config override

added option to use overriden docker config
2026-06-04 18:23:50 +08:00 · 2022-11-04 19:50:04 +05:30 · 2022-11-04 19:49:25 +05:30 · 2022-11-04 19:48:03 +05:30 · 2022-11-03 16:53:33 +05:30 · 2022-11-02 17:12:34 +05:30
3 changed files with 95 additions and 29 deletions
@@ -9,6 +9,7 @@ import (
 	"net/http"
 	"net/url"
 	"os"
+	"strings"

 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
@@ -29,6 +30,7 @@ const (
 	certPathEnv        string = "AZURE_CLIENT_CERTIFICATE_PATH"
 	dockerConfigPath   string = "/kaniko/.docker"
 	defaultDigestFile  string = "/kaniko/digest-file"
+	finalUrl           string = "https://portal.azure.com/#view/Microsoft_Azure_ContainerRegistries/TagMetadataBlade/registryId/"
 )

 var (
@@ -139,6 +141,11 @@ func main() {
 			Usage:  "Azure Tenant Id",
 			EnvVar: "TENANT_ID",
 		},
+		cli.StringFlag{
+			Name:   "subscription-id",
+			Usage:  "Azure Subscription Id",
+			EnvVar: "SUBSCRIPTION_ID",
+		},
 		cli.StringFlag{
 			Name:   "client-id",
 			Usage:  "Azure Client Id",
@@ -210,11 +217,12 @@ func run(c *cli.Context) error {
 	registry := c.String("registry")
 	noPush := c.Bool("no-push")

-	err := createDockerConfig(
+	publicUrl, err := setupAuth(
 		c.String("tenant-id"),
 		c.String("client-id"),
 		c.String("client-cert"),
 		c.String("client-secret"),
+		c.String("subscription-id"),
 		registry,
 		noPush,
 	)
@@ -250,7 +258,7 @@ func run(c *cli.Context) error {
 		Artifact: kaniko.Artifact{
 			Tags:         c.StringSlice("tags"),
 			Repo:         c.String("repo"),
-			Registry:     c.String("registry"),
+			Registry:     publicUrl, // this is public url on which the artifact can be seen
 			ArtifactFile: c.String("artifact-file"),
 			RegistryType: artifact.Docker,
 		},
@@ -258,46 +266,45 @@ func run(c *cli.Context) error {
 	return plugin.Exec()
 }

-func createDockerConfig(tenantId, clientId, cert,
-	clientSecret, registry string, noPush bool) error {
+func setupAuth(tenantId, clientId, cert,
+	clientSecret, subscriptionId, registry string, noPush bool) (string, error) {
 	if registry == "" {
-		return fmt.Errorf("registry must be specified")
+		return "", fmt.Errorf("registry must be specified")
 	}

 	if noPush {
-		return nil
+		return "", nil
 	}

 	// case of client secret or cert based auth
 	if clientId != "" {
 		// only setup auth when pushing or credentials are defined

-		token, err := getACRToken(tenantId, clientId, clientSecret, cert, registry)
+		token, publicUrl, err := getACRToken(subscriptionId, tenantId, clientId, clientSecret, cert, registry)
 		if err != nil {
-			return errors.Wrap(err, "failed to fetch ACR Token")
+			return "", errors.Wrap(err, "failed to fetch ACR Token")
 		}
 		err = docker.CreateDockerCfgFile(username, token, registry, dockerConfigPath)
 		if err != nil {
-			return errors.Wrap(err, "failed to create docker config")
+			return "", errors.Wrap(err, "failed to create docker config")
 		}
+		return publicUrl, nil
 	} else {
-		return fmt.Errorf("managed authentication is not supported")
+		return "", fmt.Errorf("managed authentication is not supported")
 	}
-
-	return nil
 }

-func getACRToken(tenantId, clientId, clientSecret, cert, registry string) (string, error) {
+func getACRToken(subscriptionId, tenantId, clientId, clientSecret, cert, registry string) (string, string, error) {
 	if tenantId == "" {
-		return "", fmt.Errorf("tenantId can't be empty for AAD authentication")
+		return "", "", fmt.Errorf("tenantId can't be empty for AAD authentication")
 	}

 	if clientId == "" {
-		return "", fmt.Errorf("clientId can't be empty for AAD authentication")
+		return "", "", fmt.Errorf("clientId can't be empty for AAD authentication")
 	}

 	if clientSecret == "" && cert == "" {
-		return "", fmt.Errorf("one of client secret or cert should be defined")
+		return "", "", fmt.Errorf("one of client secret or cert should be defined")
 	}

 	// in case of authentication via cert
@@ -309,21 +316,22 @@ func getACRToken(tenantId, clientId, clientSecret, cert, registry string) (strin
 	}

 	if err := os.Setenv(clientIdEnv, clientId); err != nil {
-		return "", errors.Wrap(err, "failed to set env variable client Id")
+		return "", "", errors.Wrap(err, "failed to set env variable client Id")
 	}
 	if err := os.Setenv(clientSecretKeyEnv, clientSecret); err != nil {
-		return "", errors.Wrap(err, "failed to set env variable client secret")
+		return "", "", errors.Wrap(err, "failed to set env variable client secret")
 	}
 	if err := os.Setenv(tenantKeyEnv, tenantId); err != nil {
-		return "", errors.Wrap(err, "failed to set env variable tenant Id")
+		return "", "", errors.Wrap(err, "failed to set env variable tenant Id")
 	}
 	if err := os.Setenv(certPathEnv, ACRCertPath); err != nil {
-		return "", errors.Wrap(err, "failed to set env variable cert path")
+		return "", "", errors.Wrap(err, "failed to set env variable cert path")
 	}
 	env, err := azidentity.NewEnvironmentCredential(nil)
 	if err != nil {
-		return "", errors.Wrap(err, "failed to get env credentials from azure")
+		return "", "", errors.Wrap(err, "failed to get env credentials from azure")
 	}
+
 	policy := policy.TokenRequestOptions{
 		Scopes: []string{"https://management.azure.com/.default"},
 	}
@@ -334,14 +342,20 @@ func getACRToken(tenantId, clientId, clientSecret, cert, registry string) (strin

 	azToken, err := env.GetToken(context.Background(), policy)
 	if err != nil {
-		return "", errors.Wrap(err, "failed to fetch access token")
+		return "", "", errors.Wrap(err, "failed to fetch access token")
+	}
+
+	publicUrl, err := getPublicUrl(azToken.Token, registry, subscriptionId)
+	if err != nil {
+		// execution should not fail because of this error.
+		fmt.Fprintf(os.Stderr, "failed to get public url with error: %s\n", err)
 	}

 	ACRToken, err := fetchACRToken(tenantId, azToken.Token, registry)
 	if err != nil {
-		return "", errors.Wrap(err, "failed to fetch ACR token")
+		return "", "", errors.Wrap(err, "failed to fetch ACR token")
 	}
-	return ACRToken, nil
+	return ACRToken, publicUrl, nil
 }

 func fetchACRToken(tenantId, token, registry string) (string, error) {
@@ -385,3 +399,48 @@ func setupACRCert(cert string) error {
 	}
 	return nil
 }
+
+func getPublicUrl(token, registryUrl, subscriptionId string) (string, error) {
+	// for backward compatibilty, if the subscription id is not defined, do not fail step.
+	if len(subscriptionId) == 0 {
+		return "", nil
+	}
+
+	registry := strings.Split(registryUrl, ".")[0]
+	burl := "https://management.azure.com/subscriptions/" +
+		subscriptionId + "/resources?$filter=resourceType%20eq%20'Microsoft.ContainerRegistry/registries'%20and%20name%20eq%20'" +
+		registry + "'&api-version=2021-04-01&$select=id"
+
+	method := "GET"
+	client := &http.Client{}
+	req, err := http.NewRequest(method, burl, nil)
+	if err != nil {
+		fmt.Println(err)
+		return "", errors.Wrap(err, "failed to create request for getting container registry setting")
+	}
+
+	req.Header.Add("Authorization", "Bearer "+token)
+	res, err := client.Do(req)
+	if err != nil {
+		fmt.Println(err)
+		return "", errors.Wrap(err, "failed to send request for getting container registry setting")
+	}
+	defer res.Body.Close()
+
+	var response strct
+	err = json.NewDecoder(res.Body).Decode(&response)
+	if err != nil {
+		return "", errors.Wrap(err, "failed to send request for getting container registry setting")
+	}
+	return finalUrl + encodeParam(response.Value[0].ID), nil
+}
+
+func encodeParam(s string) string {
+	return url.QueryEscape(s)
+}
+
+type strct struct {
+	Value []struct {
+		ID string `json:"id"`
+	} `json:"value"`
+}
@@ -90,6 +90,11 @@ func main() {
 			Usage:  "enable auto generation of build tags",
 			EnvVar: "PLUGIN_AUTO_TAG",
 		},
+		cli.BoolFlag{
+			Name:   "dockerconfig-override",
+			Usage:  "enable auto generation of build tags",
+			EnvVar: "PLUGIN_DOCKERCONFIG_OVERRIDE",
+		},
 		cli.StringFlag{
 			Name:   "auto-tag-suffix",
 			Usage:  "the suffix of auto build tags",
@@ -196,9 +201,11 @@ func main() {
 func run(c *cli.Context) error {
 	username := c.String("username")
 	noPush := c.Bool("no-push")
+	// use the dockerconfig present at the path instead of creating one
+	configOverride := c.Bool("dockerconfig-override")

-	// only setup auth when pushing or credentials are defined
-	if !noPush || username != "" {
+	// only setup auth when pushing or credentials are defined and docker config override is false
+	if (!noPush || username != "") && !configOverride {
 		if err := createDockerCfgFile(username, c.String("password"), c.String("registry")); err != nil {
 			return err
 		}
@@ -1,4 +1,4 @@
-image: plugins/kaniko:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}
+image: plugins/kaniko-acr:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}
 {{#if build.tags}}
 tags:
 {{#each build.tags}}
@@ -7,12 +7,12 @@ tags:
 {{/if}}
 manifests:
  -
-    image: plugins/kaniko:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-amd64
+    image: plugins/kaniko-acr:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-amd64
    platform:
      architecture: amd64
      os: linux
  -
-    image: plugins/kaniko:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm64
+    image: plugins/kaniko-acr:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm64
    platform:
      architecture: arm64
      os: linux
Author	SHA1	Message	Date
Aman Singh	190fbefe91	config override	2022-11-04 19:50:04 +05:30
Aman Singh	48f6e72954	config override	2022-11-04 19:49:25 +05:30
Aman Singh	1bee1629c2	added option to use overriden docker config	2022-11-04 19:48:03 +05:30
Aman Singh	34cfbdfbd5	Merge pull request #65 from aman-harness/aman/acr-artifact fixed public url in code for acr	2022-11-03 16:53:33 +05:30
Aman Singh	d11c254840	fixed test	2022-11-02 17:12:34 +05:30
Aman Singh	7d751135b1	fixed url	2022-11-02 16:20:54 +05:30
Aman Singh	54f2fe097a	fixed url	2022-11-02 16:17:23 +05:30
Aman Singh	9c899979ff	fixed url	2022-11-02 16:09:57 +05:30
Aman Singh	6ac1efad25	fixed url	2022-11-02 15:58:40 +05:30
Aman Singh	128a2d77c0	fixed minor changes	2022-11-02 12:36:19 +05:30
Aman Singh	69e789b294	removed prints statements	2022-11-02 12:23:26 +05:30
Aman Singh	000711c7f1	fixed public url in code for acr	2022-11-02 11:50:39 +05:30
Jamie Li	864a7e5319	Fix manifest of ACR (#62 )	2022-08-18 11:52:19 +05:30