From 14eb26c618d2345bee449f65055161f1d333dfe2 Mon Sep 17 00:00:00 2001
From: David Boreham <david@bozemanpass.com>
Date: Mon, 26 Feb 2024 19:26:55 -0700
Subject: [PATCH] Updatge auth

---
 stack_orchestrator/build/fetch_containers.py | 26 ++++++++++++--------
 1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/stack_orchestrator/build/fetch_containers.py b/stack_orchestrator/build/fetch_containers.py
index 66db1848..03a46dbb 100644
--- a/stack_orchestrator/build/fetch_containers.py
+++ b/stack_orchestrator/build/fetch_containers.py
@@ -28,16 +28,17 @@ from stack_orchestrator.build.build_util import get_containers_in_scope
 def _local_tag_for(container: str):
     return f"{container}:local"
 
+
 # Emulate this:
 # $ curl -u "my-username:my-token" -X GET "https://<container-registry-hostname>/v2/cerc-io/cerc/test-container/tags/list"
 # {"name":"cerc-io/cerc/test-container","tags":["202402232130","202402232208"]}
-def _get_tags_for_container(container: str, registry: str) -> List[str]:
+def _get_tags_for_container(container: str, registry: str, registry_username: str, registry_token: str) -> List[str]:
     # registry looks like: git.vdb.to/cerc-io
     registry_parts = registry.split("/")
     url = f"https://{registry_parts[0]}/v2/{registry_parts[1]}/{container}/tags/list"
     if opts.o.debug:
         print(f"Fetching tags from: {url}")
-    response = requests.get(url, auth=("dboreham", "fb44b8dd36638bcf4abf478f7b1c3e18ed578f10"))
+    response = requests.get(url, auth=(registry_username, registry_token))
     if response.status_code == 200:
         tag_info = response.json()
         if opts.o.debug:
@@ -53,14 +54,15 @@ def _find_latest(candidate_tags: List[str]):
     return candidate_tags[0]
 
 
-def _get_latest_image(container: str, registry: str):
-    all_tags = _get_tags_for_container(container, registry)
+def _get_latest_image(container: str, registry: str, registry_username: str, registry_token: str):
+    all_tags = _get_tags_for_container(container, registry, registry_username, registry_token)
     latest_tag = _find_latest(all_tags)
     return f"{container}:{latest_tag}"
 
 
-def _fetch_image(tag: str, registry: str):
+def _fetch_image(tag: str, registry: str, registry_username: str, registry_token: str):
     docker = DockerClient()
+    docker.login(registry, registry_username, registry_token)
     remote_tag = f"{registry}/{tag}"
     if opts.o.debug:
         print(f"Attempting to pull this image: {remote_tag}")
@@ -87,8 +89,10 @@ def _add_local_tag(remote_tag: str, registry: str, local_tag: str):
 @click.option('--exclude', help="don\'t fetch these containers")
 @click.option("--force-local-overwrite", is_flag=True, default=False, help="Overwrite a locally built image, if present")
 @click.option("--image-registry", required=True, help="Specify the image registry to fetch from")
+@click.option("--registry_username", required=True, help="Specify the image registry username")
+@click.option("--registry_token", required=True, help="Specify the image registry access token")
 @click.pass_context
-def command(ctx, include, exclude, force_local_overwrite, image_registry):
+def command(ctx, include, exclude, force_local_overwrite, image_registry, registry_username, registry_token):
     '''EXPERIMENTAL: fetch the images for a stack from remote registry'''
 
     # Generate list of target containers
@@ -101,10 +105,10 @@ def command(ctx, include, exclude, force_local_overwrite, image_registry):
                 print(f"Processing: {container}")
             # For each container, attempt to find the latest of a set of
             # images with the correct name and platform in the specified registry
-            image_to_fetch = _get_latest_image(container, image_registry)
+            image_to_fetch = _get_latest_image(container, image_registry, registry_username, registry_token)
             if opts.o.debug:
                 print(f"Fetching: {image_to_fetch}")
-            _fetch_image(image_to_fetch, image_registry)
+            _fetch_image(image_to_fetch, image_registry, registry_username, registry_token)
             # Now check if the target container already exists exists locally already
             if (_exists_locally(container)):
                 if not opts.o.quiet:
@@ -113,11 +117,13 @@ def command(ctx, include, exclude, force_local_overwrite, image_registry):
                 if (force_local_overwrite):
                     # In that case remove the existing :local tag
                     if not opts.o.quiet:
-                        print(f"Warning: removing local tag from this image: {container} because --force-local-overwrite was specified")
+                        print(f"Warning: removing local tag from this image: {container} because "
+                              "--force-local-overwrite was specified")
                     _remove_local_tag(local_tag)
                 else:
                     if not opts.o.quiet:
-                        print(f"Skipping download for this image: {container}")
+                        print(f"Skipping local tagging for this image: {container} because that would "
+                              "overwrite an existing :local tagged image, use --force-local-overwrite to do so.")
             # Tag the fetched image with the :local tag
             _add_local_tag(image_to_fetch, image_registry, local_tag)
         else: