test_update_registry_auth_info() { + let config = r#" + { + "device": { + "id": "test", + "backend": { + "type": "registry", + "config": { + "readahead": false, + "host": "docker.io", + "repo": "library/nginx", + "scheme": "https", + "proxy": { + "fallback": false + }, + "timeout": 5, + "connect_timeout": 5, + "retry_limit": 8 + } + } + }, + "mode": "direct", + "digest_validate": false, + "enable_xattr": true, + "fs_prefetch": { + "enable": true, + "threads_count": 10, + "merging_size": 131072, + "bandwidth_rate": 10485760 + } + }"#; + + let mut rafs_config = ConfigV2::from_str(&config).unwrap(); + let test_auth = "test_auth".to_string(); + + rafs_config.update_registry_auth_info(&Some(test_auth.clone())); + + let backend = rafs_config.backend.unwrap(); + let registry = backend.registry.unwrap(); + let auth = registry.auth.unwrap(); + assert_eq!(auth, test_auth); + } } diff --git a/docs/nydusd.md b/docs/nydusd.md index 069eed77471..17b886e8d7a 100644 --- a/docs/nydusd.md +++ b/docs/nydusd.md @@ -48,6 +48,8 @@ sudo nydusd \ --log-level info ``` +For registry backend, we can set authorization with environment variable `IMAGE_PULL_AUTH` to avoid loading `auth` from nydusd configuration file. + ### Run With Virtio-FS If no `/path/to/bootstrap` is available, please refer to [nydus-image.md](https://github.com/dragonflyoss/image-service/blob/master/docs/nydus-image.md) for more details. @@ -241,7 +243,8 @@ Document located at: https://github.com/adamqqqplay/nydus-localdisk/blob/master/ }, ... } -``` +``` +Note: The value of `device.backend.config.auth` will be overwrite if running the nydusd with environment variable `IMAGE_PULL_AUTH`. ##### Enable P2P Proxy for Storage Backend diff --git a/src/bin/nydusd/main.rs b/src/bin/nydusd/main.rs index 16ec048f0f7..357882d0d7f 100644 --- a/src/bin/nydusd/main.rs +++ b/src/bin/nydusd/main.rs @@ -20,7 +20,7 @@ use nix::sys::signal; use rlimit::Resource; use nydus::{dump_program_info, get_build_time_info, setup_logging, SubCmdArgs}; -use nydus_api::BuildTimeInfo; +use nydus_api::{BuildTimeInfo, ConfigV2}; use nydus_service::daemon::DaemonController; use nydus_service::{ create_daemon, create_fuse_daemon, create_vfs_backend, validate_threads_configuration, @@ -418,7 +418,16 @@ fn process_fs_service( ) } None => match args.value_of("config") { - Some(v) => std::fs::read_to_string(v)?, + Some(v) => { + let auth = std::env::var("IMAGE_PULL_AUTH").ok(); + if auth.is_some() { + let mut config = ConfigV2::from_file(v)?; + config.update_registry_auth_info(&auth); + serde_json::to_string(&config)? + } else { + std::fs::read_to_string(v)? + } + } None => { let e = NydusError::InvalidArguments( "both --config and --localfs-dir are missing".to_string(),