Merge pull request #475 from docker/aci_volume_keys

Get storage account key from azure login, no need to specify it in compose file or run -v option
docker-archive · Aug 14, 2020 · 27e7a0c · 27e7a0c
2 parents d902c96 + 4ee5aa6
commit 27e7a0c
Show file tree

Hide file tree

Showing 11 changed files with 189 additions and 194 deletions.
diff --git a/aci/aci.go b/aci/aci.go
@@ -24,8 +24,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/docker/api/errdefs"
-
 	"github.com/Azure/azure-sdk-for-go/services/containerinstance/mgmt/2018-10-01/containerinstance"
 	"github.com/Azure/go-autorest/autorest"
 	"github.com/Azure/go-autorest/autorest/to"
@@ -39,13 +37,12 @@ import (
 	"github.com/docker/api/aci/login"
 	"github.com/docker/api/containers"
 	"github.com/docker/api/context/store"
+	"github.com/docker/api/errdefs"
 	"github.com/docker/api/progress"
 )
 
-const aciDockerUserAgent = "docker-cli"
-
 func createACIContainers(ctx context.Context, aciContext store.AciContext, groupDefinition containerinstance.ContainerGroup) error {
-	containerGroupsClient, err := getContainerGroupsClient(aciContext.SubscriptionID)
+	containerGroupsClient, err := login.NewContainerGroupsClient(aciContext.SubscriptionID)
 	if err != nil {
 		return errors.Wrapf(err, "cannot get container group client")
 	}
@@ -69,7 +66,7 @@ func createACIContainers(ctx context.Context, aciContext store.AciContext, group
 
 func createOrUpdateACIContainers(ctx context.Context, aciContext store.AciContext, groupDefinition containerinstance.ContainerGroup) error {
 	w := progress.ContextWriter(ctx)
-	containerGroupsClient, err := getContainerGroupsClient(aciContext.SubscriptionID)
+	containerGroupsClient, err := login.NewContainerGroupsClient(aciContext.SubscriptionID)
 	if err != nil {
 		return errors.Wrapf(err, "cannot get container group client")
 	}
@@ -124,7 +121,7 @@ func createOrUpdateACIContainers(ctx context.Context, aciContext store.AciContex
 }
 
 func getACIContainerGroup(ctx context.Context, aciContext store.AciContext, containerGroupName string) (containerinstance.ContainerGroup, error) {
-	containerGroupsClient, err := getContainerGroupsClient(aciContext.SubscriptionID)
+	containerGroupsClient, err := login.NewContainerGroupsClient(aciContext.SubscriptionID)
 	if err != nil {
 		return containerinstance.ContainerGroup{}, fmt.Errorf("cannot get container group client: %v", err)
 	}
@@ -133,7 +130,7 @@ func getACIContainerGroup(ctx context.Context, aciContext store.AciContext, cont
 }
 
 func deleteACIContainerGroup(ctx context.Context, aciContext store.AciContext, containerGroupName string) (containerinstance.ContainerGroup, error) {
-	containerGroupsClient, err := getContainerGroupsClient(aciContext.SubscriptionID)
+	containerGroupsClient, err := login.NewContainerGroupsClient(aciContext.SubscriptionID)
 	if err != nil {
 		return containerinstance.ContainerGroup{}, fmt.Errorf("cannot get container group client: %v", err)
 	}
@@ -142,7 +139,7 @@ func deleteACIContainerGroup(ctx context.Context, aciContext store.AciContext, c
 }
 
 func stopACIContainerGroup(ctx context.Context, aciContext store.AciContext, containerGroupName string) error {
-	containerGroupsClient, err := getContainerGroupsClient(aciContext.SubscriptionID)
+	containerGroupsClient, err := login.NewContainerGroupsClient(aciContext.SubscriptionID)
 	if err != nil {
 		return fmt.Errorf("cannot get container group client: %v", err)
 	}
@@ -155,7 +152,7 @@ func stopACIContainerGroup(ctx context.Context, aciContext store.AciContext, con
 }
 
 func execACIContainer(ctx context.Context, aciContext store.AciContext, command, containerGroup string, containerName string) (c containerinstance.ContainerExecResponse, err error) {
-	containerClient, err := getContainerClient(aciContext.SubscriptionID)
+	containerClient, err := login.NewContainerClient(aciContext.SubscriptionID)
 	if err != nil {
 		return c, errors.Wrapf(err, "cannot get container client")
 	}
@@ -248,7 +245,7 @@ func exec(ctx context.Context, address string, password string, request containe
 }
 
 func getACIContainerLogs(ctx context.Context, aciContext store.AciContext, containerGroupName, containerName string, tail *int32) (string, error) {
-	containerClient, err := getContainerClient(aciContext.SubscriptionID)
+	containerClient, err := login.NewContainerClient(aciContext.SubscriptionID)
 	if err != nil {
 		return "", errors.Wrapf(err, "cannot get container client")
 	}
@@ -311,34 +308,3 @@ func getBacktrackLines(lines []string, terminalWidth int) int {
 
 	return numLines
 }
-
-func getContainerGroupsClient(subscriptionID string) (containerinstance.ContainerGroupsClient, error) {
-	containerGroupsClient := containerinstance.NewContainerGroupsClient(subscriptionID)
-	err := setupClient(&containerGroupsClient.Client)
-	if err != nil {
-		return containerinstance.ContainerGroupsClient{}, err
-	}
-	containerGroupsClient.PollingDelay = 5 * time.Second
-	containerGroupsClient.RetryAttempts = 30
-	containerGroupsClient.RetryDuration = 1 * time.Second
-	return containerGroupsClient, nil
-}
-
-func setupClient(aciClient *autorest.Client) error {
-	aciClient.UserAgent = aciDockerUserAgent
-	auth, err := login.NewAuthorizerFromLogin()
-	if err != nil {
-		return err
-	}
-	aciClient.Authorizer = auth
-	return nil
-}
-
-func getContainerClient(subscriptionID string) (containerinstance.ContainerClient, error) {
-	containerClient := containerinstance.NewContainerClient(subscriptionID)
-	err := setupClient(&containerClient.Client)
-	if err != nil {
-		return containerinstance.ContainerClient{}, err
-	}
-	return containerClient, nil
-}
diff --git a/aci/backend.go b/aci/backend.go
@@ -133,7 +133,7 @@ type aciContainerService struct {
 }
 
 func (cs *aciContainerService) List(ctx context.Context, all bool) ([]containers.Container, error) {
-	groupsClient, err := getContainerGroupsClient(cs.ctx.SubscriptionID)
+	groupsClient, err := login.NewContainerGroupsClient(cs.ctx.SubscriptionID)
 	if err != nil {
 		return nil, err
 	}
@@ -209,7 +209,7 @@ func (cs *aciContainerService) Run(ctx context.Context, r containers.ContainerCo
 	}
 
 	logrus.Debugf("Running container %q with name %q\n", r.Image, r.ID)
-	groupDefinition, err := convert.ToContainerGroup(cs.ctx, project)
+	groupDefinition, err := convert.ToContainerGroup(ctx, cs.ctx, project)
 	if err != nil {
 		return err
 	}
@@ -232,7 +232,7 @@ func (cs *aciContainerService) Start(ctx context.Context, containerID string) er
 		return errors.New(fmt.Sprintf(msg, containerName, groupName, groupName))
 	}
 
-	containerGroupsClient, err := getContainerGroupsClient(cs.ctx.SubscriptionID)
+	containerGroupsClient, err := login.NewContainerGroupsClient(cs.ctx.SubscriptionID)
 	if err != nil {
 		return err
 	}
@@ -336,7 +336,7 @@ func (cs *aciContainerService) Delete(ctx context.Context, containerID string, r
 	}
 
 	if !request.Force {
-		containerGroupsClient, err := getContainerGroupsClient(cs.ctx.SubscriptionID)
+		containerGroupsClient, err := login.NewContainerGroupsClient(cs.ctx.SubscriptionID)
 		if err != nil {
 			return err
 		}
@@ -410,7 +410,7 @@ func (cs *aciComposeService) Up(ctx context.Context, opts cli.ProjectOptions) er
 		return err
 	}
 	logrus.Debugf("Up on project with name %q\n", project.Name)
-	groupDefinition, err := convert.ToContainerGroup(cs.ctx, *project)
+	groupDefinition, err := convert.ToContainerGroup(ctx, cs.ctx, *project)
 	addTag(&groupDefinition, composeContainerTag)
 
 	if err != nil {

diff --git a/aci/convert/convert.go b/aci/convert/convert.go
@@ -17,8 +17,8 @@
 package convert
 
 import (
+	"context"
 	"encoding/base64"
-	"errors"
 	"fmt"
 	"io/ioutil"
 	"math"
@@ -29,7 +29,9 @@ import (
 	"github.com/Azure/azure-sdk-for-go/services/containerinstance/mgmt/2018-10-01/containerinstance"
 	"github.com/Azure/go-autorest/autorest/to"
 	"github.com/compose-spec/compose-go/types"
+	"github.com/pkg/errors"
 
+	"github.com/docker/api/aci/login"
 	"github.com/docker/api/containers"
 	"github.com/docker/api/context/store"
 )
@@ -42,15 +44,22 @@ const (
 	azureFileDriverName            = "azure_file"
 	volumeDriveroptsShareNameKey   = "share_name"
 	volumeDriveroptsAccountNameKey = "storage_account_name"
-	volumeDriveroptsAccountKeyKey  = "storage_account_key"
 	secretInlineMark               = "inline:"
 )
 
 // ToContainerGroup converts a compose project into a ACI container group
-func ToContainerGroup(aciContext store.AciContext, p types.Project) (containerinstance.ContainerGroup, error) {
+func ToContainerGroup(ctx context.Context, aciContext store.AciContext, p types.Project) (containerinstance.ContainerGroup, error) {
 	project := projectAciHelper(p)
 	containerGroupName := strings.ToLower(project.Name)
-	volumesCache, volumesSlice, err := project.getAciFileVolumes()
+	loginService, err := login.NewAzureLoginService()
+	if err != nil {
+		return containerinstance.ContainerGroup{}, err
+	}
+	storageHelper := login.StorageAccountHelper{
+		LoginService: *loginService,
+		AciContext:   aciContext,
+	}
+	volumesCache, volumesSlice, err := project.getAciFileVolumes(ctx, storageHelper)
 	if err != nil {
 		return containerinstance.ContainerGroup{}, err
 	}
@@ -191,7 +200,7 @@ func (p projectAciHelper) getAciSecretVolumes() ([]containerinstance.Volume, err
 	return secretVolumes, nil
 }
 
-func (p projectAciHelper) getAciFileVolumes() (map[string]bool, []containerinstance.Volume, error) {
+func (p projectAciHelper) getAciFileVolumes(ctx context.Context, helper login.StorageAccountHelper) (map[string]bool, []containerinstance.Volume, error) {
 	azureFileVolumesMap := make(map[string]bool, len(p.Volumes))
 	var azureFileVolumesSlice []containerinstance.Volume
 	for name, v := range p.Volumes {
@@ -204,9 +213,9 @@ func (p projectAciHelper) getAciFileVolumes() (map[string]bool, []containerinsta
 			if !ok {
 				return nil, nil, fmt.Errorf("cannot retrieve account name for Azurefile")
 			}
-			accountKey, ok := v.DriverOpts[volumeDriveroptsAccountKeyKey]
-			if !ok {
-				return nil, nil, fmt.Errorf("cannot retrieve account key for Azurefile")
+			accountKey, err := helper.GetAzureStorageAccountKey(ctx, accountName)
+			if err != nil {
+				return nil, nil, err
 			}
 			aciVolume := containerinstance.Volume{
 				Name: to.StringPtr(name),

diff --git a/aci/convert/convert_test.go b/aci/convert/convert_test.go
@@ -17,6 +17,7 @@
 package convert
 
 import (
+	"context"
 	"os"
 	"testing"
 
@@ -40,7 +41,7 @@ func TestProjectName(t *testing.T) {
 	project := types.Project{
 		Name: "TEST",
 	}
-	containerGroup, err := ToContainerGroup(convertCtx, project)
+	containerGroup, err := ToContainerGroup(context.TODO(), convertCtx, project)
 	assert.NilError(t, err)
 	assert.Equal(t, *containerGroup.Name, "test")
 }
@@ -117,7 +118,7 @@ func TestComposeContainerGroupToContainerWithDnsSideCarSide(t *testing.T) {
 		},
 	}
 
-	group, err := ToContainerGroup(convertCtx, project)
+	group, err := ToContainerGroup(context.TODO(), convertCtx, project)
 	assert.NilError(t, err)
 	assert.Assert(t, is.Len(*group.Containers, 3))
 
@@ -142,7 +143,7 @@ func TestComposeSingleContainerGroupToContainerNoDnsSideCarSide(t *testing.T) {
 		},
 	}
 
-	group, err := ToContainerGroup(convertCtx, project)
+	group, err := ToContainerGroup(context.TODO(), convertCtx, project)
 	assert.NilError(t, err)
 
 	assert.Assert(t, is.Len(*group.Containers, 1))
@@ -165,7 +166,7 @@ func TestComposeSingleContainerRestartPolicy(t *testing.T) {
 		},
 	}
 
-	group, err := ToContainerGroup(convertCtx, project)
+	group, err := ToContainerGroup(context.TODO(), convertCtx, project)
 	assert.NilError(t, err)
 
 	assert.Assert(t, is.Len(*group.Containers, 1))
@@ -197,7 +198,7 @@ func TestComposeMultiContainerRestartPolicy(t *testing.T) {
 		},
 	}
 
-	group, err := ToContainerGroup(convertCtx, project)
+	group, err := ToContainerGroup(context.TODO(), convertCtx, project)
 	assert.NilError(t, err)
 
 	assert.Assert(t, is.Len(*group.Containers, 3))
@@ -231,7 +232,7 @@ func TestComposeInconsistentMultiContainerRestartPolicy(t *testing.T) {
 		},
 	}
 
-	_, err := ToContainerGroup(convertCtx, project)
+	_, err := ToContainerGroup(context.TODO(), convertCtx, project)
 	assert.Error(t, err, "ACI integration does not support specifying different restart policies on containers in the same compose application")
 }
 
@@ -248,7 +249,7 @@ func TestLabelsErrorMessage(t *testing.T) {
 		},
 	}
 
-	_, err := ToContainerGroup(convertCtx, project)
+	_, err := ToContainerGroup(context.TODO(), convertCtx, project)
 	assert.Error(t, err, "ACI integration does not support labels in compose applications")
 }
 
@@ -262,7 +263,7 @@ func TestComposeSingleContainerGroupToContainerDefaultRestartPolicy(t *testing.T
 		},
 	}
 
-	group, err := ToContainerGroup(convertCtx, project)
+	group, err := ToContainerGroup(context.TODO(), convertCtx, project)
 	assert.NilError(t, err)
 
 	assert.Assert(t, is.Len(*group.Containers, 1))
@@ -296,7 +297,7 @@ func TestComposeContainerGroupToContainerMultiplePorts(t *testing.T) {
 		},
 	}
 
-	group, err := ToContainerGroup(convertCtx, project)
+	group, err := ToContainerGroup(context.TODO(), convertCtx, project)
 	assert.NilError(t, err)
 	assert.Assert(t, is.Len(*group.Containers, 3))
 
@@ -335,7 +336,7 @@ func TestComposeContainerGroupToContainerResourceLimits(t *testing.T) {
 		},
 	}
 
-	group, err := ToContainerGroup(convertCtx, project)
+	group, err := ToContainerGroup(context.TODO(), convertCtx, project)
 	assert.NilError(t, err)
 
 	limits := *((*group.Containers)[0]).Resources.Limits
@@ -361,7 +362,7 @@ func TestComposeContainerGroupToContainerResourceLimitsDefaults(t *testing.T) {
 		},
 	}
 
-	group, err := ToContainerGroup(convertCtx, project)
+	group, err := ToContainerGroup(context.TODO(), convertCtx, project)
 	assert.NilError(t, err)
 
 	limits := *((*group.Containers)[0]).Resources.Limits
@@ -385,7 +386,7 @@ func TestComposeContainerGroupToContainerenvVar(t *testing.T) {
 		},
 	}
 
-	group, err := ToContainerGroup(convertCtx, project)
+	group, err := ToContainerGroup(context.TODO(), convertCtx, project)
 	assert.NilError(t, err)
 
 	envVars := *((*group.Containers)[0]).EnvironmentVariables