From 7b442a53ff7af4f6fb8aa848851a90f549570b7e Mon Sep 17 00:00:00 2001 From: Aishwarya Lad <67022814+Aishwarya-Lad@users.noreply.github.com> Date: Fri, 26 Apr 2024 12:54:08 -0700 Subject: [PATCH] Modify docker config to add base connector (#115) * add config for base connector * fix permissions code * add gar step support * add gar step support * reformat code, add support for gar and acr * remove logs * address review comments * delete bin file --- cmd/kaniko-acr/main.go | 47 ++++++++- cmd/kaniko-acr/main_test.go | 171 +++++++++++++++++++++++++++++++++ cmd/kaniko-docker/main.go | 105 ++++++++++---------- cmd/kaniko-docker/main_test.go | 58 +++++++++++ cmd/kaniko-ecr/main.go | 62 ++++++------ cmd/kaniko-ecr/main_test.go | 148 ++++++---------------------- cmd/kaniko-gar/main.go | 45 ++++++++- cmd/kaniko-gcr/main.go | 45 ++++++++- go.mod | 16 +-- go.sum | 31 +++--- pkg/docker/config.go | 71 +++++++++++++- pkg/docker/config_test.go | 63 ++++++++++-- pkg/docker/docker_file.go | 35 ------- 13 files changed, 618 insertions(+), 279 deletions(-) create mode 100644 cmd/kaniko-acr/main_test.go delete mode 100644 pkg/docker/docker_file.go diff --git a/cmd/kaniko-acr/main.go b/cmd/kaniko-acr/main.go index 5eb3a09..e6968e6 100644 --- a/cmd/kaniko-acr/main.go +++ b/cmd/kaniko-acr/main.go @@ -23,12 +23,11 @@ import ( ) const ( - dockerPath string = "/kaniko/.docker" clientIdEnv string = "AZURE_CLIENT_ID" clientSecretKeyEnv string = "AZURE_CLIENT_SECRET" + dockerConfigPath string = "/kaniko/.docker" tenantKeyEnv string = "AZURE_TENANT_ID" certPathEnv string = "AZURE_CLIENT_CERTIFICATE_PATH" - dockerConfigPath string = "/kaniko/.docker" defaultDigestFile string = "/kaniko/digest-file" finalUrl string = "https://portal.azure.com/#view/Microsoft_Azure_ContainerRegistries/TagMetadataBlade/registryId/" ) @@ -122,6 +121,21 @@ func main() { Usage: "ACR registry", EnvVar: "PLUGIN_REGISTRY", }, + cli.StringFlag{ + Name: "base-image-registry", + Usage: "docker registry for base image registry", + EnvVar: "PLUGIN_DOCKER_REGISTRY,DOCKER_REGISTRY", + }, + cli.StringFlag{ + Name: "base-image-username", + Usage: "docker username for base image registry", + EnvVar: "PLUGIN_DOCKER_USERNAME,DOCKER_USERNAME", + }, + cli.StringFlag{ + Name: "base-image-password", + Usage: "docker password for base image registry", + EnvVar: "PLUGIN_DOCKER_PASSWORD,DOCKER_PASSWORD", + }, cli.StringSliceFlag{ Name: "registry-mirrors", Usage: "docker registry mirrors", @@ -376,6 +390,9 @@ func run(c *cli.Context) error { c.String("client-secret"), c.String("subscription-id"), registry, + c.String("base-image-username"), + c.String("base-image-password"), + c.String("base-image-registry"), noPush, ) if err != nil { @@ -457,7 +474,7 @@ func run(c *cli.Context) error { } func setupAuth(tenantId, clientId, cert, - clientSecret, subscriptionId, registry string, noPush bool) (string, error) { + clientSecret, subscriptionId, registry, dockerUsername, dockerPassword, dockerRegistry string, noPush bool) (string, error) { if registry == "" { return "", fmt.Errorf("registry must be specified") } @@ -474,8 +491,9 @@ func setupAuth(tenantId, clientId, cert, if err != nil { return "", errors.Wrap(err, "failed to fetch ACR Token") } - err = docker.CreateDockerCfgFile(username, token, registry, dockerConfigPath) - if err != nil { + + // setup docker config for azure registry and base image docker registry + if err := setDockerAuth(username, token, registry, dockerUsername, dockerPassword, dockerRegistry); err != nil { return "", errors.Wrap(err, "failed to create docker config") } return publicUrl, nil @@ -649,6 +667,25 @@ func getPublicUrl(token, registryUrl, subscriptionId string) (string, error) { return "", errors.New("did not receive any registry information from /subscriptions API") } +func setDockerAuth(username, password, registry, dockerUsername, dockerPassword, dockerRegistry string) error { + dockerConfig := docker.NewConfig() + pushToRegistryCreds := docker.RegistryCredentials{ + Registry: registry, + Username: username, + Password: password, + } + + pullFromRegistryCreds := docker.RegistryCredentials{ + Registry: dockerRegistry, + Username: dockerUsername, + Password: dockerPassword, + } + + credentials := []docker.RegistryCredentials{pushToRegistryCreds, pullFromRegistryCreds} + return dockerConfig.CreateDockerConfig(credentials, dockerConfigPath) + +} + func encodeParam(s string) string { return url.QueryEscape(s) } diff --git a/cmd/kaniko-acr/main_test.go b/cmd/kaniko-acr/main_test.go new file mode 100644 index 0000000..d2a0ae9 --- /dev/null +++ b/cmd/kaniko-acr/main_test.go @@ -0,0 +1,171 @@ +package main + +import ( + "encoding/base64" + "encoding/json" + "io/ioutil" + "os" + "path/filepath" + "testing" + + "github.com/drone/drone-kaniko/pkg/docker" + "github.com/stretchr/testify/assert" +) + +const ( + v2RegistryURL string = "https://index.docker.io/v2/" // v2 registry is not supported +) + +func TestCreateDockerConfigWithBaseRegistry(t *testing.T) { + username := "user1" + password := "pass1" + registry := "azurecr.io" + dockerUsername := "dockeruser" + dockerPassword := "dockerpass" + dockerRegistry := "https://index.docker.io/v1/" + privateRegistry := "privateDockerRegistry" + privateRegistryUsername := "priaveUsername" + privateRegistryPassword := "privatePassword" + + credentials := []docker.RegistryCredentials{ + { + Registry: registry, + Username: username, + Password: password, + }, + { + Registry: dockerRegistry, + Username: dockerUsername, + Password: dockerPassword, + }, + { + Registry: privateRegistry, + Username: privateRegistryUsername, + Password: privateRegistryPassword, + }, + } + + tempDir, err := ioutil.TempDir("", "docker-config-test") + assert.NoError(t, err) + defer os.RemoveAll(tempDir) + + config := docker.NewConfig() + err = config.CreateDockerConfig(credentials, tempDir) + assert.NoError(t, err) + + expectedAuth := docker.Auth{Auth: base64.StdEncoding.EncodeToString([]byte(username + ":" + password))} + assert.Equal(t, expectedAuth, config.Auths[registry]) + + expectedDockerAuth := docker.Auth{Auth: base64.StdEncoding.EncodeToString([]byte(dockerUsername + ":" + dockerPassword))} + assert.Equal(t, expectedDockerAuth, config.Auths[dockerRegistry]) + + configPath := filepath.Join(tempDir, "config.json") + data, err := ioutil.ReadFile(configPath) + assert.NoError(t, err) + + var configFromFile docker.Config + err = json.Unmarshal(data, &configFromFile) + assert.NoError(t, err) + + assert.Equal(t, config.Auths, configFromFile.Auths) + + err = config.CreateDockerConfig([]docker.RegistryCredentials{ + { + Registry: registry, + Username: "", + Password: password, + }, + }, tempDir) + assert.EqualError(t, err, "Username must be specified for registry: "+registry) + + err = config.CreateDockerConfig([]docker.RegistryCredentials{ + { + Registry: registry, + Username: username, + Password: "", + }, + }, tempDir) + assert.EqualError(t, err, "Password must be specified for registry: "+registry) + + // v1 registry but without username password + err = config.CreateDockerConfig([]docker.RegistryCredentials{ + { + Registry: registry, + Username: username, + Password: password, + }, + { + Registry: dockerRegistry, + Username: "", + Password: "", + }, + }, tempDir) + assert.NoError(t, err) + + // v2 registry but without username password + err = config.CreateDockerConfig([]docker.RegistryCredentials{ + { + Registry: registry, + Username: username, + Password: password, + }, + { + Registry: v2RegistryURL, + Username: "", + Password: "", + }, + }, tempDir) + assert.NoError(t, err) + + // private base registry without username/password + err = config.CreateDockerConfig([]docker.RegistryCredentials{ + { + Registry: privateRegistry, + Username: "", + Password: "", + }, + }, tempDir) + assert.EqualError(t, err, "Username must be specified for registry: "+privateRegistry) + +} + +func TestCreateDockerConfigWithoutBaseRegistry(t *testing.T) { + username := "user1" + password := "pass1" + registry := "azurecr.io" + + credentials := []docker.RegistryCredentials{ + { + Registry: registry, + Username: username, + Password: password, + }, + } + + // Create a temporary directory + tempDir, err := ioutil.TempDir("", "docker-config-test") + assert.NoError(t, err) + defer os.RemoveAll(tempDir) + + config := docker.NewConfig() + err = config.CreateDockerConfig(credentials, tempDir) + assert.NoError(t, err) + + expectedAuth := docker.Auth{Auth: base64.StdEncoding.EncodeToString([]byte(username + ":" + password))} + assert.Equal(t, expectedAuth, config.Auths[registry]) + + // Check the contents of the config.json file + configPath := filepath.Join(tempDir, "config.json") + data, err := ioutil.ReadFile(configPath) + assert.NoError(t, err) + + var configFromFile docker.Config + err = json.Unmarshal(data, &configFromFile) + assert.NoError(t, err) + + assert.Equal(t, config.Auths, configFromFile.Auths) + + // Check if the public Docker Hub auth is not set + _, exists := config.Auths[""] + assert.False(t, exists) +} \ No newline at end of file diff --git a/cmd/kaniko-docker/main.go b/cmd/kaniko-docker/main.go index d1b5de2..5382c26 100644 --- a/cmd/kaniko-docker/main.go +++ b/cmd/kaniko-docker/main.go @@ -1,9 +1,6 @@ package main import ( - "encoding/base64" - "fmt" - "io/ioutil" "os" "strings" @@ -14,6 +11,7 @@ import ( kaniko "github.com/drone/drone-kaniko" "github.com/drone/drone-kaniko/pkg/artifact" + "github.com/drone/drone-kaniko/pkg/docker" ) const ( @@ -21,9 +19,7 @@ const ( dockerPath string = "/kaniko/.docker" dockerConfigPath string = "/kaniko/.docker/config.json" - v1RegistryURL string = "https://index.docker.io/v1/" // Default registry - v2RegistryURL string = "https://index.docker.io/v2/" // v2 registry is not supported - v2HubRegistryURL string = "https://registry.hub.docker.com/v2/" + v1RegistryURL string = "https://index.docker.io/v1/" // Default registry defaultDigestFile string = "/kaniko/digest-file" ) @@ -122,10 +118,15 @@ func main() { }, cli.StringFlag{ Name: "registry", - Usage: "docker registry", + Usage: "docker registry of registry to push image to", Value: v1RegistryURL, EnvVar: "PLUGIN_REGISTRY", }, + cli.StringFlag{ + Name: "base-image-registry", + Usage: "docker registry for base image registry", + EnvVar: "PLUGIN_DOCKER_REGISTRY,DOCKER_REGISTRY", + }, cli.StringSliceFlag{ Name: "registry-mirrors", Usage: "docker registry mirrors", @@ -133,14 +134,24 @@ func main() { }, cli.StringFlag{ Name: "username", - Usage: "docker username", + Usage: "docker username of registry to push image to", EnvVar: "PLUGIN_USERNAME", }, + cli.StringFlag{ + Name: "base-image-username", + Usage: "docker username for base image registry", + EnvVar: "PLUGIN_DOCKER_USERNAME,DOCKER_USERNAME", + }, cli.StringFlag{ Name: "password", - Usage: "docker password", + Usage: "docker password of registry to push image to", EnvVar: "PLUGIN_PASSWORD", }, + cli.StringFlag{ + Name: "base-image-password", + Usage: "docker password for base image registry", + EnvVar: "PLUGIN_DOCKER_PASSWORD,DOCKER_PASSWORD", + }, cli.BoolFlag{ Name: "skip-tls-verify", Usage: "Skip registry tls verify", @@ -363,16 +374,23 @@ func run(c *cli.Context) error { username := c.String("username") noPush := c.Bool("no-push") configOverride := c.String("dockerconfig") - - // if configOverride is provided, use this for docker auth + // if configOverride is provided, use this directly to write to docker config file if len(configOverride) > 0 { - if err := writeDockerCfgFile([]byte(configOverride)); err != nil { + if err := docker.WriteDockerConfig([]byte(configOverride), dockerPath); err != nil { return err } } else if !noPush || username != "" { - // setup auth when pushing or credentials are defined and docker config override is false - if err := createDockerCfgFile(username, c.String("password"), c.String("registry")); err != nil { - return err + // setup auth when pushing/pulling or credentials are defined and docker config override is false + err := setDockerAuth( + c.String("username"), + c.String("password"), + c.String("registry"), + c.String("base-image-username"), + c.String("base-image-password"), + c.String("base-image-registry"), + ) + if err != nil { + return errors.Wrap(err, "failed to create docker config") } } @@ -430,8 +448,9 @@ func run(c *cli.Context) error { SkipTLSVerifyRegistry: c.Bool("skip-tls-verify-registry"), UseNewRun: c.Bool("use-new-run"), IgnorePath: c.String("ignore-path"), - ImageFSExtractRetry: c.Int("image-fs-extract-retry"), - ImageDownloadRetry: c.Int("image-download-retry"), + + ImageFSExtractRetry: c.Int("image-fs-extract-retry"), + ImageDownloadRetry: c.Int("image-download-retry"), }, Artifact: kaniko.Artifact{ Tags: c.StringSlice("tags"), @@ -455,45 +474,25 @@ func run(c *cli.Context) error { return plugin.Exec() } -// Create the docker config file for authentication -func createDockerCfgFile(username, password, registry string) error { - if username == "" { - return fmt.Errorf("Username must be specified") - } - if password == "" { - return fmt.Errorf("Password must be specified") - } - if registry == "" { - return fmt.Errorf("Registry must be specified") +func setDockerAuth(username, password, registry, baseImageUsername, baseImagePassword, baseImageRegistry string) error { + dockerConfig := docker.NewConfig() + pushToRegistryCreds := docker.RegistryCredentials{ + Registry: registry, + Username: username, + Password: password, } + credentials := []docker.RegistryCredentials{pushToRegistryCreds} - if registry == v2RegistryURL || registry == v2HubRegistryURL { - fmt.Println("Docker v2 registry is not supported in kaniko. Refer issue: https://github.com/GoogleContainerTools/kaniko/issues/1209") - fmt.Printf("Using v1 registry instead: %s\n", v1RegistryURL) - registry = v1RegistryURL + if baseImageRegistry != "" { + pullFromRegistryCreds := docker.RegistryCredentials{ + Registry: baseImageRegistry, + Username: baseImageUsername, + Password: baseImagePassword, + } + credentials = append(credentials, pullFromRegistryCreds) } - - authBytes := []byte(fmt.Sprintf("%s:%s", username, password)) - encodedString := base64.StdEncoding.EncodeToString(authBytes) - jsonBytes := []byte(fmt.Sprintf(`{"auths": {"%s": {"auth": "%s"}}}`, registry, encodedString)) - - if err := writeDockerCfgFile(jsonBytes); err != nil { - return errors.Wrap(err, "failed to write docker config file") - } - return nil -} - -// Write json bytes in the docker config file -func writeDockerCfgFile(jsonBytes []byte) error { - err := os.MkdirAll(dockerPath, 0600) - if err != nil { - return errors.Wrap(err, fmt.Sprintf("failed to create %s directory", dockerPath)) - } - err = ioutil.WriteFile(dockerConfigPath, jsonBytes, 0644) - if err != nil { - return errors.Wrap(err, "failed to create docker config file") - } - return nil + // Creates docker config for both the regustries used for authentication + return dockerConfig.CreateDockerConfig(credentials, dockerPath) } func buildRepo(registry, repo string, expandRepo bool) string { diff --git a/cmd/kaniko-docker/main_test.go b/cmd/kaniko-docker/main_test.go index 1691a5d..4d2d142 100644 --- a/cmd/kaniko-docker/main_test.go +++ b/cmd/kaniko-docker/main_test.go @@ -35,3 +35,61 @@ func Test_buildRepo(t *testing.T) { }) } } + +func TestCreateDockerConfigFromGivenRegistry(t *testing.T) { + tests := []struct { + name string + username string + password string + registry string + dockerUsername string + dockerPassword string + dockerRegistry string + wantErr bool + }{ + { + name: "valid credentials", + username: "testuser", + password: "testpassword", + registry: "https://index.docker.io/v1/", + wantErr: false, + }, + { + name: "v2 registry", + username: "testuser", + password: "testpassword", + registry: "https://index.docker.io/v2/", + wantErr: false, + }, + { + name: "docker registry credentials", + username: "testuser", + password: "testpassword", + registry: "https://index.docker.io/v1/", + dockerUsername: "dockeruser", + dockerPassword: "dockerpassword", + dockerRegistry: "https://docker.io", + wantErr: false, + }, + { + name: "empty docker registry", + username: "testuser", + password: "testpassword", + registry: "https://index.docker.io/v1/", + dockerUsername: "dockeruser", + dockerPassword: "", + dockerRegistry: "https://docker.io", + wantErr: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + err := createDockerConfig(tt.username, tt.password, tt.registry, tt.dockerUsername, tt.dockerPassword, tt.dockerRegistry) + if (err != nil) != tt.wantErr { + t.Errorf("createDockerConfig() error = %v, wantErr %v", err, tt.wantErr) + return + } + }) + } +} diff --git a/cmd/kaniko-ecr/main.go b/cmd/kaniko-ecr/main.go index 050c0bc..8ecde1f 100644 --- a/cmd/kaniko-ecr/main.go +++ b/cmd/kaniko-ecr/main.go @@ -3,7 +3,6 @@ package main import ( "context" "encoding/base64" - "encoding/json" "fmt" "io/ioutil" "os" @@ -32,8 +31,8 @@ import ( const ( accessKeyEnv string = "AWS_ACCESS_KEY_ID" + dockerConfigPath string = "/kaniko/.docker" secretKeyEnv string = "AWS_SECRET_ACCESS_KEY" - dockerConfigPath string = "/kaniko/.docker/config.json" ecrPublicDomain string = "public.ecr.aws" kanikoVersionEnv string = "KANIKO_VERSION" @@ -67,18 +66,18 @@ func main() { }, cli.StringFlag{ Name: "docker-registry", - Usage: "docker registry", + Usage: "docker registry for base image registry", EnvVar: "PLUGIN_DOCKER_REGISTRY,DOCKER_REGISTRY", }, cli.StringFlag{ Name: "docker-username", - Usage: "docker username", - EnvVar: "PLUGIN_USERNAME,DOCKER_USERNAME", + Usage: "docker username for base image registry", + EnvVar: "PLUGIN_USERNAME,PLUGIN_DOCKER_USERNAME,DOCKER_USERNAME", }, cli.StringFlag{ Name: "docker-password", Usage: "docker password", - EnvVar: "PLUGIN_PASSWORD,DOCKER_PASSWORD", + EnvVar: "PLUGIN_PASSWORD,PLUGIN_DOCKER_PASSWORD,DOCKER_PASSWORD", }, cli.StringFlag{ Name: "context", @@ -400,7 +399,8 @@ func run(c *cli.Context) error { assumeRole := c.String("assume-role") externalId := c.String("external-id") - dockerConfig, err := createDockerConfig( + // setup docker config for azure registry and base image docker registry + err := setDockerAuth( c.String("docker-registry"), c.String("docker-username"), c.String("docker-password"), @@ -413,16 +413,7 @@ func run(c *cli.Context) error { noPush, ) if err != nil { - return err - } - - jsonBytes, err := json.Marshal(dockerConfig) - if err != nil { - return err - } - - if err := ioutil.WriteFile(dockerConfigPath, jsonBytes, 0644); err != nil { - return err + return errors.Wrap(err, "failed to create docker config") } // only create repository when pushing and create-repository is true @@ -526,41 +517,49 @@ func run(c *cli.Context) error { return plugin.Exec() } -func createDockerConfig(dockerRegistry, dockerUsername, dockerPassword, accessKey, secretKey, - registry, assumeRole, externalId, region string, noPush bool) (*docker.Config, error) { +func setDockerAuth(dockerRegistry, dockerUsername, dockerPassword, accessKey, secretKey, + registry, assumeRole, externalId, region string, noPush bool) error { dockerConfig := docker.NewConfig() - - if dockerUsername != "" { - // if no docker registry provided, use dockerhub by default - if len(dockerRegistry) == 0 { - dockerRegistry = docker.RegistryV1 + credentials := []docker.RegistryCredentials{} + // set docker credentials for base image registry + if dockerRegistry != "" { + pullFromRegistryCreds := docker.RegistryCredentials{ + Registry: dockerRegistry, + Username: dockerUsername, + Password: dockerPassword, } - dockerConfig.SetAuth(dockerRegistry, dockerUsername, dockerPassword) + credentials = append(credentials, pullFromRegistryCreds) } if assumeRole != "" { var err error username, password, registry, err := getAssumeRoleCreds(region, assumeRole, externalId, "") if err != nil { - return nil, err + return err } - dockerConfig.SetAuth(registry, username, password) + pushToRegistryCreds := docker.RegistryCredentials{ + Registry: registry, + Username: username, + Password: password, + } + credentials = append(credentials, pushToRegistryCreds) + } else if !noPush || accessKey != "" { // only setup auth when pushing or credentials are defined if registry == "" { - return nil, fmt.Errorf("registry must be specified") + return fmt.Errorf("registry must be specified") } // If IAM role is used, access key & secret key are not required if accessKey != "" && secretKey != "" { err := os.Setenv(accessKeyEnv, accessKey) if err != nil { - return nil, errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", accessKeyEnv)) + return errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", accessKeyEnv)) } err = os.Setenv(secretKeyEnv, secretKey) if err != nil { - return nil, errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", secretKeyEnv)) + return errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", secretKeyEnv)) } } @@ -571,8 +570,7 @@ func createDockerConfig(dockerRegistry, dockerUsername, dockerPassword, accessKe dockerConfig.SetCredHelper(registry, "ecr-login") } } - - return dockerConfig, nil + return dockerConfig.CreateDockerConfig(credentials, dockerConfigPath) } func createRepository(region, repo, registry, assumeRole, externalId string) error { diff --git a/cmd/kaniko-ecr/main_test.go b/cmd/kaniko-ecr/main_test.go index 38fc23b..bc103f1 100644 --- a/cmd/kaniko-ecr/main_test.go +++ b/cmd/kaniko-ecr/main_test.go @@ -1,129 +1,45 @@ package main import ( + "encoding/base64" + "io/ioutil" "os" - "reflect" "testing" "github.com/drone/drone-kaniko/pkg/docker" + "github.com/stretchr/testify/assert" ) -func TestCreateDockerConfig(t *testing.T) { - got, err := createDockerConfig( - "", - "docker-username", - "docker-password", - "access-key", - "secret-key", - "ecr-registry", - "", - "", - "", - false, - ) - if err != nil { - t.Error("failed to create docker config") +func TestCreateDockerConfigForECRWithBaseRegistry(t *testing.T) { + accessKey := "access-key" + secretKey := "secret-key" + ecrRegistry := "ecr-registry" + dockerUsername := "dockeruser" + dockerPassword := "dockerpass" + dockerRegistry := "https://index.docker.io/v1/" + + tempDir, err := ioutil.TempDir("", "docker-config-test") + assert.NoError(t, err) + defer os.RemoveAll(tempDir) + + config := docker.NewConfig() + + pullFromRegistryCreds := docker.RegistryCredentials{ + Registry: dockerRegistry, + Username: dockerUsername, + Password: dockerPassword, + } + credentials := []docker.RegistryCredentials{ + {Registry: ecrRegistry, Username: accessKey, Password: secretKey}, + pullFromRegistryCreds, } - want := docker.NewConfig() - want.SetAuth(docker.RegistryV1, "docker-username", "docker-password") - want.SetCredHelper(docker.RegistryECRPublic, "ecr-login") - want.SetCredHelper("ecr-registry", "ecr-login") + err = config.CreateDockerConfig(credentials, tempDir) + assert.NoError(t, err) - if !reflect.DeepEqual(want, got) { - t.Errorf("not equal:\n want: %#v\n got: %#v", want, got) - } -} + expectedECRAuth := docker.Auth{Auth: base64.StdEncoding.EncodeToString([]byte(accessKey + ":" + secretKey))} + assert.Equal(t, expectedECRAuth, config.Auths[ecrRegistry]) -func TestCreateDockerConfigFromGivenRegistry(t *testing.T) { - got, err := createDockerConfig( - "docker-registry", - "docker-username", - "docker-password", - "access-key", - "secret-key", - "ecr-registry", - "", - "", - "", - false, - ) - if err != nil { - t.Error("failed to create docker config") - } - - want := docker.NewConfig() - want.SetAuth("docker-registry", "docker-username", "docker-password") - want.SetCredHelper(docker.RegistryECRPublic, "ecr-login") - want.SetCredHelper("ecr-registry", "ecr-login") - if !reflect.DeepEqual(want, got) { - t.Errorf("not equal:\n want: %#v\n got: %#v", want, got) - } -} - -func TestCreateDockerConfigKanikoOneDotEight(t *testing.T) { - os.Setenv(kanikoVersionEnv, "1.8.1") - defer os.Setenv(kanikoVersionEnv, "") - got, err := createDockerConfig( - "", - "docker-username", - "docker-password", - "access-key", - "secret-key", - "ecr-registry", - "", - "", - "", - false, - ) - if err != nil { - t.Error("failed to create docker config") - } - - want := docker.NewConfig() - want.SetAuth(docker.RegistryV1, "docker-username", "docker-password") - - if !reflect.DeepEqual(want, got) { - t.Errorf("not equal:\n want: %#v\n got: %#v", want, got) - } -} - -func TestVersionComparison(t *testing.T) { - tests := []struct { - title string - version string - expected bool - }{ - { - title: "Kaniko 1.6.0 version", - version: "1.6.0", - expected: true, - }, - { - title: "Kaniko 1.8.0 version", - version: "1.8.0", - expected: false, - }, - { - title: "Kaniko 1.8.1 version", - version: "1.8.1", - expected: false, - }, - { - title: "Empty kaniko version", - version: "", - expected: true, - }, - { - title: "Kaniko version 1.10.0", - version: "1.10.0", - expected: false, - }, - } - for _, test := range tests { - got := isKanikoVersionBelowOneDotEight(test.version) - if got != test.expected { - t.Fatalf("test name: %s, expected: %v, got: %v", test.title, test.expected, got) - } - } -} + expectedDockerAuth := docker.Auth{Auth: base64.StdEncoding.EncodeToString([]byte(dockerUsername + ":" + dockerPassword))} + assert.Equal(t, expectedDockerAuth, config.Auths[dockerRegistry]) +} \ No newline at end of file diff --git a/cmd/kaniko-gar/main.go b/cmd/kaniko-gar/main.go index d065b23..72018e4 100644 --- a/cmd/kaniko-gar/main.go +++ b/cmd/kaniko-gar/main.go @@ -12,12 +12,14 @@ import ( kaniko "github.com/drone/drone-kaniko" "github.com/drone/drone-kaniko/pkg/artifact" + "github.com/drone/drone-kaniko/pkg/docker" ) const ( + dockerConfigPath string = "/kaniko/.docker" // GAR JSON key file path - garKeyPath string = "/kaniko/config.json" - garEnvVariable string = "GOOGLE_APPLICATION_CREDENTIALS" + garKeyPath string = "/kaniko/config.json" + garEnvVariable string = "GOOGLE_APPLICATION_CREDENTIALS" defaultDigestFile string = "/kaniko/digest-file" ) @@ -109,6 +111,21 @@ func main() { Usage: "gar registry", EnvVar: "PLUGIN_REGISTRY", }, + cli.StringFlag{ + Name: "base-image-username", + Usage: "docker username for base image registry", + EnvVar: "PLUGIN_DOCKER_USERNAME,DOCKER_USERNAME", + }, + cli.StringFlag{ + Name: "base-image-password", + Usage: "docker password for base image registry", + EnvVar: "PLUGIN_DOCKER_PASSWORD,DOCKER_PASSWORD", + }, + cli.StringFlag{ + Name: "base-image-registry", + Usage: "docker registry for base image registry", + EnvVar: "PLUGIN_DOCKER_REGISTRY,DOCKER_REGISTRY", + }, cli.StringSliceFlag{ Name: "registry-mirrors", Usage: "docker registry mirrors", @@ -325,7 +342,6 @@ func main() { func run(c *cli.Context) error { noPush := c.Bool("no-push") jsonKey := c.String("json-key") - // JSON key may not be set in the following cases: // 1. Image does not need to be pushed to GAR. // 2. Workload identity is set on GKE in which pod will inherit the credentials via service account. @@ -333,6 +349,17 @@ func run(c *cli.Context) error { if err := setupGARAuth(jsonKey); err != nil { return err } + + // setup docker config only when base image registry is specified + if c.String("base-image-registry") != ""{ + if err := setDockerAuth( + c.String("base-image-username"), + c.String("base-image-password"), + c.String("base-image-registry"), + ); err != nil { + return errors.Wrap(err, "failed to create docker config") + } + } } plugin := kaniko.Plugin{ @@ -409,6 +436,18 @@ func run(c *cli.Context) error { return plugin.Exec() } +func setDockerAuth(dockerUsername, dockerPassword, dockerRegistry string) (error) { + dockerConfig := docker.NewConfig() + dockerRegistryCreds := docker.RegistryCredentials{ + Registry: dockerRegistry, + Username: dockerUsername, + Password: dockerPassword, + } + credentials := []docker.RegistryCredentials{dockerRegistryCreds} + + return dockerConfig.CreateDockerConfig(credentials, dockerConfigPath) +} + func setupGARAuth(jsonKey string) error { err := ioutil.WriteFile(garKeyPath, []byte(jsonKey), 0644) if err != nil { diff --git a/cmd/kaniko-gcr/main.go b/cmd/kaniko-gcr/main.go index 095b19c..ca19cf6 100644 --- a/cmd/kaniko-gcr/main.go +++ b/cmd/kaniko-gcr/main.go @@ -12,12 +12,14 @@ import ( kaniko "github.com/drone/drone-kaniko" "github.com/drone/drone-kaniko/pkg/artifact" + "github.com/drone/drone-kaniko/pkg/docker" ) const ( + dockerConfigPath string = "/kaniko/.docker" // GCR JSON key file path - gcrKeyPath string = "/kaniko/config.json" - gcrEnvVariable string = "GOOGLE_APPLICATION_CREDENTIALS" + gcrKeyPath string = "/kaniko/config.json" + gcrEnvVariable string = "GOOGLE_APPLICATION_CREDENTIALS" defaultDigestFile string = "/kaniko/digest-file" ) @@ -108,7 +110,22 @@ func main() { Name: "registry", Usage: "gcr registry", Value: "gcr.io", - EnvVar: "PLUGIN_REGISTRY", + EnvVar: "PLUGIN_REGISTRY,BASE_REGISTRY", + }, + cli.StringFlag{ + Name: "base-image-username", + Usage: "docker username for base image registry", + EnvVar: "PLUGIN_DOCKER_USERNAME,DOCKER_USERNAME", + }, + cli.StringFlag{ + Name: "base-image-password", + Usage: "docker password for base image registry", + EnvVar: "PLUGIN_DOCKER_PASSWORD,DOCKER_PASSWORD", + }, + cli.StringFlag{ + Name: "base-image-registry", + Usage: "docker registry for base image registry", + EnvVar: "PLUGIN_DOCKER_REGISTRY,DOCKER_REGISTRY", }, cli.StringSliceFlag{ Name: "registry-mirrors", @@ -334,6 +351,17 @@ func run(c *cli.Context) error { if err := setupGCRAuth(jsonKey); err != nil { return err } + + // setup docker config only when base image registry is specified + if c.String("base-image-registry") != ""{ + if err := setDockerAuth( + c.String("base-image-username"), + c.String("base-image-password"), + c.String("base-image-registry"), + ); err != nil { + return errors.Wrap(err, "failed to create docker config") + } + } } plugin := kaniko.Plugin{ @@ -410,6 +438,17 @@ func run(c *cli.Context) error { return plugin.Exec() } +func setDockerAuth(dockerUsername, dockerPassword, dockerRegistry string) (error) { + dockerConfig := docker.NewConfig() + dockerRegistryCreds := docker.RegistryCredentials{ + Registry: dockerRegistry, + Username: dockerUsername, + Password: dockerPassword, + } + credentials := []docker.RegistryCredentials{dockerRegistryCreds} + return dockerConfig.CreateDockerConfig(credentials, dockerConfigPath) +} + func setupGCRAuth(jsonKey string) error { err := ioutil.WriteFile(gcrKeyPath, []byte(jsonKey), 0644) if err != nil { diff --git a/go.mod b/go.mod index faac1d6..3e7147a 100644 --- a/go.mod +++ b/go.mod @@ -10,13 +10,14 @@ require ( github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.13.8 github.com/aws/smithy-go v1.12.0 github.com/coreos/go-semver v0.3.0 - github.com/google/go-cmp v0.5.8 + github.com/google/go-cmp v0.5.9 github.com/hashicorp/go-version v1.6.0 github.com/joho/godotenv v1.4.0 github.com/pkg/errors v0.9.1 - github.com/sirupsen/logrus v1.8.1 + github.com/sirupsen/logrus v1.9.3 + github.com/stretchr/testify v1.8.4 github.com/urfave/cli v1.22.9 - golang.org/x/mod v0.5.1 + golang.org/x/mod v0.17.0 ) require ( @@ -30,17 +31,20 @@ require ( github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.8 // indirect github.com/aws/aws-sdk-go-v2/service/sso v1.11.12 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.16.9 // indirect - github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect + github.com/davecgh/go-spew v1.1.1 // indirect github.com/golang-jwt/jwt v3.2.2+incompatible // indirect github.com/google/uuid v1.3.0 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/kylelemons/godebug v1.1.0 // indirect github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa // indirect golang.org/x/net v0.0.0-20220725212005-46097bf591d3 // indirect - golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect + golang.org/x/sys v0.19.0 // indirect golang.org/x/text v0.3.7 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect ) -go 1.22 +go 1.22.0 diff --git a/go.sum b/go.sum index bb97fc8..3623b20 100644 --- a/go.sum +++ b/go.sum @@ -38,8 +38,8 @@ github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w= -github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4= +github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -50,8 +50,9 @@ github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keL github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU= github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= -github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg= github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -77,36 +78,38 @@ github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQD github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= -github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE= -github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= +github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= +github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/urfave/cli v1.22.9 h1:cv3/KhXGBGjEXLC4bH0sLuJ9BewaAbpk5oyMOveu4pw= github.com/urfave/cli v1.22.9/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa h1:zuSxTR4o9y82ebqCUJYNGJbGPo6sKVl54f/TVDObg1c= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/mod v0.5.1 h1:OJxoQ/rynoF0dcCdI7cLPktw/hR2cueqYfjm43oqK38= -golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= +golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= +golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220725212005-46097bf591d3 h1:2yWTtPWWRcISTw3/o+s/Y4UOMnQL71DWyToOANFusCg= golang.org/x/net v0.0.0-20220725212005-46097bf591d3/go.mod h1:AaygXjzTFtRAg2ttMY5RMuhpJ3cNnI0XpyFJD1iQRSM= -golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/pkg/docker/config.go b/pkg/docker/config.go index 6873a5b..21ba7b4 100644 --- a/pkg/docker/config.go +++ b/pkg/docker/config.go @@ -2,7 +2,18 @@ package docker import ( "encoding/base64" + "encoding/json" "fmt" + "io/ioutil" + "os" + + "github.com/pkg/errors" +) + +const ( + v2HubRegistryURL string = "https://registry.hub.docker.com/v2/" + v1RegistryURL string = "https://index.docker.io/v1/" // Default registry + v2RegistryURL string = "https://index.docker.io/v2/" // v2 registry is not supported ) type ( @@ -12,19 +23,25 @@ type ( Config struct { Auths map[string]Auth `json:"auths"` - CredHelpers map[string]string `json:"credHelpers"` + CredHelpers map[string]string `json:"credHelpers,omitempty"` } ) +type RegistryCredentials struct { + Registry string + Username string + Password string +} + func NewConfig() *Config { return &Config{ - Auths: map[string]Auth{}, - CredHelpers: map[string]string{}, + Auths: make(map[string]Auth), + CredHelpers: make(map[string]string), } } func (c *Config) SetAuth(registry, username, password string) { - authBytes := []byte(fmt.Sprintf("%s:%s", username, password)) + authBytes := []byte(username + ":" + password) encodedString := base64.StdEncoding.EncodeToString(authBytes) c.Auths[registry] = Auth{Auth: encodedString} } @@ -32,3 +49,49 @@ func (c *Config) SetAuth(registry, username, password string) { func (c *Config) SetCredHelper(registry, helper string) { c.CredHelpers[registry] = helper } + +func (c *Config) CreateDockerConfig(credentials []RegistryCredentials, dockerPath string) error { + for _, cred := range credentials { + if cred.Registry != "" { + // update v2 docker registry to v1 + if cred.Registry == v2RegistryURL || cred.Registry == v2HubRegistryURL { + fmt.Printf("Docker v2 registry '%s' is not supported in kaniko. Refer issue: https://github.com/GoogleContainerTools/kaniko/issues/1209\n", cred.Registry) + fmt.Printf("Using v1 registry instead: %s\n", v1RegistryURL) + cred.Registry = v1RegistryURL + } + + if cred.Username == "" { + return fmt.Errorf("Username must be specified for registry: %s", cred.Registry) + } + if cred.Password == "" { + return fmt.Errorf("Password must be specified for registry: %s", cred.Registry) + } + c.SetAuth(cred.Registry, cred.Username, cred.Password) + } + } + jsonBytes, err := json.Marshal(c) + if err != nil { + return errors.Wrap(err, "failed to serialize docker config json") + } + if err := WriteDockerConfig(jsonBytes, dockerPath); err != nil { + return errors.Wrap(err, fmt.Sprintf("failed to write docker config to path: %s", dockerPath)) + } + return nil +} + +func WriteDockerConfig(data []byte, path string) (string error) { + err := os.MkdirAll(path, 0600) + if err != nil { + if !os.IsExist(err) { + return errors.Wrap(err, fmt.Sprintf("failed to create %s directory", path)) + } + } + + filePath := path + "/config.json" + + err = ioutil.WriteFile(filePath, data, 0644) + if err != nil { + return errors.Wrap(err, fmt.Sprintf("failed to create docker config file at %s", path)) + } + return nil +} diff --git a/pkg/docker/config_test.go b/pkg/docker/config_test.go index a6e1323..c236bfa 100644 --- a/pkg/docker/config_test.go +++ b/pkg/docker/config_test.go @@ -2,24 +2,71 @@ package docker import ( "encoding/json" + "io/ioutil" + "os" + "path/filepath" "testing" + + "github.com/stretchr/testify/assert" ) func TestConfig(t *testing.T) { c := NewConfig() + assert.NotNil(t, c.Auths) + assert.NotNil(t, c.CredHelpers) c.SetAuth(RegistryV1, "test", "password") + expectedAuth := Auth{Auth: "dGVzdDpwYXNzd29yZA=="} + assert.Equal(t, expectedAuth, c.Auths[RegistryV1]) + c.SetCredHelper(RegistryECRPublic, "ecr-login") + assert.Equal(t, "ecr-login", c.CredHelpers[RegistryECRPublic]) - bytes, err := json.Marshal(c) - if err != nil { - t.Error("json marshal failed") + tempDir, err := ioutil.TempDir("", "docker-config-test") + assert.NoError(t, err) + defer os.RemoveAll(tempDir) + + credentials := []RegistryCredentials{ + { + Registry: "https://index.docker.io/v1/", + Username: "user1", + Password: "pass1", + }, + { + Registry: "gcr.io", + Username: "user2", + Password: "pass2", + }, } - want := `{"auths":{"https://index.docker.io/v1/":{"auth":"dGVzdDpwYXNzd29yZA=="}},"credHelpers":{"public.ecr.aws":"ecr-login"}}` - got := string(bytes) + err = c.CreateDockerConfig(credentials, tempDir) + assert.NoError(t, err) - if want != got { - t.Errorf("unexpected json output:\n want: %s\n got: %s", want, got) - } + configPath := filepath.Join(tempDir, "config.json") + data, err := ioutil.ReadFile(configPath) + assert.NoError(t, err) + + var configFromFile Config + err = json.Unmarshal(data, &configFromFile) + assert.NoError(t, err) + + assert.Equal(t, c.Auths, configFromFile.Auths) + assert.Equal(t, c.CredHelpers, configFromFile.CredHelpers) +} + +func TestWriteDockerConfig(t *testing.T) { + tempDir, err := ioutil.TempDir("", "docker-config-test") + assert.NoError(t, err) + defer os.RemoveAll(tempDir) + + data := []byte(`{"auths":{"https://index.docker.io/v1/":{"auth":"dGVzdDpwYXNzd29yZA=="}}}`) + err = WriteDockerConfig(data, tempDir) + assert.NoError(t, err) + + configPath := filepath.Join(tempDir, "config.json") + _, err = os.Stat(configPath) + assert.NoError(t, err) + + err = WriteDockerConfig(data, "/invalid/path") + assert.Error(t, err) } diff --git a/pkg/docker/docker_file.go b/pkg/docker/docker_file.go deleted file mode 100644 index 4bf7220..0000000 --- a/pkg/docker/docker_file.go +++ /dev/null @@ -1,35 +0,0 @@ -package docker - -import ( - "encoding/base64" - "fmt" - "io/ioutil" - "os" - - "github.com/pkg/errors" -) - -// Create the docker config file for authentication -func CreateDockerCfgFile(username, password, registry, path string) error { - if username == "" { - return fmt.Errorf("Username must be specified") - } - if password == "" { - return fmt.Errorf("Password must be specified") - } - - err := os.MkdirAll(path, 0600) - if err != nil { - return errors.Wrap(err, fmt.Sprintf("failed to create %s directory", path)) - } - - authBytes := []byte(fmt.Sprintf("%s:%s", username, password)) - encodedString := base64.StdEncoding.EncodeToString(authBytes) - jsonBytes := []byte(fmt.Sprintf(`{"auths": {"%s": {"auth": "%s"}}}`, "https://"+registry, encodedString)) - filePath := path + "/config.json" - err = ioutil.WriteFile(filePath, jsonBytes, 0644) - if err != nil { - return errors.Wrap(err, "failed to create docker config file") - } - return nil -}