summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZuul <zuul@review.openstack.org>2019-01-21 18:15:29 +0000
committerGerrit Code Review <review@openstack.org>2019-01-21 18:15:29 +0000
commitcb54c59577f69687b283b2ccd117fe4c0bce2f9b (patch)
treeea0ac12f0a914ecbfd8a12385f51d28e8b5162f5
parent3b9e295a377a0e0c704803aedb18c6caedb2b4e6 (diff)
parent3e3f83643506283032e0ee1007ce8e9644a44f62 (diff)
Merge "docker: add ability to restrict repository names"
-rw-r--r--roles/build-docker-image/common.rst11
-rw-r--r--roles/promote-docker-image/tasks/main.yaml7
-rw-r--r--roles/upload-docker-image/tasks/main.yaml7
3 files changed, 24 insertions, 1 deletions
diff --git a/roles/build-docker-image/common.rst b/roles/build-docker-image/common.rst
index 4275781..45484a9 100644
--- a/roles/build-docker-image/common.rst
+++ b/roles/build-docker-image/common.rst
@@ -54,7 +54,16 @@ using this role.
54 54
55 .. zuul:rolevar:: password 55 .. zuul:rolevar:: password
56 56
57 The Docker Hub password 57 The Docker Hub password.
58
59 .. zuul:rolevar:: repository
60
61 Optional; if supplied this is a regular expression which
62 restricts to what repositories the image may be uploaded. The
63 following example allows projects to upload images to
64 repositories within an organization based on their own names::
65
66 repository: "^myorgname/{{ zuul.project.short_name }}.*"
58 67
59.. zuul:rolevar:: docker_images 68.. zuul:rolevar:: docker_images
60 :type: list 69 :type: list
diff --git a/roles/promote-docker-image/tasks/main.yaml b/roles/promote-docker-image/tasks/main.yaml
index 0eb42de..80ad09a 100644
--- a/roles/promote-docker-image/tasks/main.yaml
+++ b/roles/promote-docker-image/tasks/main.yaml
@@ -1,3 +1,10 @@
1- name: Verify repository names
2 when: |
3 docker_credentials.repository is defined
4 and not item.repository | regex_search(docker_credentials.repository)
5 loop: "{{ docker_images }}"
6 fail:
7 msg: "{{ item.repository }} not permitted by {{ docker_credentials.repository }}"
1# This is used by the delete tasks 8# This is used by the delete tasks
2- name: Get dockerhub JWT token 9- name: Get dockerhub JWT token
3 no_log: true 10 no_log: true
diff --git a/roles/upload-docker-image/tasks/main.yaml b/roles/upload-docker-image/tasks/main.yaml
index 65be3c5..d7e8c81 100644
--- a/roles/upload-docker-image/tasks/main.yaml
+++ b/roles/upload-docker-image/tasks/main.yaml
@@ -1,3 +1,10 @@
1- name: Verify repository names
2 when: |
3 docker_credentials.repository is defined
4 and not item.repository | regex_search(docker_credentials.repository)
5 loop: "{{ docker_images }}"
6 fail:
7 msg: "{{ item.repository }} not permitted by {{ docker_credentials.repository }}"
1- name: Log in to dockerhub 8- name: Log in to dockerhub
2 command: "docker login -u {{ docker_credentials.username }} -p {{ docker_credentials.password }}" 9 command: "docker login -u {{ docker_credentials.username }} -p {{ docker_credentials.password }}"
3 no_log: true 10 no_log: true