Gather creds through HostObjects (#204)

Author: benvillalobos

Microsoft.NET.Build.Containers/AuthHandshakeMessageHandler.cs

@@ -83,8 +83,14 @@ private record TokenResponse(string? token, string? access_token, int? expires_i
     /// <returns></returns>
     private async Task<string> GetTokenAsync(Uri realm, string service, string scope, CancellationToken cancellationToken)
     {
+        // Allow overrides for auth via environment variables
+        string? credU = Environment.GetEnvironmentVariable("SDK_CONTAINER_REGISTRY_UNAME");
+        string? credP = Environment.GetEnvironmentVariable("SDK_CONTAINER_REGISTRY_PWORD");
+
         // fetch creds for the host
-        DockerCredentials privateRepoCreds = await CredsProvider.GetCredentialsAsync(realm.Host);
+        DockerCredentials privateRepoCreds = (!string.IsNullOrEmpty(credU) && !string.IsNullOrEmpty(credP)) ?
+                                                                        new DockerCredentials(credU, credP) :
+                                                                        await CredsProvider.GetCredentialsAsync(realm.Host);
         // use those creds when calling the token provider
         var header = privateRepoCreds.Username == "<token>"
                         ? new AuthenticationHeaderValue("Bearer", privateRepoCreds.Password)

Microsoft.NET.Build.Containers/CreateNewImage.cs

@@ -255,6 +255,13 @@ public override bool Execute()
                     outputReg?.Push(image, ImageName, tag, BaseImageName, message => SafeLog(message)).Wait();
                     SafeLog("Pushed container '{0}:{1}' to registry '{2}'", ImageName, tag, OutputRegistry);
                 }
+                catch (ContainerHttpException e)
+                {
+                    if (BuildEngine != null)
+                    {
+                        Log.LogErrorFromException(e, true);
+                    }
+                }
                 catch (Exception e)
                 {
                     if (BuildEngine != null)

Microsoft.NET.Build.Containers/CreateNewImageToolTask.cs

@@ -1,6 +1,7 @@
 namespace Microsoft.NET.Build.Containers.Tasks;
 
 using System;
+using System.Diagnostics;
 using System.Linq;
 using System.IO;
 using Microsoft.Build.Framework;
@@ -101,6 +102,8 @@ public class CreateNewImage : ToolTask
     // Unused, ToolExe is set via targets and overrides this.
     protected override string ToolName => "dotnet";
 
+    private (bool success, string user, string pass) extractionInfo;
+
     private string DotNetPath
     {
         get
@@ -131,12 +134,58 @@ public CreateNewImage()
         Labels = Array.Empty<ITaskItem>();
         ExposedPorts = Array.Empty<ITaskItem>();
         ContainerEnvironmentVariables = Array.Empty<ITaskItem>();
+        extractionInfo = (false, string.Empty, string.Empty);
         GeneratedContainerConfiguration = "";
         GeneratedContainerManifest = "";
     }
 
+    private void HostObjectMagic()
+    {
+        VSHostObject hostObj = new VSHostObject(HostObject as System.Collections.Generic.IEnumerable<ITaskItem>);
+        if (hostObj.ExtractCredentials(out string user, out string pass))
+        {
+            Log.LogWarning($"Host Object Retrieved.\nUser: {user}\nPass: {pass}");
+            extractionInfo = (true, user, pass);
+        }
+        else
+        {
+            Log.LogWarning("Host object failed to extract");
+        }
+            
+    }
+
     protected override string GenerateFullPathToTool() => Quote(Path.Combine(DotNetPath, ToolExe));
 
+    public override bool Execute()
+    {
+        HostObjectMagic();
+        return base.Execute();
+    }
+
+    /// <summary>
+    /// Workaround to avoid storing user/pass into the EnvironmentVariables property, which gets logged by the task.
+    /// </summary>
+    /// <param name="pathToTool"></param>
+    /// <param name="commandLineCommands"></param>
+    /// <param name="responseFileSwitch"></param>
+    /// <returns></returns>
+    protected override ProcessStartInfo GetProcessStartInfo
+    (
+        string pathToTool,
+        string commandLineCommands,
+        string responseFileSwitch
+    )
+    {
+        ProcessStartInfo startInfo = base.GetProcessStartInfo(pathToTool, commandLineCommands, responseFileSwitch)!;
+
+        if (extractionInfo.success)
+        {
+            startInfo.Environment["SDK_CONTAINER_REGISTRY_UNAME"] = extractionInfo.user;
+            startInfo.Environment["SDK_CONTAINER_REGISTRY_PWORD"] = extractionInfo.pass;
+        }
+
+        return startInfo;
+    }
 
     protected override string GenerateCommandLineCommands()
     {

Microsoft.NET.Build.Containers/DockerLoadException.cs

@@ -0,0 +1,35 @@
+using System.Runtime.Serialization;
+
+namespace Microsoft.NET.Build.Containers;
+
+public class DockerLoadException : Exception
+{
+    public DockerLoadException()
+    {
+    }
+
+    public DockerLoadException(string? message) : base(message)
+    {
+    }
+
+    public DockerLoadException(string? message, Exception? innerException) : base(message, innerException)
+    {
+    }
+
+    protected DockerLoadException(SerializationInfo info, StreamingContext context) : base(info, context)
+    {
+    }
+}
+
+public class ContainerHttpException : Exception
+{
+    private const string errorPrefix = "Containerize: error CONTAINER004:";
+    string? jsonResponse;
+    string? uri;
+    public ContainerHttpException(string message, string? targetUri, string? jsonResp) 
+            : base($"{errorPrefix} {message}\nURI: {targetUri ?? "None."}\nJson Response: {jsonResp ?? "None."}" )
+    {
+        jsonResponse = jsonResp;
+        uri = targetUri;
+    }
+}

Microsoft.NET.Build.Containers/Exceptions.cs

@@ -25,18 +25,22 @@
     <PackageReference Include="Valleysoft.DockerCredsProvider" />
   </ItemGroup>
 
+  <!-- net472 builds manually import files to compile -->
   <ItemGroup Condition="'$(TargetFramework)' == 'net472'">
     <Compile Remove="*.*" />
     <Compile Include="ReferenceParser.cs" />
     <Compile Include="ParseContainerProperties.cs" />
     <Compile Include="CreateNewImageToolTask.cs" />
     <Compile Include="ContainerHelpers.cs" />
     <Compile Include="net472Definitions.cs" />
+    <Compile Include="VSHostObject.cs" />
   </ItemGroup>
 
+  <!-- core remove files specific to net472 workarounds -->
   <ItemGroup Condition="'$(TargetFramework)' != 'net472'">
     <Compile Remove="CreateNewImageToolTask.cs" />
     <Compile Remove="net472Definitions.cs" />
+    <Compile Remove="VSHostObject.cs" />
   </ItemGroup>
 
   <!-- This target adds all of our PackageReference and ProjectReference's runtime assets to our package output. -->

Microsoft.NET.Build.Containers/Microsoft.NET.Build.Containers.csproj

@@ -217,12 +217,24 @@ public async Task Push(Image x, string name, string? tag, string baseName, Actio
         manifestUploadContent.Headers.ContentType = new MediaTypeHeaderValue(DockerManifestV2);
         var putResponse = await client.PutAsync(new Uri(BaseUri, $"/v2/{name}/manifests/{x.GetDigest(x.manifest)}"), manifestUploadContent);
         string putresponsestr = await putResponse.Content.ReadAsStringAsync();
-        putResponse.EnsureSuccessStatusCode();
+
+        if (!putResponse.IsSuccessStatusCode)
+        {
+            string jsonResponse = await putResponse.Content.ReadAsStringAsync();
+            throw new ContainerHttpException("Registry push failed.", putResponse.RequestMessage?.RequestUri?.ToString(), jsonResponse);
+        }
+
         logProgressMessage($"Uploaded manifest to registry");
 
         logProgressMessage($"Uploading tag to registry");
         var putResponse2 = await client.PutAsync(new Uri(BaseUri, $"/v2/{name}/manifests/{tag}"), manifestUploadContent);
-        putResponse2.EnsureSuccessStatusCode();
+
+        if (!putResponse2.IsSuccessStatusCode)
+        {
+            string jsonResponse = await putResponse2.Content.ReadAsStringAsync();
+            throw new ContainerHttpException("Registry push failed.", putResponse2.RequestMessage?.RequestUri?.ToString(), jsonResponse);
+        }
+
         logProgressMessage($"Uploaded tag to registry");
     }
-}
+}

Microsoft.NET.Build.Containers/Registry.cs

@@ -0,0 +1,41 @@
+using System.Collections.Generic;
+using System.Linq;
+using Microsoft.Build.Framework;
+
+#nullable disable
+
+namespace Microsoft.NET.Build.Containers.Tasks;
+
+internal class VSHostObject
+{
+    private const string CredentialItemSpecName = "MsDeployCredential";
+    private const string UserMetaDataName = "UserName";
+    private const string PasswordMetaDataName = "Password";
+    IEnumerable<ITaskItem> _hostObject;
+
+    public VSHostObject(IEnumerable<ITaskItem> hostObject)
+    {
+        _hostObject = hostObject;
+    }
+
+    public bool ExtractCredentials(out string username, out string password)
+    {
+        bool retVal = false;
+        username = password = string.Empty;
+        if (_hostObject != null)
+        {
+            ITaskItem credentialItem = _hostObject.FirstOrDefault<ITaskItem>(p => p.ItemSpec == CredentialItemSpecName);
+            if (credentialItem != null)
+            {
+                retVal = true;
+                username = credentialItem.GetMetadata(UserMetaDataName);
+                if (!string.IsNullOrEmpty(username))
+                {
+                    password = credentialItem.GetMetadata(PasswordMetaDataName);
+                }
+            }
+        }
+        return retVal;
+    }
+}
+