Pass the SCC credentials in pullImage() to factorize code

pullImage() needs the SCC credentials, but we don't want the
InspectHost() function to be called multiple times in one command. We
thus need to pass it down.

mgradm/cmd/install/podman/utils.go

@@ -87,12 +87,8 @@ func installForPodman(
 	if err != nil {
 		return utils.Errorf(err, L("failed to compute image URL"))
 	}
-	pullArgs := []string{}
-	if inspectedHostValues.SccUsername != "" && inspectedHostValues.SccPassword != "" {
-		pullArgs = append(pullArgs, "--creds", inspectedHostValues.SccUsername+":"+inspectedHostValues.SccPassword)
-	}
 
-	preparedImage, err := shared_podman.PrepareImage(image, flags.Image.PullPolicy, pullArgs...)
+	preparedImage, err := shared_podman.PrepareImage(inspectedHostValues, image, flags.Image.PullPolicy)
 	if err != nil {
 		return err
 	}

mgradm/cmd/migrate/podman/utils.go

@@ -32,18 +32,12 @@ func migrateToPodman(globalFlags *types.GlobalFlags, flags *podmanMigrateFlags,
 		return utils.Errorf(err, L("cannot compute image"))
 	}
 
-	// FIXME all this code should be centralized. Now it being called in several different places.
 	inspectedHostValues, err := utils.InspectHost(false)
 	if err != nil {
 		return utils.Errorf(err, L("cannot inspect host values"))
 	}
 
-	pullArgs := []string{}
-	if inspectedHostValues.SccUsername != "" && inspectedHostValues.SccPassword != "" {
-		pullArgs = append(pullArgs, "--creds", inspectedHostValues.SccUsername+":"+inspectedHostValues.SccPassword)
-	}
-
-	preparedImage, err := podman_utils.PrepareImage(serverImage, flags.Image.PullPolicy, pullArgs...)
+	preparedImage, err := podman_utils.PrepareImage(inspectedHostValues, serverImage, flags.Image.PullPolicy)
 	if err != nil {
 		return err
 	}

mgradm/shared/podman/podman.go

@@ -247,12 +247,7 @@ func RunPgsqlVersionUpgrade(image types.ImageFlags, upgradeImage types.ImageFlag
 			return utils.Errorf(err, L("cannot inspect host values"))
 		}
 
-		pullArgs := []string{}
-		if inspectedHostValues.SccUsername != "" && inspectedHostValues.SccPassword != "" {
-			pullArgs = append(pullArgs, "--creds", inspectedHostValues.SccUsername+":"+inspectedHostValues.SccPassword)
-		}
-
-		preparedImage, err := podman.PrepareImage(upgradeImageUrl, image.PullPolicy, pullArgs...)
+		preparedImage, err := podman.PrepareImage(inspectedHostValues, upgradeImageUrl, image.PullPolicy)
 		if err != nil {
 			return err
 		}
@@ -340,12 +335,7 @@ func Upgrade(image types.ImageFlags, upgradeImage types.ImageFlags, cocoImage ty
 		return utils.Errorf(err, L("cannot inspect host values"))
 	}
 
-	pullArgs := []string{}
-	if inspectedHostValues.SccUsername != "" && inspectedHostValues.SccPassword != "" {
-		pullArgs = append(pullArgs, "--creds", inspectedHostValues.SccUsername+":"+inspectedHostValues.SccPassword)
-	}
-
-	preparedImage, err := podman.PrepareImage(serverImage, image.PullPolicy, pullArgs...)
+	preparedImage, err := podman.PrepareImage(inspectedHostValues, serverImage, image.PullPolicy)
 	if err != nil {
 		return err
 	}

mgrpxy/cmd/install/podman/utils.go

@@ -37,23 +37,28 @@ func installForPodman(globalFlags *types.GlobalFlags, flags *podman.PodmanProxyF
 		return shared_utils.Errorf(err, L("failed to extract proxy config from %s file"), configPath)
 	}
 
-	httpdImage, err := podman.GetContainerImage(&flags.ProxyImageFlags, "httpd")
+	inspectedHostValues, err := shared_utils.InspectHost(true)
+	if err != nil {
+		return shared_utils.Errorf(err, L("cannot inspect host values"))
+	}
+
+	httpdImage, err := podman.GetContainerImage(inspectedHostValues, &flags.ProxyImageFlags, "httpd")
 	if err != nil {
 		return err
 	}
-	saltBrokerImage, err := podman.GetContainerImage(&flags.ProxyImageFlags, "salt-broker")
+	saltBrokerImage, err := podman.GetContainerImage(inspectedHostValues, &flags.ProxyImageFlags, "salt-broker")
 	if err != nil {
 		return err
 	}
-	squidImage, err := podman.GetContainerImage(&flags.ProxyImageFlags, "squid")
+	squidImage, err := podman.GetContainerImage(inspectedHostValues, &flags.ProxyImageFlags, "squid")
 	if err != nil {
 		return err
 	}
-	sshImage, err := podman.GetContainerImage(&flags.ProxyImageFlags, "ssh")
+	sshImage, err := podman.GetContainerImage(inspectedHostValues, &flags.ProxyImageFlags, "ssh")
 	if err != nil {
 		return err
 	}
-	tftpdImage, err := podman.GetContainerImage(&flags.ProxyImageFlags, "tftpd")
+	tftpdImage, err := podman.GetContainerImage(inspectedHostValues, &flags.ProxyImageFlags, "tftpd")
 	if err != nil {
 		return err
 	}

mgrpxy/shared/podman/podman.go

@@ -151,19 +151,14 @@ func getHttpProxyConfig() string {
 }
 
 // GetContainerImage returns a proxy image URL.
-func GetContainerImage(flags *utils.ProxyImageFlags, name string) (string, error) {
+func GetContainerImage(
+	inspectedHostValues *shared_utils.HostInspectData,
+	flags *utils.ProxyImageFlags,
+	name string,
+) (string, error) {
 	image := flags.GetContainerImage(name)
-	inspectedHostValues, err := shared_utils.InspectHost(true)
-	if err != nil {
-		return "", shared_utils.Errorf(err, L("cannot inspect host values"))
-	}
-
-	pullArgs := []string{}
-	if inspectedHostValues.SccUsername != "" && inspectedHostValues.SccPassword != "" {
-		pullArgs = append(pullArgs, "--creds", inspectedHostValues.SccUsername+":"+inspectedHostValues.SccPassword)
-	}
 
-	preparedImage, err := podman.PrepareImage(image, flags.PullPolicy, pullArgs...)
+	preparedImage, err := podman.PrepareImage(inspectedHostValues, image, flags.PullPolicy)
 	if err != nil {
 		return "", err
 	}
@@ -220,23 +215,29 @@ func Upgrade(globalFlags *types.GlobalFlags, flags *PodmanProxyFlags, cmd *cobra
 	if err := podman.StopService(podman.ProxyService); err != nil {
 		return err
 	}
-	httpdImage, err := GetContainerImage(&flags.ProxyImageFlags, "httpd")
+
+	inspectedHostValues, err := shared_utils.InspectHost(true)
+	if err != nil {
+		return shared_utils.Errorf(err, L("cannot inspect host values"))
+	}
+
+	httpdImage, err := GetContainerImage(inspectedHostValues, &flags.ProxyImageFlags, "httpd")
 	if err != nil {
 		log.Warn().Msgf(L("cannot find httpd image: it will no be upgraded"))
 	}
-	saltBrokerImage, err := GetContainerImage(&flags.ProxyImageFlags, "salt-broker")
+	saltBrokerImage, err := GetContainerImage(inspectedHostValues, &flags.ProxyImageFlags, "salt-broker")
 	if err != nil {
 		log.Warn().Msgf(L("cannot find salt-broker image: it will no be upgraded"))
 	}
-	squidImage, err := GetContainerImage(&flags.ProxyImageFlags, "squid")
+	squidImage, err := GetContainerImage(inspectedHostValues, &flags.ProxyImageFlags, "squid")
 	if err != nil {
 		log.Warn().Msgf(L("cannot find squid image: it will no be upgraded"))
 	}
-	sshImage, err := GetContainerImage(&flags.ProxyImageFlags, "ssh")
+	sshImage, err := GetContainerImage(inspectedHostValues, &flags.ProxyImageFlags, "ssh")
 	if err != nil {
 		log.Warn().Msgf(L("cannot find ssh image: it will no be upgraded"))
 	}
-	tftpdImage, err := GetContainerImage(&flags.ProxyImageFlags, "tftpd")
+	tftpdImage, err := GetContainerImage(inspectedHostValues, &flags.ProxyImageFlags, "tftpd")
 	if err != nil {
 		log.Warn().Msgf(L("cannot find tftpd image: it will no be upgraded"))
 	}

shared/podman/images.go

@@ -27,7 +27,12 @@ const rpmImageDir = "/usr/share/suse-docker-images/native/"
 // Ensure the container image is pulled or pull it if the pull policy allows it.
 //
 // Returns the image name to use. Note that it may be changed if the image has been loaded from a local RPM package.
-func PrepareImage(image string, pullPolicy string, args ...string) (string, error) {
+func PrepareImage(
+	inspectedHostValues *utils.HostInspectData,
+	image string,
+	pullPolicy string,
+	args ...string,
+) (string, error) {
 	if strings.ToLower(pullPolicy) != "always" {
 		log.Info().Msgf(L("Ensure image %s is available"), image)
 
@@ -62,7 +67,7 @@ func PrepareImage(image string, pullPolicy string, args ...string) (string, erro
 
 	if strings.ToLower(pullPolicy) != "never" {
 		log.Debug().Msgf("Pulling image %s because it is missing and pull policy is not 'never'", image)
-		return image, pullImage(image, args...)
+		return image, pullImage(inspectedHostValues, image, args...)
 	}
 
 	return image, fmt.Errorf(L("image %s is missing and cannot be fetched"), image)
@@ -203,21 +208,30 @@ func GetPulledImageName(image string) (string, error) {
 	return string(bytes.TrimSpace(out)), nil
 }
 
-func pullImage(image string, args ...string) error {
+func pullImage(inspectedHostValues *utils.HostInspectData, image string, args ...string) error {
 	if utils.ContainsUpperCase(image) {
 		return fmt.Errorf(L("%s should contains just lower case character, otherwise podman pull would fails"), image)
 	}
+
+	// Do we need to authenticate?
+
 	log.Info().Msgf(L("Running podman pull %s"), image)
 	podmanImageArgs := []string{"pull", image}
 	podmanArgs := append(podmanImageArgs, args...)
 
+	stdin := ""
+	if inspectedHostValues.SccUsername != "" && inspectedHostValues.SccPassword != "" {
+		podmanArgs = append(podmanArgs, "--creds", inspectedHostValues.SccUsername)
+		stdin = inspectedHostValues.SccPassword
+	}
+
 	loglevel := zerolog.DebugLevel
 	if len(args) > 0 {
 		loglevel = zerolog.Disabled
 		log.Debug().Msg("Additional arguments for pull command will not be shown.")
 	}
 
-	return utils.RunCmdStdMapping(loglevel, "", "podman", podmanArgs...)
+	return utils.RunCmdStdMapping(loglevel, stdin, "podman", podmanArgs...)
 }
 
 // ShowAvailableTag  returns the list of available tag for a given image.

shared/podman/utils.go

@@ -185,12 +185,7 @@ func Inspect(serverImage string, pullPolicy string, proxyHost bool) (*utils.Serv
 		return nil, utils.Errorf(err, L("cannot inspect host values"))
 	}
 
-	pullArgs := []string{}
-	if inspectedHostValues.SccUsername != "" && inspectedHostValues.SccPassword != "" {
-		pullArgs = append(pullArgs, "--creds", inspectedHostValues.SccUsername+":"+inspectedHostValues.SccPassword)
-	}
-
-	preparedImage, err := PrepareImage(serverImage, pullPolicy, pullArgs...)
+	preparedImage, err := PrepareImage(inspectedHostValues, serverImage, pullPolicy)
 	if err != nil {
 		return nil, err
 	}