mirror of
https://github.com/drone/drone-kaniko.git
synced 2026-06-04 10:14:55 +08:00
Modify docker config to add base connector (#115)
* add config for base connector * fix permissions code * add gar step support * add gar step support * reformat code, add support for gar and acr * remove logs * address review comments * delete bin file
This commit is contained in:
Aishwarya Lad
+42
-5
@@ -23,12 +23,11 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
dockerPath string = "/kaniko/.docker"
|
||||
clientIdEnv string = "AZURE_CLIENT_ID"
|
||||
clientSecretKeyEnv string = "AZURE_CLIENT_SECRET"
|
||||
dockerConfigPath string = "/kaniko/.docker"
|
||||
tenantKeyEnv string = "AZURE_TENANT_ID"
|
||||
certPathEnv string = "AZURE_CLIENT_CERTIFICATE_PATH"
|
||||
dockerConfigPath string = "/kaniko/.docker"
|
||||
defaultDigestFile string = "/kaniko/digest-file"
|
||||
finalUrl string = "https://portal.azure.com/#view/Microsoft_Azure_ContainerRegistries/TagMetadataBlade/registryId/"
|
||||
)
|
||||
@@ -122,6 +121,21 @@ func main() {
|
||||
Usage: "ACR registry",
|
||||
EnvVar: "PLUGIN_REGISTRY",
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "base-image-registry",
|
||||
Usage: "docker registry for base image registry",
|
||||
EnvVar: "PLUGIN_DOCKER_REGISTRY,DOCKER_REGISTRY",
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "base-image-username",
|
||||
Usage: "docker username for base image registry",
|
||||
EnvVar: "PLUGIN_DOCKER_USERNAME,DOCKER_USERNAME",
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "base-image-password",
|
||||
Usage: "docker password for base image registry",
|
||||
EnvVar: "PLUGIN_DOCKER_PASSWORD,DOCKER_PASSWORD",
|
||||
},
|
||||
cli.StringSliceFlag{
|
||||
Name: "registry-mirrors",
|
||||
Usage: "docker registry mirrors",
|
||||
@@ -376,6 +390,9 @@ func run(c *cli.Context) error {
|
||||
c.String("client-secret"),
|
||||
c.String("subscription-id"),
|
||||
registry,
|
||||
c.String("base-image-username"),
|
||||
c.String("base-image-password"),
|
||||
c.String("base-image-registry"),
|
||||
noPush,
|
||||
)
|
||||
if err != nil {
|
||||
@@ -457,7 +474,7 @@ func run(c *cli.Context) error {
|
||||
}
|
||||
|
||||
func setupAuth(tenantId, clientId, cert,
|
||||
clientSecret, subscriptionId, registry string, noPush bool) (string, error) {
|
||||
clientSecret, subscriptionId, registry, dockerUsername, dockerPassword, dockerRegistry string, noPush bool) (string, error) {
|
||||
if registry == "" {
|
||||
return "", fmt.Errorf("registry must be specified")
|
||||
}
|
||||
@@ -474,8 +491,9 @@ func setupAuth(tenantId, clientId, cert,
|
||||
if err != nil {
|
||||
return "", errors.Wrap(err, "failed to fetch ACR Token")
|
||||
}
|
||||
err = docker.CreateDockerCfgFile(username, token, registry, dockerConfigPath)
|
||||
if err != nil {
|
||||
|
||||
// setup docker config for azure registry and base image docker registry
|
||||
if err := setDockerAuth(username, token, registry, dockerUsername, dockerPassword, dockerRegistry); err != nil {
|
||||
return "", errors.Wrap(err, "failed to create docker config")
|
||||
}
|
||||
return publicUrl, nil
|
||||
@@ -649,6 +667,25 @@ func getPublicUrl(token, registryUrl, subscriptionId string) (string, error) {
|
||||
return "", errors.New("did not receive any registry information from /subscriptions API")
|
||||
}
|
||||
|
||||
func setDockerAuth(username, password, registry, dockerUsername, dockerPassword, dockerRegistry string) error {
|
||||
dockerConfig := docker.NewConfig()
|
||||
pushToRegistryCreds := docker.RegistryCredentials{
|
||||
Registry: registry,
|
||||
Username: username,
|
||||
Password: password,
|
||||
}
|
||||
|
||||
pullFromRegistryCreds := docker.RegistryCredentials{
|
||||
Registry: dockerRegistry,
|
||||
Username: dockerUsername,
|
||||
Password: dockerPassword,
|
||||
}
|
||||
|
||||
credentials := []docker.RegistryCredentials{pushToRegistryCreds, pullFromRegistryCreds}
|
||||
return dockerConfig.CreateDockerConfig(credentials, dockerConfigPath)
|
||||
|
||||
}
|
||||
|
||||
func encodeParam(s string) string {
|
||||
return url.QueryEscape(s)
|
||||
}
|
||||
|
||||
@@ -0,0 +1,171 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"testing"
|
||||
|
||||
"github.com/drone/drone-kaniko/pkg/docker"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
const (
|
||||
v2RegistryURL string = "https://index.docker.io/v2/" // v2 registry is not supported
|
||||
)
|
||||
|
||||
func TestCreateDockerConfigWithBaseRegistry(t *testing.T) {
|
||||
username := "user1"
|
||||
password := "pass1"
|
||||
registry := "azurecr.io"
|
||||
dockerUsername := "dockeruser"
|
||||
dockerPassword := "dockerpass"
|
||||
dockerRegistry := "https://index.docker.io/v1/"
|
||||
privateRegistry := "privateDockerRegistry"
|
||||
privateRegistryUsername := "priaveUsername"
|
||||
privateRegistryPassword := "privatePassword"
|
||||
|
||||
credentials := []docker.RegistryCredentials{
|
||||
{
|
||||
Registry: registry,
|
||||
Username: username,
|
||||
Password: password,
|
||||
},
|
||||
{
|
||||
Registry: dockerRegistry,
|
||||
Username: dockerUsername,
|
||||
Password: dockerPassword,
|
||||
},
|
||||
{
|
||||
Registry: privateRegistry,
|
||||
Username: privateRegistryUsername,
|
||||
Password: privateRegistryPassword,
|
||||
},
|
||||
}
|
||||
|
||||
tempDir, err := ioutil.TempDir("", "docker-config-test")
|
||||
assert.NoError(t, err)
|
||||
defer os.RemoveAll(tempDir)
|
||||
|
||||
config := docker.NewConfig()
|
||||
err = config.CreateDockerConfig(credentials, tempDir)
|
||||
assert.NoError(t, err)
|
||||
|
||||
expectedAuth := docker.Auth{Auth: base64.StdEncoding.EncodeToString([]byte(username + ":" + password))}
|
||||
assert.Equal(t, expectedAuth, config.Auths[registry])
|
||||
|
||||
expectedDockerAuth := docker.Auth{Auth: base64.StdEncoding.EncodeToString([]byte(dockerUsername + ":" + dockerPassword))}
|
||||
assert.Equal(t, expectedDockerAuth, config.Auths[dockerRegistry])
|
||||
|
||||
configPath := filepath.Join(tempDir, "config.json")
|
||||
data, err := ioutil.ReadFile(configPath)
|
||||
assert.NoError(t, err)
|
||||
|
||||
var configFromFile docker.Config
|
||||
err = json.Unmarshal(data, &configFromFile)
|
||||
assert.NoError(t, err)
|
||||
|
||||
assert.Equal(t, config.Auths, configFromFile.Auths)
|
||||
|
||||
err = config.CreateDockerConfig([]docker.RegistryCredentials{
|
||||
{
|
||||
Registry: registry,
|
||||
Username: "",
|
||||
Password: password,
|
||||
},
|
||||
}, tempDir)
|
||||
assert.EqualError(t, err, "Username must be specified for registry: "+registry)
|
||||
|
||||
err = config.CreateDockerConfig([]docker.RegistryCredentials{
|
||||
{
|
||||
Registry: registry,
|
||||
Username: username,
|
||||
Password: "",
|
||||
},
|
||||
}, tempDir)
|
||||
assert.EqualError(t, err, "Password must be specified for registry: "+registry)
|
||||
|
||||
// v1 registry but without username password
|
||||
err = config.CreateDockerConfig([]docker.RegistryCredentials{
|
||||
{
|
||||
Registry: registry,
|
||||
Username: username,
|
||||
Password: password,
|
||||
},
|
||||
{
|
||||
Registry: dockerRegistry,
|
||||
Username: "",
|
||||
Password: "",
|
||||
},
|
||||
}, tempDir)
|
||||
assert.NoError(t, err)
|
||||
|
||||
// v2 registry but without username password
|
||||
err = config.CreateDockerConfig([]docker.RegistryCredentials{
|
||||
{
|
||||
Registry: registry,
|
||||
Username: username,
|
||||
Password: password,
|
||||
},
|
||||
{
|
||||
Registry: v2RegistryURL,
|
||||
Username: "",
|
||||
Password: "",
|
||||
},
|
||||
}, tempDir)
|
||||
assert.NoError(t, err)
|
||||
|
||||
// private base registry without username/password
|
||||
err = config.CreateDockerConfig([]docker.RegistryCredentials{
|
||||
{
|
||||
Registry: privateRegistry,
|
||||
Username: "",
|
||||
Password: "",
|
||||
},
|
||||
}, tempDir)
|
||||
assert.EqualError(t, err, "Username must be specified for registry: "+privateRegistry)
|
||||
|
||||
}
|
||||
|
||||
func TestCreateDockerConfigWithoutBaseRegistry(t *testing.T) {
|
||||
username := "user1"
|
||||
password := "pass1"
|
||||
registry := "azurecr.io"
|
||||
|
||||
credentials := []docker.RegistryCredentials{
|
||||
{
|
||||
Registry: registry,
|
||||
Username: username,
|
||||
Password: password,
|
||||
},
|
||||
}
|
||||
|
||||
// Create a temporary directory
|
||||
tempDir, err := ioutil.TempDir("", "docker-config-test")
|
||||
assert.NoError(t, err)
|
||||
defer os.RemoveAll(tempDir)
|
||||
|
||||
config := docker.NewConfig()
|
||||
err = config.CreateDockerConfig(credentials, tempDir)
|
||||
assert.NoError(t, err)
|
||||
|
||||
expectedAuth := docker.Auth{Auth: base64.StdEncoding.EncodeToString([]byte(username + ":" + password))}
|
||||
assert.Equal(t, expectedAuth, config.Auths[registry])
|
||||
|
||||
// Check the contents of the config.json file
|
||||
configPath := filepath.Join(tempDir, "config.json")
|
||||
data, err := ioutil.ReadFile(configPath)
|
||||
assert.NoError(t, err)
|
||||
|
||||
var configFromFile docker.Config
|
||||
err = json.Unmarshal(data, &configFromFile)
|
||||
assert.NoError(t, err)
|
||||
|
||||
assert.Equal(t, config.Auths, configFromFile.Auths)
|
||||
|
||||
// Check if the public Docker Hub auth is not set
|
||||
_, exists := config.Auths[""]
|
||||
assert.False(t, exists)
|
||||
}
|
||||
+52
-53
@@ -1,9 +1,6 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
@@ -14,6 +11,7 @@ import (
|
||||
|
||||
kaniko "github.com/drone/drone-kaniko"
|
||||
"github.com/drone/drone-kaniko/pkg/artifact"
|
||||
"github.com/drone/drone-kaniko/pkg/docker"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -21,9 +19,7 @@ const (
|
||||
dockerPath string = "/kaniko/.docker"
|
||||
dockerConfigPath string = "/kaniko/.docker/config.json"
|
||||
|
||||
v1RegistryURL string = "https://index.docker.io/v1/" // Default registry
|
||||
v2RegistryURL string = "https://index.docker.io/v2/" // v2 registry is not supported
|
||||
v2HubRegistryURL string = "https://registry.hub.docker.com/v2/"
|
||||
v1RegistryURL string = "https://index.docker.io/v1/" // Default registry
|
||||
|
||||
defaultDigestFile string = "/kaniko/digest-file"
|
||||
)
|
||||
@@ -122,10 +118,15 @@ func main() {
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "registry",
|
||||
Usage: "docker registry",
|
||||
Usage: "docker registry of registry to push image to",
|
||||
Value: v1RegistryURL,
|
||||
EnvVar: "PLUGIN_REGISTRY",
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "base-image-registry",
|
||||
Usage: "docker registry for base image registry",
|
||||
EnvVar: "PLUGIN_DOCKER_REGISTRY,DOCKER_REGISTRY",
|
||||
},
|
||||
cli.StringSliceFlag{
|
||||
Name: "registry-mirrors",
|
||||
Usage: "docker registry mirrors",
|
||||
@@ -133,14 +134,24 @@ func main() {
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "username",
|
||||
Usage: "docker username",
|
||||
Usage: "docker username of registry to push image to",
|
||||
EnvVar: "PLUGIN_USERNAME",
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "base-image-username",
|
||||
Usage: "docker username for base image registry",
|
||||
EnvVar: "PLUGIN_DOCKER_USERNAME,DOCKER_USERNAME",
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "password",
|
||||
Usage: "docker password",
|
||||
Usage: "docker password of registry to push image to",
|
||||
EnvVar: "PLUGIN_PASSWORD",
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "base-image-password",
|
||||
Usage: "docker password for base image registry",
|
||||
EnvVar: "PLUGIN_DOCKER_PASSWORD,DOCKER_PASSWORD",
|
||||
},
|
||||
cli.BoolFlag{
|
||||
Name: "skip-tls-verify",
|
||||
Usage: "Skip registry tls verify",
|
||||
@@ -363,16 +374,23 @@ func run(c *cli.Context) error {
|
||||
username := c.String("username")
|
||||
noPush := c.Bool("no-push")
|
||||
configOverride := c.String("dockerconfig")
|
||||
|
||||
// if configOverride is provided, use this for docker auth
|
||||
// if configOverride is provided, use this directly to write to docker config file
|
||||
if len(configOverride) > 0 {
|
||||
if err := writeDockerCfgFile([]byte(configOverride)); err != nil {
|
||||
if err := docker.WriteDockerConfig([]byte(configOverride), dockerPath); err != nil {
|
||||
return err
|
||||
}
|
||||
} else if !noPush || username != "" {
|
||||
// setup auth when pushing or credentials are defined and docker config override is false
|
||||
if err := createDockerCfgFile(username, c.String("password"), c.String("registry")); err != nil {
|
||||
return err
|
||||
// setup auth when pushing/pulling or credentials are defined and docker config override is false
|
||||
err := setDockerAuth(
|
||||
c.String("username"),
|
||||
c.String("password"),
|
||||
c.String("registry"),
|
||||
c.String("base-image-username"),
|
||||
c.String("base-image-password"),
|
||||
c.String("base-image-registry"),
|
||||
)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "failed to create docker config")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -430,8 +448,9 @@ func run(c *cli.Context) error {
|
||||
SkipTLSVerifyRegistry: c.Bool("skip-tls-verify-registry"),
|
||||
UseNewRun: c.Bool("use-new-run"),
|
||||
IgnorePath: c.String("ignore-path"),
|
||||
ImageFSExtractRetry: c.Int("image-fs-extract-retry"),
|
||||
ImageDownloadRetry: c.Int("image-download-retry"),
|
||||
|
||||
ImageFSExtractRetry: c.Int("image-fs-extract-retry"),
|
||||
ImageDownloadRetry: c.Int("image-download-retry"),
|
||||
},
|
||||
Artifact: kaniko.Artifact{
|
||||
Tags: c.StringSlice("tags"),
|
||||
@@ -455,45 +474,25 @@ func run(c *cli.Context) error {
|
||||
return plugin.Exec()
|
||||
}
|
||||
|
||||
// Create the docker config file for authentication
|
||||
func createDockerCfgFile(username, password, registry string) error {
|
||||
if username == "" {
|
||||
return fmt.Errorf("Username must be specified")
|
||||
}
|
||||
if password == "" {
|
||||
return fmt.Errorf("Password must be specified")
|
||||
}
|
||||
if registry == "" {
|
||||
return fmt.Errorf("Registry must be specified")
|
||||
func setDockerAuth(username, password, registry, baseImageUsername, baseImagePassword, baseImageRegistry string) error {
|
||||
dockerConfig := docker.NewConfig()
|
||||
pushToRegistryCreds := docker.RegistryCredentials{
|
||||
Registry: registry,
|
||||
Username: username,
|
||||
Password: password,
|
||||
}
|
||||
credentials := []docker.RegistryCredentials{pushToRegistryCreds}
|
||||
|
||||
if registry == v2RegistryURL || registry == v2HubRegistryURL {
|
||||
fmt.Println("Docker v2 registry is not supported in kaniko. Refer issue: https://github.com/GoogleContainerTools/kaniko/issues/1209")
|
||||
fmt.Printf("Using v1 registry instead: %s\n", v1RegistryURL)
|
||||
registry = v1RegistryURL
|
||||
if baseImageRegistry != "" {
|
||||
pullFromRegistryCreds := docker.RegistryCredentials{
|
||||
Registry: baseImageRegistry,
|
||||
Username: baseImageUsername,
|
||||
Password: baseImagePassword,
|
||||
}
|
||||
credentials = append(credentials, pullFromRegistryCreds)
|
||||
}
|
||||
|
||||
authBytes := []byte(fmt.Sprintf("%s:%s", username, password))
|
||||
encodedString := base64.StdEncoding.EncodeToString(authBytes)
|
||||
jsonBytes := []byte(fmt.Sprintf(`{"auths": {"%s": {"auth": "%s"}}}`, registry, encodedString))
|
||||
|
||||
if err := writeDockerCfgFile(jsonBytes); err != nil {
|
||||
return errors.Wrap(err, "failed to write docker config file")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// Write json bytes in the docker config file
|
||||
func writeDockerCfgFile(jsonBytes []byte) error {
|
||||
err := os.MkdirAll(dockerPath, 0600)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, fmt.Sprintf("failed to create %s directory", dockerPath))
|
||||
}
|
||||
err = ioutil.WriteFile(dockerConfigPath, jsonBytes, 0644)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "failed to create docker config file")
|
||||
}
|
||||
return nil
|
||||
// Creates docker config for both the regustries used for authentication
|
||||
return dockerConfig.CreateDockerConfig(credentials, dockerPath)
|
||||
}
|
||||
|
||||
func buildRepo(registry, repo string, expandRepo bool) string {
|
||||
|
||||
@@ -35,3 +35,61 @@ func Test_buildRepo(t *testing.T) {
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestCreateDockerConfigFromGivenRegistry(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
username string
|
||||
password string
|
||||
registry string
|
||||
dockerUsername string
|
||||
dockerPassword string
|
||||
dockerRegistry string
|
||||
wantErr bool
|
||||
}{
|
||||
{
|
||||
name: "valid credentials",
|
||||
username: "testuser",
|
||||
password: "testpassword",
|
||||
registry: "https://index.docker.io/v1/",
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "v2 registry",
|
||||
username: "testuser",
|
||||
password: "testpassword",
|
||||
registry: "https://index.docker.io/v2/",
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "docker registry credentials",
|
||||
username: "testuser",
|
||||
password: "testpassword",
|
||||
registry: "https://index.docker.io/v1/",
|
||||
dockerUsername: "dockeruser",
|
||||
dockerPassword: "dockerpassword",
|
||||
dockerRegistry: "https://docker.io",
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "empty docker registry",
|
||||
username: "testuser",
|
||||
password: "testpassword",
|
||||
registry: "https://index.docker.io/v1/",
|
||||
dockerUsername: "dockeruser",
|
||||
dockerPassword: "",
|
||||
dockerRegistry: "https://docker.io",
|
||||
wantErr: false,
|
||||
},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
err := createDockerConfig(tt.username, tt.password, tt.registry, tt.dockerUsername, tt.dockerPassword, tt.dockerRegistry)
|
||||
if (err != nil) != tt.wantErr {
|
||||
t.Errorf("createDockerConfig() error = %v, wantErr %v", err, tt.wantErr)
|
||||
return
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
+30
-32
@@ -3,7 +3,6 @@ package main
|
||||
import (
|
||||
"context"
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
@@ -32,8 +31,8 @@ import (
|
||||
|
||||
const (
|
||||
accessKeyEnv string = "AWS_ACCESS_KEY_ID"
|
||||
dockerConfigPath string = "/kaniko/.docker"
|
||||
secretKeyEnv string = "AWS_SECRET_ACCESS_KEY"
|
||||
dockerConfigPath string = "/kaniko/.docker/config.json"
|
||||
ecrPublicDomain string = "public.ecr.aws"
|
||||
kanikoVersionEnv string = "KANIKO_VERSION"
|
||||
|
||||
@@ -67,18 +66,18 @@ func main() {
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "docker-registry",
|
||||
Usage: "docker registry",
|
||||
Usage: "docker registry for base image registry",
|
||||
EnvVar: "PLUGIN_DOCKER_REGISTRY,DOCKER_REGISTRY",
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "docker-username",
|
||||
Usage: "docker username",
|
||||
EnvVar: "PLUGIN_USERNAME,DOCKER_USERNAME",
|
||||
Usage: "docker username for base image registry",
|
||||
EnvVar: "PLUGIN_USERNAME,PLUGIN_DOCKER_USERNAME,DOCKER_USERNAME",
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "docker-password",
|
||||
Usage: "docker password",
|
||||
EnvVar: "PLUGIN_PASSWORD,DOCKER_PASSWORD",
|
||||
EnvVar: "PLUGIN_PASSWORD,PLUGIN_DOCKER_PASSWORD,DOCKER_PASSWORD",
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "context",
|
||||
@@ -400,7 +399,8 @@ func run(c *cli.Context) error {
|
||||
assumeRole := c.String("assume-role")
|
||||
externalId := c.String("external-id")
|
||||
|
||||
dockerConfig, err := createDockerConfig(
|
||||
// setup docker config for azure registry and base image docker registry
|
||||
err := setDockerAuth(
|
||||
c.String("docker-registry"),
|
||||
c.String("docker-username"),
|
||||
c.String("docker-password"),
|
||||
@@ -413,16 +413,7 @@ func run(c *cli.Context) error {
|
||||
noPush,
|
||||
)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
jsonBytes, err := json.Marshal(dockerConfig)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if err := ioutil.WriteFile(dockerConfigPath, jsonBytes, 0644); err != nil {
|
||||
return err
|
||||
return errors.Wrap(err, "failed to create docker config")
|
||||
}
|
||||
|
||||
// only create repository when pushing and create-repository is true
|
||||
@@ -526,41 +517,49 @@ func run(c *cli.Context) error {
|
||||
return plugin.Exec()
|
||||
}
|
||||
|
||||
func createDockerConfig(dockerRegistry, dockerUsername, dockerPassword, accessKey, secretKey,
|
||||
registry, assumeRole, externalId, region string, noPush bool) (*docker.Config, error) {
|
||||
func setDockerAuth(dockerRegistry, dockerUsername, dockerPassword, accessKey, secretKey,
|
||||
registry, assumeRole, externalId, region string, noPush bool) error {
|
||||
dockerConfig := docker.NewConfig()
|
||||
|
||||
if dockerUsername != "" {
|
||||
// if no docker registry provided, use dockerhub by default
|
||||
if len(dockerRegistry) == 0 {
|
||||
dockerRegistry = docker.RegistryV1
|
||||
credentials := []docker.RegistryCredentials{}
|
||||
// set docker credentials for base image registry
|
||||
if dockerRegistry != "" {
|
||||
pullFromRegistryCreds := docker.RegistryCredentials{
|
||||
Registry: dockerRegistry,
|
||||
Username: dockerUsername,
|
||||
Password: dockerPassword,
|
||||
}
|
||||
dockerConfig.SetAuth(dockerRegistry, dockerUsername, dockerPassword)
|
||||
credentials = append(credentials, pullFromRegistryCreds)
|
||||
}
|
||||
|
||||
if assumeRole != "" {
|
||||
var err error
|
||||
username, password, registry, err := getAssumeRoleCreds(region, assumeRole, externalId, "")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return err
|
||||
}
|
||||
dockerConfig.SetAuth(registry, username, password)
|
||||
pushToRegistryCreds := docker.RegistryCredentials{
|
||||
Registry: registry,
|
||||
Username: username,
|
||||
Password: password,
|
||||
}
|
||||
credentials = append(credentials, pushToRegistryCreds)
|
||||
|
||||
} else if !noPush || accessKey != "" {
|
||||
// only setup auth when pushing or credentials are defined
|
||||
if registry == "" {
|
||||
return nil, fmt.Errorf("registry must be specified")
|
||||
return fmt.Errorf("registry must be specified")
|
||||
}
|
||||
|
||||
// If IAM role is used, access key & secret key are not required
|
||||
if accessKey != "" && secretKey != "" {
|
||||
err := os.Setenv(accessKeyEnv, accessKey)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", accessKeyEnv))
|
||||
return errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", accessKeyEnv))
|
||||
}
|
||||
|
||||
err = os.Setenv(secretKeyEnv, secretKey)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", secretKeyEnv))
|
||||
return errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", secretKeyEnv))
|
||||
}
|
||||
}
|
||||
|
||||
@@ -571,8 +570,7 @@ func createDockerConfig(dockerRegistry, dockerUsername, dockerPassword, accessKe
|
||||
dockerConfig.SetCredHelper(registry, "ecr-login")
|
||||
}
|
||||
}
|
||||
|
||||
return dockerConfig, nil
|
||||
return dockerConfig.CreateDockerConfig(credentials, dockerConfigPath)
|
||||
}
|
||||
|
||||
func createRepository(region, repo, registry, assumeRole, externalId string) error {
|
||||
|
||||
+32
-116
@@ -1,129 +1,45 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"reflect"
|
||||
"testing"
|
||||
|
||||
"github.com/drone/drone-kaniko/pkg/docker"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestCreateDockerConfig(t *testing.T) {
|
||||
got, err := createDockerConfig(
|
||||
"",
|
||||
"docker-username",
|
||||
"docker-password",
|
||||
"access-key",
|
||||
"secret-key",
|
||||
"ecr-registry",
|
||||
"",
|
||||
"",
|
||||
"",
|
||||
false,
|
||||
)
|
||||
if err != nil {
|
||||
t.Error("failed to create docker config")
|
||||
func TestCreateDockerConfigForECRWithBaseRegistry(t *testing.T) {
|
||||
accessKey := "access-key"
|
||||
secretKey := "secret-key"
|
||||
ecrRegistry := "ecr-registry"
|
||||
dockerUsername := "dockeruser"
|
||||
dockerPassword := "dockerpass"
|
||||
dockerRegistry := "https://index.docker.io/v1/"
|
||||
|
||||
tempDir, err := ioutil.TempDir("", "docker-config-test")
|
||||
assert.NoError(t, err)
|
||||
defer os.RemoveAll(tempDir)
|
||||
|
||||
config := docker.NewConfig()
|
||||
|
||||
pullFromRegistryCreds := docker.RegistryCredentials{
|
||||
Registry: dockerRegistry,
|
||||
Username: dockerUsername,
|
||||
Password: dockerPassword,
|
||||
}
|
||||
credentials := []docker.RegistryCredentials{
|
||||
{Registry: ecrRegistry, Username: accessKey, Password: secretKey},
|
||||
pullFromRegistryCreds,
|
||||
}
|
||||
|
||||
want := docker.NewConfig()
|
||||
want.SetAuth(docker.RegistryV1, "docker-username", "docker-password")
|
||||
want.SetCredHelper(docker.RegistryECRPublic, "ecr-login")
|
||||
want.SetCredHelper("ecr-registry", "ecr-login")
|
||||
err = config.CreateDockerConfig(credentials, tempDir)
|
||||
assert.NoError(t, err)
|
||||
|
||||
if !reflect.DeepEqual(want, got) {
|
||||
t.Errorf("not equal:\n want: %#v\n got: %#v", want, got)
|
||||
}
|
||||
}
|
||||
expectedECRAuth := docker.Auth{Auth: base64.StdEncoding.EncodeToString([]byte(accessKey + ":" + secretKey))}
|
||||
assert.Equal(t, expectedECRAuth, config.Auths[ecrRegistry])
|
||||
|
||||
func TestCreateDockerConfigFromGivenRegistry(t *testing.T) {
|
||||
got, err := createDockerConfig(
|
||||
"docker-registry",
|
||||
"docker-username",
|
||||
"docker-password",
|
||||
"access-key",
|
||||
"secret-key",
|
||||
"ecr-registry",
|
||||
"",
|
||||
"",
|
||||
"",
|
||||
false,
|
||||
)
|
||||
if err != nil {
|
||||
t.Error("failed to create docker config")
|
||||
}
|
||||
|
||||
want := docker.NewConfig()
|
||||
want.SetAuth("docker-registry", "docker-username", "docker-password")
|
||||
want.SetCredHelper(docker.RegistryECRPublic, "ecr-login")
|
||||
want.SetCredHelper("ecr-registry", "ecr-login")
|
||||
if !reflect.DeepEqual(want, got) {
|
||||
t.Errorf("not equal:\n want: %#v\n got: %#v", want, got)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCreateDockerConfigKanikoOneDotEight(t *testing.T) {
|
||||
os.Setenv(kanikoVersionEnv, "1.8.1")
|
||||
defer os.Setenv(kanikoVersionEnv, "")
|
||||
got, err := createDockerConfig(
|
||||
"",
|
||||
"docker-username",
|
||||
"docker-password",
|
||||
"access-key",
|
||||
"secret-key",
|
||||
"ecr-registry",
|
||||
"",
|
||||
"",
|
||||
"",
|
||||
false,
|
||||
)
|
||||
if err != nil {
|
||||
t.Error("failed to create docker config")
|
||||
}
|
||||
|
||||
want := docker.NewConfig()
|
||||
want.SetAuth(docker.RegistryV1, "docker-username", "docker-password")
|
||||
|
||||
if !reflect.DeepEqual(want, got) {
|
||||
t.Errorf("not equal:\n want: %#v\n got: %#v", want, got)
|
||||
}
|
||||
}
|
||||
|
||||
func TestVersionComparison(t *testing.T) {
|
||||
tests := []struct {
|
||||
title string
|
||||
version string
|
||||
expected bool
|
||||
}{
|
||||
{
|
||||
title: "Kaniko 1.6.0 version",
|
||||
version: "1.6.0",
|
||||
expected: true,
|
||||
},
|
||||
{
|
||||
title: "Kaniko 1.8.0 version",
|
||||
version: "1.8.0",
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
title: "Kaniko 1.8.1 version",
|
||||
version: "1.8.1",
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
title: "Empty kaniko version",
|
||||
version: "",
|
||||
expected: true,
|
||||
},
|
||||
{
|
||||
title: "Kaniko version 1.10.0",
|
||||
version: "1.10.0",
|
||||
expected: false,
|
||||
},
|
||||
}
|
||||
for _, test := range tests {
|
||||
got := isKanikoVersionBelowOneDotEight(test.version)
|
||||
if got != test.expected {
|
||||
t.Fatalf("test name: %s, expected: %v, got: %v", test.title, test.expected, got)
|
||||
}
|
||||
}
|
||||
}
|
||||
expectedDockerAuth := docker.Auth{Auth: base64.StdEncoding.EncodeToString([]byte(dockerUsername + ":" + dockerPassword))}
|
||||
assert.Equal(t, expectedDockerAuth, config.Auths[dockerRegistry])
|
||||
}
|
||||
+42
-3
@@ -12,12 +12,14 @@ import (
|
||||
|
||||
kaniko "github.com/drone/drone-kaniko"
|
||||
"github.com/drone/drone-kaniko/pkg/artifact"
|
||||
"github.com/drone/drone-kaniko/pkg/docker"
|
||||
)
|
||||
|
||||
const (
|
||||
dockerConfigPath string = "/kaniko/.docker"
|
||||
// GAR JSON key file path
|
||||
garKeyPath string = "/kaniko/config.json"
|
||||
garEnvVariable string = "GOOGLE_APPLICATION_CREDENTIALS"
|
||||
garKeyPath string = "/kaniko/config.json"
|
||||
garEnvVariable string = "GOOGLE_APPLICATION_CREDENTIALS"
|
||||
|
||||
defaultDigestFile string = "/kaniko/digest-file"
|
||||
)
|
||||
@@ -109,6 +111,21 @@ func main() {
|
||||
Usage: "gar registry",
|
||||
EnvVar: "PLUGIN_REGISTRY",
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "base-image-username",
|
||||
Usage: "docker username for base image registry",
|
||||
EnvVar: "PLUGIN_DOCKER_USERNAME,DOCKER_USERNAME",
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "base-image-password",
|
||||
Usage: "docker password for base image registry",
|
||||
EnvVar: "PLUGIN_DOCKER_PASSWORD,DOCKER_PASSWORD",
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "base-image-registry",
|
||||
Usage: "docker registry for base image registry",
|
||||
EnvVar: "PLUGIN_DOCKER_REGISTRY,DOCKER_REGISTRY",
|
||||
},
|
||||
cli.StringSliceFlag{
|
||||
Name: "registry-mirrors",
|
||||
Usage: "docker registry mirrors",
|
||||
@@ -325,7 +342,6 @@ func main() {
|
||||
func run(c *cli.Context) error {
|
||||
noPush := c.Bool("no-push")
|
||||
jsonKey := c.String("json-key")
|
||||
|
||||
// JSON key may not be set in the following cases:
|
||||
// 1. Image does not need to be pushed to GAR.
|
||||
// 2. Workload identity is set on GKE in which pod will inherit the credentials via service account.
|
||||
@@ -333,6 +349,17 @@ func run(c *cli.Context) error {
|
||||
if err := setupGARAuth(jsonKey); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// setup docker config only when base image registry is specified
|
||||
if c.String("base-image-registry") != ""{
|
||||
if err := setDockerAuth(
|
||||
c.String("base-image-username"),
|
||||
c.String("base-image-password"),
|
||||
c.String("base-image-registry"),
|
||||
); err != nil {
|
||||
return errors.Wrap(err, "failed to create docker config")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
plugin := kaniko.Plugin{
|
||||
@@ -409,6 +436,18 @@ func run(c *cli.Context) error {
|
||||
return plugin.Exec()
|
||||
}
|
||||
|
||||
func setDockerAuth(dockerUsername, dockerPassword, dockerRegistry string) (error) {
|
||||
dockerConfig := docker.NewConfig()
|
||||
dockerRegistryCreds := docker.RegistryCredentials{
|
||||
Registry: dockerRegistry,
|
||||
Username: dockerUsername,
|
||||
Password: dockerPassword,
|
||||
}
|
||||
credentials := []docker.RegistryCredentials{dockerRegistryCreds}
|
||||
|
||||
return dockerConfig.CreateDockerConfig(credentials, dockerConfigPath)
|
||||
}
|
||||
|
||||
func setupGARAuth(jsonKey string) error {
|
||||
err := ioutil.WriteFile(garKeyPath, []byte(jsonKey), 0644)
|
||||
if err != nil {
|
||||
|
||||
+42
-3
@@ -12,12 +12,14 @@ import (
|
||||
|
||||
kaniko "github.com/drone/drone-kaniko"
|
||||
"github.com/drone/drone-kaniko/pkg/artifact"
|
||||
"github.com/drone/drone-kaniko/pkg/docker"
|
||||
)
|
||||
|
||||
const (
|
||||
dockerConfigPath string = "/kaniko/.docker"
|
||||
// GCR JSON key file path
|
||||
gcrKeyPath string = "/kaniko/config.json"
|
||||
gcrEnvVariable string = "GOOGLE_APPLICATION_CREDENTIALS"
|
||||
gcrKeyPath string = "/kaniko/config.json"
|
||||
gcrEnvVariable string = "GOOGLE_APPLICATION_CREDENTIALS"
|
||||
|
||||
defaultDigestFile string = "/kaniko/digest-file"
|
||||
)
|
||||
@@ -108,7 +110,22 @@ func main() {
|
||||
Name: "registry",
|
||||
Usage: "gcr registry",
|
||||
Value: "gcr.io",
|
||||
EnvVar: "PLUGIN_REGISTRY",
|
||||
EnvVar: "PLUGIN_REGISTRY,BASE_REGISTRY",
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "base-image-username",
|
||||
Usage: "docker username for base image registry",
|
||||
EnvVar: "PLUGIN_DOCKER_USERNAME,DOCKER_USERNAME",
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "base-image-password",
|
||||
Usage: "docker password for base image registry",
|
||||
EnvVar: "PLUGIN_DOCKER_PASSWORD,DOCKER_PASSWORD",
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "base-image-registry",
|
||||
Usage: "docker registry for base image registry",
|
||||
EnvVar: "PLUGIN_DOCKER_REGISTRY,DOCKER_REGISTRY",
|
||||
},
|
||||
cli.StringSliceFlag{
|
||||
Name: "registry-mirrors",
|
||||
@@ -334,6 +351,17 @@ func run(c *cli.Context) error {
|
||||
if err := setupGCRAuth(jsonKey); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// setup docker config only when base image registry is specified
|
||||
if c.String("base-image-registry") != ""{
|
||||
if err := setDockerAuth(
|
||||
c.String("base-image-username"),
|
||||
c.String("base-image-password"),
|
||||
c.String("base-image-registry"),
|
||||
); err != nil {
|
||||
return errors.Wrap(err, "failed to create docker config")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
plugin := kaniko.Plugin{
|
||||
@@ -410,6 +438,17 @@ func run(c *cli.Context) error {
|
||||
return plugin.Exec()
|
||||
}
|
||||
|
||||
func setDockerAuth(dockerUsername, dockerPassword, dockerRegistry string) (error) {
|
||||
dockerConfig := docker.NewConfig()
|
||||
dockerRegistryCreds := docker.RegistryCredentials{
|
||||
Registry: dockerRegistry,
|
||||
Username: dockerUsername,
|
||||
Password: dockerPassword,
|
||||
}
|
||||
credentials := []docker.RegistryCredentials{dockerRegistryCreds}
|
||||
return dockerConfig.CreateDockerConfig(credentials, dockerConfigPath)
|
||||
}
|
||||
|
||||
func setupGCRAuth(jsonKey string) error {
|
||||
err := ioutil.WriteFile(gcrKeyPath, []byte(jsonKey), 0644)
|
||||
if err != nil {
|
||||
|
||||
@@ -10,13 +10,14 @@ require (
|
||||
github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.13.8
|
||||
github.com/aws/smithy-go v1.12.0
|
||||
github.com/coreos/go-semver v0.3.0
|
||||
github.com/google/go-cmp v0.5.8
|
||||
github.com/google/go-cmp v0.5.9
|
||||
github.com/hashicorp/go-version v1.6.0
|
||||
github.com/joho/godotenv v1.4.0
|
||||
github.com/pkg/errors v0.9.1
|
||||
github.com/sirupsen/logrus v1.8.1
|
||||
github.com/sirupsen/logrus v1.9.3
|
||||
github.com/stretchr/testify v1.8.4
|
||||
github.com/urfave/cli v1.22.9
|
||||
golang.org/x/mod v0.5.1
|
||||
golang.org/x/mod v0.17.0
|
||||
)
|
||||
|
||||
require (
|
||||
@@ -30,17 +31,20 @@ require (
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.8 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/sso v1.11.12 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/sts v1.16.9 // indirect
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
|
||||
github.com/davecgh/go-spew v1.1.1 // indirect
|
||||
github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
|
||||
github.com/google/uuid v1.3.0 // indirect
|
||||
github.com/jmespath/go-jmespath v0.4.0 // indirect
|
||||
github.com/kylelemons/godebug v1.1.0 // indirect
|
||||
github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
|
||||
github.com/pmezard/go-difflib v1.0.0 // indirect
|
||||
github.com/russross/blackfriday/v2 v2.1.0 // indirect
|
||||
golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa // indirect
|
||||
golang.org/x/net v0.0.0-20220725212005-46097bf591d3 // indirect
|
||||
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect
|
||||
golang.org/x/sys v0.19.0 // indirect
|
||||
golang.org/x/text v0.3.7 // indirect
|
||||
gopkg.in/yaml.v3 v3.0.1 // indirect
|
||||
)
|
||||
|
||||
go 1.22
|
||||
go 1.22.0
|
||||
|
||||
@@ -38,8 +38,8 @@ github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J
|
||||
github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM=
|
||||
github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
|
||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
@@ -50,8 +50,9 @@ github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keL
|
||||
github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
|
||||
github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU=
|
||||
github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
|
||||
github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
|
||||
github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
||||
github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
|
||||
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
||||
github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||
github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
|
||||
github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||
@@ -77,36 +78,38 @@ github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQD
|
||||
github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
|
||||
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
|
||||
github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
|
||||
github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
|
||||
github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
|
||||
github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
|
||||
github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
|
||||
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
||||
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
|
||||
github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
|
||||
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||
github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
|
||||
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
|
||||
github.com/urfave/cli v1.22.9 h1:cv3/KhXGBGjEXLC4bH0sLuJ9BewaAbpk5oyMOveu4pw=
|
||||
github.com/urfave/cli v1.22.9/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
|
||||
golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa h1:zuSxTR4o9y82ebqCUJYNGJbGPo6sKVl54f/TVDObg1c=
|
||||
golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||
golang.org/x/mod v0.5.1 h1:OJxoQ/rynoF0dcCdI7cLPktw/hR2cueqYfjm43oqK38=
|
||||
golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
|
||||
golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
|
||||
golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
|
||||
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
|
||||
golang.org/x/net v0.0.0-20220725212005-46097bf591d3 h1:2yWTtPWWRcISTw3/o+s/Y4UOMnQL71DWyToOANFusCg=
|
||||
golang.org/x/net v0.0.0-20220725212005-46097bf591d3/go.mod h1:AaygXjzTFtRAg2ttMY5RMuhpJ3cNnI0XpyFJD1iQRSM=
|
||||
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s=
|
||||
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
|
||||
golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
|
||||
golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
|
||||
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
|
||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
|
||||
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
|
||||
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
|
||||
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
|
||||
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
|
||||
+67
-4
@@ -2,7 +2,18 @@ package docker
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
const (
|
||||
v2HubRegistryURL string = "https://registry.hub.docker.com/v2/"
|
||||
v1RegistryURL string = "https://index.docker.io/v1/" // Default registry
|
||||
v2RegistryURL string = "https://index.docker.io/v2/" // v2 registry is not supported
|
||||
)
|
||||
|
||||
type (
|
||||
@@ -12,19 +23,25 @@ type (
|
||||
|
||||
Config struct {
|
||||
Auths map[string]Auth `json:"auths"`
|
||||
CredHelpers map[string]string `json:"credHelpers"`
|
||||
CredHelpers map[string]string `json:"credHelpers,omitempty"`
|
||||
}
|
||||
)
|
||||
|
||||
type RegistryCredentials struct {
|
||||
Registry string
|
||||
Username string
|
||||
Password string
|
||||
}
|
||||
|
||||
func NewConfig() *Config {
|
||||
return &Config{
|
||||
Auths: map[string]Auth{},
|
||||
CredHelpers: map[string]string{},
|
||||
Auths: make(map[string]Auth),
|
||||
CredHelpers: make(map[string]string),
|
||||
}
|
||||
}
|
||||
|
||||
func (c *Config) SetAuth(registry, username, password string) {
|
||||
authBytes := []byte(fmt.Sprintf("%s:%s", username, password))
|
||||
authBytes := []byte(username + ":" + password)
|
||||
encodedString := base64.StdEncoding.EncodeToString(authBytes)
|
||||
c.Auths[registry] = Auth{Auth: encodedString}
|
||||
}
|
||||
@@ -32,3 +49,49 @@ func (c *Config) SetAuth(registry, username, password string) {
|
||||
func (c *Config) SetCredHelper(registry, helper string) {
|
||||
c.CredHelpers[registry] = helper
|
||||
}
|
||||
|
||||
func (c *Config) CreateDockerConfig(credentials []RegistryCredentials, dockerPath string) error {
|
||||
for _, cred := range credentials {
|
||||
if cred.Registry != "" {
|
||||
// update v2 docker registry to v1
|
||||
if cred.Registry == v2RegistryURL || cred.Registry == v2HubRegistryURL {
|
||||
fmt.Printf("Docker v2 registry '%s' is not supported in kaniko. Refer issue: https://github.com/GoogleContainerTools/kaniko/issues/1209\n", cred.Registry)
|
||||
fmt.Printf("Using v1 registry instead: %s\n", v1RegistryURL)
|
||||
cred.Registry = v1RegistryURL
|
||||
}
|
||||
|
||||
if cred.Username == "" {
|
||||
return fmt.Errorf("Username must be specified for registry: %s", cred.Registry)
|
||||
}
|
||||
if cred.Password == "" {
|
||||
return fmt.Errorf("Password must be specified for registry: %s", cred.Registry)
|
||||
}
|
||||
c.SetAuth(cred.Registry, cred.Username, cred.Password)
|
||||
}
|
||||
}
|
||||
jsonBytes, err := json.Marshal(c)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "failed to serialize docker config json")
|
||||
}
|
||||
if err := WriteDockerConfig(jsonBytes, dockerPath); err != nil {
|
||||
return errors.Wrap(err, fmt.Sprintf("failed to write docker config to path: %s", dockerPath))
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func WriteDockerConfig(data []byte, path string) (string error) {
|
||||
err := os.MkdirAll(path, 0600)
|
||||
if err != nil {
|
||||
if !os.IsExist(err) {
|
||||
return errors.Wrap(err, fmt.Sprintf("failed to create %s directory", path))
|
||||
}
|
||||
}
|
||||
|
||||
filePath := path + "/config.json"
|
||||
|
||||
err = ioutil.WriteFile(filePath, data, 0644)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, fmt.Sprintf("failed to create docker config file at %s", path))
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -2,24 +2,71 @@ package docker
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestConfig(t *testing.T) {
|
||||
c := NewConfig()
|
||||
assert.NotNil(t, c.Auths)
|
||||
assert.NotNil(t, c.CredHelpers)
|
||||
|
||||
c.SetAuth(RegistryV1, "test", "password")
|
||||
expectedAuth := Auth{Auth: "dGVzdDpwYXNzd29yZA=="}
|
||||
assert.Equal(t, expectedAuth, c.Auths[RegistryV1])
|
||||
|
||||
c.SetCredHelper(RegistryECRPublic, "ecr-login")
|
||||
assert.Equal(t, "ecr-login", c.CredHelpers[RegistryECRPublic])
|
||||
|
||||
bytes, err := json.Marshal(c)
|
||||
if err != nil {
|
||||
t.Error("json marshal failed")
|
||||
tempDir, err := ioutil.TempDir("", "docker-config-test")
|
||||
assert.NoError(t, err)
|
||||
defer os.RemoveAll(tempDir)
|
||||
|
||||
credentials := []RegistryCredentials{
|
||||
{
|
||||
Registry: "https://index.docker.io/v1/",
|
||||
Username: "user1",
|
||||
Password: "pass1",
|
||||
},
|
||||
{
|
||||
Registry: "gcr.io",
|
||||
Username: "user2",
|
||||
Password: "pass2",
|
||||
},
|
||||
}
|
||||
|
||||
want := `{"auths":{"https://index.docker.io/v1/":{"auth":"dGVzdDpwYXNzd29yZA=="}},"credHelpers":{"public.ecr.aws":"ecr-login"}}`
|
||||
got := string(bytes)
|
||||
err = c.CreateDockerConfig(credentials, tempDir)
|
||||
assert.NoError(t, err)
|
||||
|
||||
if want != got {
|
||||
t.Errorf("unexpected json output:\n want: %s\n got: %s", want, got)
|
||||
}
|
||||
configPath := filepath.Join(tempDir, "config.json")
|
||||
data, err := ioutil.ReadFile(configPath)
|
||||
assert.NoError(t, err)
|
||||
|
||||
var configFromFile Config
|
||||
err = json.Unmarshal(data, &configFromFile)
|
||||
assert.NoError(t, err)
|
||||
|
||||
assert.Equal(t, c.Auths, configFromFile.Auths)
|
||||
assert.Equal(t, c.CredHelpers, configFromFile.CredHelpers)
|
||||
}
|
||||
|
||||
func TestWriteDockerConfig(t *testing.T) {
|
||||
tempDir, err := ioutil.TempDir("", "docker-config-test")
|
||||
assert.NoError(t, err)
|
||||
defer os.RemoveAll(tempDir)
|
||||
|
||||
data := []byte(`{"auths":{"https://index.docker.io/v1/":{"auth":"dGVzdDpwYXNzd29yZA=="}}}`)
|
||||
err = WriteDockerConfig(data, tempDir)
|
||||
assert.NoError(t, err)
|
||||
|
||||
configPath := filepath.Join(tempDir, "config.json")
|
||||
_, err = os.Stat(configPath)
|
||||
assert.NoError(t, err)
|
||||
|
||||
err = WriteDockerConfig(data, "/invalid/path")
|
||||
assert.Error(t, err)
|
||||
}
|
||||
|
||||
@@ -1,35 +0,0 @@
|
||||
package docker
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
// Create the docker config file for authentication
|
||||
func CreateDockerCfgFile(username, password, registry, path string) error {
|
||||
if username == "" {
|
||||
return fmt.Errorf("Username must be specified")
|
||||
}
|
||||
if password == "" {
|
||||
return fmt.Errorf("Password must be specified")
|
||||
}
|
||||
|
||||
err := os.MkdirAll(path, 0600)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, fmt.Sprintf("failed to create %s directory", path))
|
||||
}
|
||||
|
||||
authBytes := []byte(fmt.Sprintf("%s:%s", username, password))
|
||||
encodedString := base64.StdEncoding.EncodeToString(authBytes)
|
||||
jsonBytes := []byte(fmt.Sprintf(`{"auths": {"%s": {"auth": "%s"}}}`, "https://"+registry, encodedString))
|
||||
filePath := path + "/config.json"
|
||||
err = ioutil.WriteFile(filePath, jsonBytes, 0644)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "failed to create docker config file")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
Reference in New Issue
Block a user