Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 7F8AA200C78 for ; Thu, 18 May 2017 08:54:00 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 7E1EC160BD4; Thu, 18 May 2017 06:54:00 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 9734D160BB0 for ; Thu, 18 May 2017 08:53:59 +0200 (CEST) Received: (qmail 560 invoked by uid 500); 18 May 2017 06:53:58 -0000 Mailing-List: contact common-commits-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list common-commits@hadoop.apache.org Received: (qmail 545 invoked by uid 99); 18 May 2017 06:53:58 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 18 May 2017 06:53:58 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 7ED4DDFB01; Thu, 18 May 2017 06:53:58 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: vvasudev@apache.org To: common-commits@hadoop.apache.org Date: Thu, 18 May 2017 06:53:58 -0000 Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: [1/8] hadoop git commit: Validate docker image name before launching container. archived-at: Thu, 18 May 2017 06:54:00 -0000 Repository: hadoop Updated Branches: refs/heads/branch-2 3d2afb209 -> cd1a04e3c refs/heads/branch-2.8 9791ecc9d -> 23bbbce63 refs/heads/branch-2.8.1 6cc085b1f -> 6c93dabea refs/heads/trunk b23fcc86c -> b46cd315f Validate docker image name before launching container. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/e120ee86 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/e120ee86 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/e120ee86 Branch: refs/heads/trunk Commit: e120ee865aa78eaff4a80122c5f3207a97b4924d Parents: b23fcc8 Author: Varun Vasudev Authored: Thu May 18 10:29:34 2017 +0530 Committer: Varun Vasudev Committed: Thu May 18 10:29:34 2017 +0530 ---------------------------------------------------------------------- .../runtime/DockerLinuxContainerRuntime.java | 24 +++++++++++++--- .../runtime/TestDockerContainerRuntime.java | 29 ++++++++++++++++++++ 2 files changed, 49 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/e120ee86/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java index ed81331..8db03bc 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java @@ -57,6 +57,7 @@ import java.util.List; import java.util.Map; import java.util.Map.Entry; import java.util.Set; +import java.util.regex.Pattern; import static org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime.LinuxContainerRuntimeConstants.*; @@ -128,6 +129,12 @@ public class DockerLinuxContainerRuntime implements LinuxContainerRuntime { private static final Log LOG = LogFactory.getLog( DockerLinuxContainerRuntime.class); + // This validates that the image is a proper docker image + public static final String DOCKER_IMAGE_PATTERN = + "^(([a-zA-Z0-9.-]+)(:\\d+)?/)?([a-z0-9_./-]+)(:[\\w.-]+)?$"; + private static final Pattern dockerImagePattern = + Pattern.compile(DOCKER_IMAGE_PATTERN); + @InterfaceAudience.Private public static final String ENV_DOCKER_CONTAINER_IMAGE = "YARN_CONTAINER_RUNTIME_DOCKER_IMAGE"; @@ -413,10 +420,7 @@ public class DockerLinuxContainerRuntime implements LinuxContainerRuntime { validateContainerNetworkType(network); - if (imageName == null) { - throw new ContainerExecutionException(ENV_DOCKER_CONTAINER_IMAGE - + " not set!"); - } + validateImageName(imageName); String containerIdStr = container.getContainerId().toString(); String runAsUser = ctx.getExecutionAttribute(RUN_AS_USER); @@ -652,4 +656,16 @@ public class DockerLinuxContainerRuntime implements LinuxContainerRuntime { return launchOp; } + + public static void validateImageName(String imageName) + throws ContainerExecutionException { + if (imageName == null || imageName.isEmpty()) { + throw new ContainerExecutionException( + ENV_DOCKER_CONTAINER_IMAGE + " not set!"); + } + if (!dockerImagePattern.matcher(imageName).matches()) { + throw new ContainerExecutionException("Image name '" + imageName + + "' doesn't match docker image name pattern"); + } + } } http://git-wip-us.apache.org/repos/asf/hadoop/blob/e120ee86/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java index ee1f25c..f611843 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java @@ -898,4 +898,33 @@ public class TestDockerContainerRuntime { return conf; } + @Test + public void testDockerImageNamePattern() throws Exception { + String[] validNames = + { "ubuntu", "fedora/httpd:version1.0", + "fedora/httpd:version1.0.test", + "fedora/httpd:version1.0.TEST", + "myregistryhost:5000/ubuntu", + "myregistryhost:5000/fedora/httpd:version1.0", + "myregistryhost:5000/fedora/httpd:version1.0.test", + "myregistryhost:5000/fedora/httpd:version1.0.TEST"}; + + String[] invalidNames = { "Ubuntu", "ubuntu || fedora", "ubuntu#", + "myregistryhost:50AB0/ubuntu", "myregistry#host:50AB0/ubuntu", + ":8080/ubuntu" + }; + + for (String name : validNames) { + DockerLinuxContainerRuntime.validateImageName(name); + } + + for (String name : invalidNames) { + try { + DockerLinuxContainerRuntime.validateImageName(name); + Assert.fail(name + " is an invalid name and should fail the regex"); + } catch (ContainerExecutionException ce) { + continue; + } + } + } } --------------------------------------------------------------------- To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org For additional commands, e-mail: common-commits-help@hadoop.apache.org