initial oidc change

.drone.yml

@@ -5,13 +5,14 @@ name: default
 pool:
   use: ubuntu
 
+
 platform:
   os: linux
   arch: amd64
 
 steps:
 - name: build
-  image: golang:1.22.4
+  image: golang:1.21
   commands:
   - go test ./...
   - sh scripts/build.sh
@@ -178,7 +179,7 @@ pool:
 
 steps:
 - name: build
-  image: golang:1.22.4
+  image: golang:1.21
   commands:
   - go test ./...
   - sh scripts/build.sh

README.md

@@ -4,12 +4,6 @@ Drone kaniko plugin uses [kaniko](https://github.com/GoogleContainerTools/kaniko
 
 Plugin images are published with 1.6.0 as well as 1.9.1 kaniko version from 1.5.1 release tag. `plugins/kaniko:<release-tag>` uses 1.6.0 version while `plugins/kaniko:<release-tag>-kaniko1.9.1` uses 1.9.1 version. Similar convention is used for plugins/kaniko-ecr & plugins/kaniko-gcr images as well.
 
-Run the following script to install git-leaks support to this repo.
-```
-chmod +x ./git-hooks/install.sh
-./git-hooks/install.sh
-```
-
 ## Build
 
 Build the binaries with the following commands:
@@ -50,6 +44,11 @@ docker build \
   --label org.label-schema.build-date=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
   --label org.label-schema.vcs-ref=$(git rev-parse --short HEAD) \
   --file docker/ecr/Dockerfile.linux.amd64 --tag plugins/kaniko-ecr .
+  
+  docker build \
+  --label org.label-schema.build-date=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
+  --label org.label-schema.vcs-ref=$(git rev-parse --short HEAD) \
+  --file docker/gar/Dockerfile.linux.amd64 --tag plugins/kaniko-gar .
 ```
 
 ## Usage

cmd/kaniko-acr/main.go

@@ -23,11 +23,12 @@ import (
 )
 
 const (
+	dockerPath         string = "/kaniko/.docker"
 	clientIdEnv        string = "AZURE_CLIENT_ID"
 	clientSecretKeyEnv string = "AZURE_CLIENT_SECRET"
-	dockerConfigPath   string = "/kaniko/.docker"
 	tenantKeyEnv       string = "AZURE_TENANT_ID"
 	certPathEnv        string = "AZURE_CLIENT_CERTIFICATE_PATH"
+	dockerConfigPath   string = "/kaniko/.docker"
 	defaultDigestFile  string = "/kaniko/digest-file"
 	finalUrl           string = "https://portal.azure.com/#view/Microsoft_Azure_ContainerRegistries/TagMetadataBlade/registryId/"
 )
@@ -36,7 +37,6 @@ var (
 	ACRCertPath   = "/kaniko/acr-cert.pem"
 	pluginVersion = "unknown"
 	username      = "00000000-0000-0000-0000-000000000000"
-	maxPageCount  = 1000 // maximum count of pages to cycle through before we break out
 )
 
 func main() {
@@ -121,21 +121,6 @@ func main() {
 			Usage:  "ACR registry",
 			EnvVar: "PLUGIN_REGISTRY",
 		},
-		cli.StringFlag{
-			Name:   "base-image-registry",
-			Usage:  "Docker registry for base image",
-			EnvVar: "PLUGIN_DOCKER_REGISTRY,PLUGIN_BASE_IMAGE_REGISTRY,DOCKER_REGISTRY",
-		},
-		cli.StringFlag{
-			Name:   "base-image-username",
-			Usage:  "Docker username for base image registry",
-			EnvVar: "PLUGIN_DOCKER_USERNAME,PLUGIN_BASE_IMAGE_USERNAME,DOCKER_USERNAME",
-		},
-		cli.StringFlag{
-			Name:   "base-image-password",
-			Usage:  "Docker password for base image registry",
-			EnvVar: "PLUGIN_DOCKER_PASSWORD,PLUGIN_BASE_IMAGE_PASSWORD,DOCKER_PASSWORD",
-		},
 		cli.StringSliceFlag{
 			Name:   "registry-mirrors",
 			Usage:  "docker registry mirrors",
@@ -221,157 +206,6 @@ func main() {
 			Usage:  "build only used stages",
 			EnvVar: "PLUGIN_SKIP_UNUSED_STAGES",
 		},
-		cli.StringFlag{
-			Name:   "cache-dir",
-			Usage:  "Set this flag to specify a local directory cache for base images",
-			EnvVar: "PLUGIN_CACHE_DIR",
-		},
-
-		cli.BoolFlag{
-			Name:   "cache-copy-layers",
-			Usage:  "Enable or disable copying layers from the cache.",
-			EnvVar: "PLUGIN_CACHE_COPY_LAYERS",
-		},
-		cli.BoolFlag{
-			Name:   "cache-run-layers",
-			Usage:  "Enable or disable running layers from the cache.",
-			EnvVar: "PLUGIN_CACHE_RUN_LAYERS",
-		},
-		cli.BoolFlag{
-			Name:   "cleanup",
-			Usage:  "Enable or disable cleanup of temporary files.",
-			EnvVar: "PLUGIN_CLEANUP",
-		},
-		cli.BoolFlag{
-			Name:   "compressed-caching",
-			Usage:  "Enable or disable compressed caching.",
-			EnvVar: "PLUGIN_COMPRESSED_CACHING",
-		},
-		cli.StringFlag{
-			Name:   "context-sub-path",
-			Usage:  "Sub-path within the context to build.",
-			EnvVar: "PLUGIN_CONTEXT_SUB_PATH",
-		},
-		cli.StringFlag{
-			Name:   "custom-platform",
-			Usage:  "Platform to use for building.",
-			EnvVar: "PLUGIN_CUSTOM_PLATFORM",
-		},
-		cli.BoolFlag{
-			Name:   "force",
-			Usage:  "Force building the image even if it already exists.",
-			EnvVar: "PLUGIN_FORCE",
-		},
-		cli.StringSliceFlag{
-			Name:   "image-name-with-digest-file",
-			Usage:  "Write image name with digest to a file.",
-			EnvVar: "PLUGIN_IMAGE_NAME_WITH_DIGEST_FILE",
-		},
-		cli.StringFlag{
-			Name:   "image-name-tag-with-digest-file",
-			Usage:  "Write image name with tag and digest to a file.",
-			EnvVar: "PLUGIN_IMAGE_NAME_TAG_WITH_DIGEST_FILE",
-		},
-		cli.BoolFlag{
-			Name:   "insecure",
-			Usage:  "Allow connecting to registries without TLS.",
-			EnvVar: "PLUGIN_INSECURE",
-		},
-		cli.BoolFlag{
-			Name:   "insecure-pull",
-			Usage:  "Allow insecure pulls from the registry.",
-			EnvVar: "PLUGIN_INSECURE_PULL",
-		},
-		cli.StringFlag{
-			Name:   "insecure-registry",
-			Usage:  "Use plain HTTP for registry communication.",
-			EnvVar: "PLUGIN_INSECURE_REGISTRY",
-		},
-		cli.StringFlag{
-			Name:   "log-format",
-			Usage:  "Set the log format for build output.",
-			EnvVar: "PLUGIN_LOG_FORMAT",
-		},
-		cli.BoolFlag{
-			Name:   "log-timestamp",
-			Usage:  "Show timestamps in build output.",
-			EnvVar: "PLUGIN_LOG_TIMESTAMP",
-		},
-		cli.StringFlag{
-			Name:   "oci-layout-path",
-			Usage:  "Directory to store OCI layout.",
-			EnvVar: "PLUGIN_OCI_LAYOUT_PATH",
-		},
-		cli.IntFlag{
-			Name:   "push-retry",
-			Usage:  "Number of times to retry pushing an image.",
-			EnvVar: "PLUGIN_PUSH_RETRY",
-		},
-		cli.StringFlag{
-			Name:   "registry-certificate",
-			Usage:  "Path to a file containing a registry certificate.",
-			EnvVar: "PLUGIN_REGISTRY_CERTIFICATE",
-		},
-		cli.StringFlag{
-			Name:   "registry-client-cert",
-			Usage:  "Path to a file containing a registry client certificate.",
-			EnvVar: "PLUGIN_REGISTRY_CLIENT_CERT",
-		},
-		cli.BoolFlag{
-			Name:   "skip-default-registry-fallback",
-			Usage:  "Skip Docker Hub and default registry fallback.",
-			EnvVar: "PLUGIN_SKIP_DEFAULT_REGISTRY_FALLBACK",
-		},
-		cli.BoolFlag{
-			Name:   "reproducible",
-			Usage:  "Create a reproducible image.",
-			EnvVar: "PLUGIN_REPRODUCIBLE",
-		},
-		cli.BoolFlag{
-			Name:   "single-snapshot",
-			Usage:  "Only create a single snapshot of the image.",
-			EnvVar: "PLUGIN_SINGLE_SNAPSHOT",
-		},
-		cli.BoolFlag{
-			Name:   "skip-push-permission-check",
-			Usage:  "Skip permission check when pushing.",
-			EnvVar: "PLUGIN_SKIP_PUSH_PERMISSION_CHECK",
-		},
-		cli.BoolFlag{
-			Name:   "skip-tls-verify-pull",
-			Usage:  "Skip TLS verification when pulling.",
-			EnvVar: "PLUGIN_SKIP_TLS_VERIFY_PULL",
-		},
-		cli.BoolFlag{
-			Name:   "skip-tls-verify-registry",
-			Usage:  "Skip TLS verification when connecting to a registry.",
-			EnvVar: "PLUGIN_SKIP_TLS_VERIFY_REGISTRY",
-		},
-		cli.BoolFlag{
-			Name:   "use-new-run",
-			Usage:  "Skip TLS verification when connecting to a registry.",
-			EnvVar: "PLUGIN_USE_NEW_RUN",
-		},
-		cli.BoolFlag{
-			Name:   "ignore-var-run",
-			Usage:  "Ignore the /var/run directory during build.",
-			EnvVar: "PLUGIN_IGNORE_VAR_RUN",
-		},
-		cli.StringFlag{
-			Name:   "ignore-path",
-			Usage:  "Path to ignore during the build.",
-			EnvVar: "PLUGIN_IGNORE_PATH",
-		},
-		cli.IntFlag{
-			Name:   "image-fs-extract-retry",
-			Usage:  "Number of retries for extracting filesystem layers.",
-			EnvVar: "PLUGIN_IMAGE_FS_EXTRACT_RETRY",
-		},
-		cli.IntFlag{
-			Name:   "image-download-retry",
-			Usage:  "Number of retries for downloading base images.",
-			EnvVar: "PLUGIN_IMAGE_DOWNLOAD_RETRY",
-		},
 	}
 
 	if err := app.Run(os.Args); err != nil {
@@ -390,9 +224,6 @@ func run(c *cli.Context) error {
 		c.String("client-secret"),
 		c.String("subscription-id"),
 		registry,
-		c.String("base-image-username"),
-		c.String("base-image-password"),
-		c.String("base-image-registry"),
 		noPush,
 	)
 	if err != nil {
@@ -401,58 +232,28 @@ func run(c *cli.Context) error {
 
 	plugin := kaniko.Plugin{
 		Build: kaniko.Build{
-			DroneCommitRef:              c.String("drone-commit-ref"),
-			DroneRepoBranch:             c.String("drone-repo-branch"),
-			Dockerfile:                  c.String("dockerfile"),
-			Context:                     c.String("context"),
-			Tags:                        c.StringSlice("tags"),
-			AutoTag:                     c.Bool("auto-tag"),
-			AutoTagSuffix:               c.String("auto-tag-suffix"),
-			ExpandTag:                   c.Bool("expand-tag"),
-			Args:                        c.StringSlice("args"),
-			Target:                      c.String("target"),
-			Repo:                        c.String("repo"),
-			Mirrors:                     c.StringSlice("registry-mirrors"),
-			Labels:                      c.StringSlice("custom-labels"),
-			SnapshotMode:                c.String("snapshot-mode"),
-			EnableCache:                 c.Bool("enable-cache"),
-			CacheRepo:                   fmt.Sprintf("%s/%s", c.String("registry"), c.String("cache-repo")),
-			CacheTTL:                    c.Int("cache-ttl"),
-			DigestFile:                  defaultDigestFile,
-			NoPush:                      noPush,
-			Verbosity:                   c.String("verbosity"),
-			Platform:                    c.String("platform"),
-			SkipUnusedStages:            c.Bool("skip-unused-stages"),
-			CacheDir:                    c.String("cache-dir"),
-			CacheCopyLayers:             c.Bool("cache-copy-layers"),
-			CacheRunLayers:              c.Bool("cache-run-layers"),
-			Cleanup:                     c.Bool("cleanup"),
-			ContextSubPath:              c.String("context-sub-path"),
-			CustomPlatform:              c.String("custom-platform"),
-			Force:                       c.Bool("force"),
-			ImageNameWithDigestFile:     c.String("image-name-with-digest-file"),
-			ImageNameTagWithDigestFile:  c.String("image-name-tag-with-digest-file"),
-			Insecure:                    c.Bool("insecure"),
-			InsecurePull:                c.Bool("insecure-pull"),
-			InsecureRegistry:            c.String("insecure-registry"),
-			Label:                       c.String("label"),
-			LogFormat:                   c.String("log-format"),
-			LogTimestamp:                c.Bool("log-timestamp"),
-			OCILayoutPath:               c.String("oci-layout-path"),
-			PushRetry:                   c.Int("push-retry"),
-			RegistryCertificate:         c.String("registry-certificate"),
-			RegistryClientCert:          c.String("registry-client-cert"),
-			SkipDefaultRegistryFallback: c.Bool("skip-default-registry-fallback"),
-			Reproducible:                c.Bool("reproducible"),
-			SingleSnapshot:              c.Bool("single-snapshot"),
-			SkipTLSVerify:               c.Bool("skip-tls-verify"),
-			SkipPushPermissionCheck:     c.Bool("skip-push-permission-check"),
-			SkipTLSVerifyPull:           c.Bool("skip-tls-verify-pull"),
-			SkipTLSVerifyRegistry:       c.Bool("skip-tls-verify-registry"),
-			UseNewRun:                   c.Bool("use-new-run"),
-			IgnorePath:                  c.String("ignore-path"),
-			ImageFSExtractRetry:         c.Int("image-fs-extract-retry"),
-			ImageDownloadRetry:          c.Int("image-download-retry"),
+			DroneCommitRef:   c.String("drone-commit-ref"),
+			DroneRepoBranch:  c.String("drone-repo-branch"),
+			Dockerfile:       c.String("dockerfile"),
+			Context:          c.String("context"),
+			Tags:             c.StringSlice("tags"),
+			AutoTag:          c.Bool("auto-tag"),
+			AutoTagSuffix:    c.String("auto-tag-suffix"),
+			ExpandTag:        c.Bool("expand-tag"),
+			Args:             c.StringSlice("args"),
+			Target:           c.String("target"),
+			Repo:             c.String("repo"),
+			Mirrors:          c.StringSlice("registry-mirrors"),
+			Labels:           c.StringSlice("custom-labels"),
+			SnapshotMode:     c.String("snapshot-mode"),
+			EnableCache:      c.Bool("enable-cache"),
+			CacheRepo:        fmt.Sprintf("%s/%s", c.String("registry"), c.String("cache-repo")),
+			CacheTTL:         c.Int("cache-ttl"),
+			DigestFile:       defaultDigestFile,
+			NoPush:           noPush,
+			Verbosity:        c.String("verbosity"),
+			Platform:         c.String("platform"),
+			SkipUnusedStages: c.Bool("skip-unused-stages"),
 		},
 		Artifact: kaniko.Artifact{
 			Tags:         c.StringSlice("tags"),
@@ -462,19 +263,11 @@ func run(c *cli.Context) error {
 			RegistryType: artifact.Docker,
 		},
 	}
-	if c.IsSet("compressed-caching") {
-		flag := c.Bool("compressed-caching")
-		plugin.Build.CompressedCaching = &flag
-	}
-	if c.IsSet("ignore-var-run") {
-		flag := c.Bool("ignore-var-run")
-		plugin.Build.IgnoreVarRun = &flag
-	}
 	return plugin.Exec()
 }
 
 func setupAuth(tenantId, clientId, cert,
-	clientSecret, subscriptionId, registry, dockerUsername, dockerPassword, dockerRegistry string, noPush bool) (string, error) {
+	clientSecret, subscriptionId, registry string, noPush bool) (string, error) {
 	if registry == "" {
 		return "", fmt.Errorf("registry must be specified")
 	}
@@ -491,9 +284,8 @@ func setupAuth(tenantId, clientId, cert,
 		if err != nil {
 			return "", errors.Wrap(err, "failed to fetch ACR Token")
 		}
-
-		// setup docker config for azure registry and base image docker registry
-		if err := setDockerAuth(username, token, registry, dockerUsername, dockerPassword, dockerRegistry); err != nil {
+		err = docker.CreateDockerCfgFile(username, token, registry, dockerConfigPath)
+		if err != nil {
 			return "", errors.Wrap(err, "failed to create docker config")
 		}
 		return publicUrl, nil
@@ -615,75 +407,32 @@ func getPublicUrl(token, registryUrl, subscriptionId string) (string, error) {
 	}
 
 	registry := strings.Split(registryUrl, ".")[0]
-	baseURL := "https://management.azure.com/subscriptions/" +
+	burl := "https://management.azure.com/subscriptions/" +
 		subscriptionId + "/resources?$filter=resourceType%20eq%20'Microsoft.ContainerRegistry/registries'%20and%20name%20eq%20'" +
 		registry + "'&api-version=2021-04-01&$select=id"
 
 	method := "GET"
 	client := &http.Client{}
-
-	cnt := 0
-
-	for {
-		// this is just in case we end up cycling through nextLink's infinitely.
-		// this should not happen - added as a precaution.
-		if cnt > maxPageCount {
-			break
-		}
-		cnt++
-		req, err := http.NewRequest(method, baseURL, nil)
-		if err != nil {
-			return "", errors.Wrap(err, "failed to create request for getting container registry setting")
-		}
-
-		req.Header.Add("Authorization", "Bearer "+token)
-		res, err := client.Do(req)
-		if err != nil {
-			return "", errors.Wrap(err, "failed to send request for getting container registry setting")
-		}
-		defer res.Body.Close()
-
-		var response strct
-		err = json.NewDecoder(res.Body).Decode(&response)
-		if err != nil {
-			return "", errors.Wrap(err, "failed to send request for getting container registry setting")
-		}
-
-		if len(response.Value) > 0 {
-			if response.Value[0].ID == "" { // should not happen
-				return "", errors.New("received empty registry ID from /subscriptions API")
-			}
-			return finalUrl + encodeParam(response.Value[0].ID), nil
-		}
-
-		if response.NextLink == "" {
-			// No more pages, break the loop
-			break
-		}
-
-		baseURL = response.NextLink
+	req, err := http.NewRequest(method, burl, nil)
+	if err != nil {
+		fmt.Println(err)
+		return "", errors.Wrap(err, "failed to create request for getting container registry setting")
 	}
 
-	return "", errors.New("did not receive any registry information from /subscriptions API")
-}
-
-func setDockerAuth(username, password, registry, dockerUsername, dockerPassword, dockerRegistry string) error {
-	dockerConfig := docker.NewConfig()
-	pushToRegistryCreds := docker.RegistryCredentials{
-		Registry: registry,
-		Username: username,
-		Password: password,
+	req.Header.Add("Authorization", "Bearer "+token)
+	res, err := client.Do(req)
+	if err != nil {
+		fmt.Println(err)
+		return "", errors.Wrap(err, "failed to send request for getting container registry setting")
 	}
+	defer res.Body.Close()
 
-	pullFromRegistryCreds := docker.RegistryCredentials{
-		Registry: dockerRegistry,
-		Username: dockerUsername,
-		Password: dockerPassword,
+	var response strct
+	err = json.NewDecoder(res.Body).Decode(&response)
+	if err != nil {
+		return "", errors.Wrap(err, "failed to send request for getting container registry setting")
 	}
-
-	credentials := []docker.RegistryCredentials{pushToRegistryCreds, pullFromRegistryCreds}
-	return dockerConfig.CreateDockerConfig(credentials, dockerConfigPath)
-
+	return finalUrl + encodeParam(response.Value[0].ID), nil
 }
 
 func encodeParam(s string) string {
@@ -694,5 +443,4 @@ type strct struct {
 	Value []struct {
 		ID string `json:"id"`
 	} `json:"value"`
-	NextLink string `json:"nextLink"` // for pagination
 }

cmd/kaniko-acr/main_test.go

@@ -1,156 +0,0 @@
-package main
-
-import (
-	"encoding/base64"
-	"encoding/json"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"testing"
-
-	"github.com/drone/drone-kaniko/pkg/docker"
-	"github.com/stretchr/testify/assert"
-)
-
-const (
-	v2RegistryURL string = "https://index.docker.io/v2/" // v2 registry is not supported
-)
-
-func TestCreateDockerConfigWithBaseRegistry(t *testing.T) {
-	username := "user1"
-	password := "pass1"
-	registry := "azurecr.io"
-	dockerUsername := "dockeruser"
-	dockerPassword := "dockerpass"
-	dockerRegistry := "https://index.docker.io/v1/"
-	privateRegistry := "privateDockerRegistry"
-	privateRegistryUsername := "priaveUsername"
-	privateRegistryPassword := "privatePassword"
-
-	credentials := []docker.RegistryCredentials{
-		{
-			Registry: registry,
-			Username: username,
-			Password: password,
-		},
-		{
-			Registry: dockerRegistry,
-			Username: dockerUsername,
-			Password: dockerPassword,
-		},
-		{
-			Registry: privateRegistry,
-			Username: privateRegistryUsername,
-			Password: privateRegistryPassword,
-		},
-	}
-
-	tempDir, err := ioutil.TempDir("", "docker-config-test")
-	assert.NoError(t, err)
-	defer os.RemoveAll(tempDir)
-
-	config := docker.NewConfig()
-	err = config.CreateDockerConfig(credentials, tempDir)
-	assert.NoError(t, err)
-
-	expectedAuth := docker.Auth{Auth: base64.StdEncoding.EncodeToString([]byte(username + ":" + password))}
-	assert.Equal(t, expectedAuth, config.Auths[registry])
-
-	expectedDockerAuth := docker.Auth{Auth: base64.StdEncoding.EncodeToString([]byte(dockerUsername + ":" + dockerPassword))}
-	assert.Equal(t, expectedDockerAuth, config.Auths[dockerRegistry])
-
-	configPath := filepath.Join(tempDir, "config.json")
-	data, err := ioutil.ReadFile(configPath)
-	assert.NoError(t, err)
-
-	var configFromFile docker.Config
-	err = json.Unmarshal(data, &configFromFile)
-	assert.NoError(t, err)
-
-	assert.Equal(t, config.Auths, configFromFile.Auths)
-
-	err = config.CreateDockerConfig([]docker.RegistryCredentials{
-		{
-			Registry: registry,
-			Username: "",
-			Password: password,
-		},
-	}, tempDir)
-	assert.EqualError(t, err, "Username must be specified for registry: "+registry)
-
-	err = config.CreateDockerConfig([]docker.RegistryCredentials{
-		{
-			Registry: registry,
-			Username: username,
-			Password: "",
-		},
-	}, tempDir)
-	assert.EqualError(t, err, "Password must be specified for registry: "+registry)
-
-	// v1 registry but without username password
-	err = config.CreateDockerConfig([]docker.RegistryCredentials{
-		{
-			Registry: registry,
-			Username: username,
-			Password: password,
-		},
-		{
-			Registry: dockerRegistry,
-			Username: "",
-			Password: "",
-		},
-	}, tempDir)
-	assert.EqualError(t, err, "Username must be specified for registry: "+dockerRegistry)
-
-	// private base registry without username/password
-	err = config.CreateDockerConfig([]docker.RegistryCredentials{
-		{
-			Registry: privateRegistry,
-			Username: "",
-			Password: "",
-		},
-	}, tempDir)
-	assert.EqualError(t, err, "Username must be specified for registry: "+privateRegistry)
-
-}
-
-func TestCreateDockerConfigWithoutBaseRegistry(t *testing.T) {
-	username := "user1"
-	password := "pass1"
-	registry := "azurecr.io"
-
-	credentials := []docker.RegistryCredentials{
-		{
-			Registry: registry,
-			Username: username,
-			Password: password,
-		},
-	}
-
-	// Create a temporary directory
-	tempDir, err := ioutil.TempDir("", "docker-config-test")
-	assert.NoError(t, err)
-	defer os.RemoveAll(tempDir)
-
-	config := docker.NewConfig()
-	err = config.CreateDockerConfig(credentials, tempDir)
-	assert.NoError(t, err)
-
-	expectedAuth := docker.Auth{Auth: base64.StdEncoding.EncodeToString([]byte(username + ":" + password))}
-	assert.Equal(t, expectedAuth, config.Auths[registry])
-
-	// Check the contents of the config.json file
-	configPath := filepath.Join(tempDir, "config.json")
-	data, err := ioutil.ReadFile(configPath)
-	assert.NoError(t, err)
-
-	var configFromFile docker.Config
-	err = json.Unmarshal(data, &configFromFile)
-	assert.NoError(t, err)
-
-	assert.Equal(t, config.Auths, configFromFile.Auths)
-
-	// Check if the public Docker Hub auth is not set
-	_, exists := config.Auths[""]
-	assert.False(t, exists)
-}

cmd/kaniko-docker/main.go

@@ -1,6 +1,9 @@
 package main
 
 import (
+	"encoding/base64"
+	"fmt"
+	"io/ioutil"
 	"os"
 	"strings"
 
@@ -11,7 +14,6 @@ import (
 
 	kaniko "github.com/drone/drone-kaniko"
 	"github.com/drone/drone-kaniko/pkg/artifact"
-	"github.com/drone/drone-kaniko/pkg/docker"
 )
 
 const (
@@ -19,7 +21,9 @@ const (
 	dockerPath       string = "/kaniko/.docker"
 	dockerConfigPath string = "/kaniko/.docker/config.json"
 
-	v1RegistryURL string = "https://index.docker.io/v1/" // Default registry
+	v1RegistryURL    string = "https://index.docker.io/v1/" // Default registry
+	v2RegistryURL    string = "https://index.docker.io/v2/" // v2 registry is not supported
+	v2HubRegistryURL string = "https://registry.hub.docker.com/v2/"
 
 	defaultDigestFile string = "/kaniko/digest-file"
 )
@@ -118,15 +122,10 @@ func main() {
 		},
 		cli.StringFlag{
 			Name:   "registry",
-			Usage:  "docker registry of registry to push image to",
+			Usage:  "docker registry",
 			Value:  v1RegistryURL,
 			EnvVar: "PLUGIN_REGISTRY",
 		},
-		cli.StringFlag{
-			Name:   "base-image-registry",
-			Usage:  "Docker registry for base image",
-			EnvVar: "PLUGIN_DOCKER_REGISTRY,PLUGIN_BASE_IMAGE_REGISTRY,DOCKER_REGISTRY",
-		},
 		cli.StringSliceFlag{
 			Name:   "registry-mirrors",
 			Usage:  "docker registry mirrors",
@@ -134,24 +133,14 @@ func main() {
 		},
 		cli.StringFlag{
 			Name:   "username",
-			Usage:  "docker username of registry to push image to",
+			Usage:  "docker username",
 			EnvVar: "PLUGIN_USERNAME",
 		},
-		cli.StringFlag{
-			Name:   "base-image-username",
-			Usage:  "Docker username for base image registry",
-			EnvVar: "PLUGIN_DOCKER_USERNAME,PLUGIN_BASE_IMAGE_USERNAME,DOCKER_USERNAME",
-		},
 		cli.StringFlag{
 			Name:   "password",
-			Usage:  "docker password of registry to push image to",
+			Usage:  "docker password",
 			EnvVar: "PLUGIN_PASSWORD",
 		},
-		cli.StringFlag{
-			Name:   "base-image-password",
-			Usage:  "Docker password for base image registry",
-			EnvVar: "PLUGIN_DOCKER_PASSWORD,PLUGIN_BASE_IMAGE_PASSWORD,DOCKER_PASSWORD",
-		},
 		cli.BoolFlag{
 			Name:   "skip-tls-verify",
 			Usage:  "Skip registry tls verify",
@@ -212,157 +201,6 @@ func main() {
 			Usage:  "Output file location that will be generated by the plugin. This file will include information of the output that are exported by the plugin.",
 			EnvVar: "DRONE_OUTPUT",
 		},
-		cli.StringFlag{
-			Name:   "cache-dir",
-			Usage:  "Set this flag to specify a local directory cache for base images",
-			EnvVar: "PLUGIN_CACHE_DIR",
-		},
-
-		cli.BoolFlag{
-			Name:   "cache-copy-layers",
-			Usage:  "Enable or disable copying layers from the cache.",
-			EnvVar: "PLUGIN_CACHE_COPY_LAYERS",
-		},
-		cli.BoolFlag{
-			Name:   "cache-run-layers",
-			Usage:  "Enable or disable running layers from the cache.",
-			EnvVar: "PLUGIN_CACHE_RUN_LAYERS",
-		},
-		cli.BoolFlag{
-			Name:   "cleanup",
-			Usage:  "Enable or disable cleanup of temporary files.",
-			EnvVar: "PLUGIN_CLEANUP",
-		},
-		cli.BoolFlag{
-			Name:   "compressed-caching",
-			Usage:  "Enable or disable compressed caching.",
-			EnvVar: "PLUGIN_COMPRESSED_CACHING",
-		},
-		cli.StringFlag{
-			Name:   "context-sub-path",
-			Usage:  "Sub-path within the context to build.",
-			EnvVar: "PLUGIN_CONTEXT_SUB_PATH",
-		},
-		cli.StringFlag{
-			Name:   "custom-platform",
-			Usage:  "Platform to use for building.",
-			EnvVar: "PLUGIN_CUSTOM_PLATFORM",
-		},
-		cli.BoolFlag{
-			Name:   "force",
-			Usage:  "Force building the image even if it already exists.",
-			EnvVar: "PLUGIN_FORCE",
-		},
-		cli.StringFlag{
-			Name:   "image-name-with-digest-file",
-			Usage:  "Write image name with digest to a file.",
-			EnvVar: "PLUGIN_IMAGE_NAME_WITH_DIGEST_FILE",
-		},
-		cli.StringFlag{
-			Name:   "image-name-tag-with-digest-file",
-			Usage:  "Write image name with tag and digest to a file.",
-			EnvVar: "PLUGIN_IMAGE_NAME_TAG_WITH_DIGEST_FILE",
-		},
-		cli.BoolFlag{
-			Name:   "insecure",
-			Usage:  "Allow connecting to registries without TLS.",
-			EnvVar: "PLUGIN_INSECURE",
-		},
-		cli.BoolFlag{
-			Name:   "insecure-pull",
-			Usage:  "Allow insecure pulls from the registry.",
-			EnvVar: "PLUGIN_INSECURE_PULL",
-		},
-		cli.StringFlag{
-			Name:   "insecure-registry",
-			Usage:  "Use plain HTTP for registry communication.",
-			EnvVar: "PLUGIN_INSECURE_REGISTRY",
-		},
-		cli.StringFlag{
-			Name:   "log-format",
-			Usage:  "Set the log format for build output.",
-			EnvVar: "PLUGIN_LOG_FORMAT",
-		},
-		cli.BoolFlag{
-			Name:   "log-timestamp",
-			Usage:  "Show timestamps in build output.",
-			EnvVar: "PLUGIN_LOG_TIMESTAMP",
-		},
-		cli.StringFlag{
-			Name:   "oci-layout-path",
-			Usage:  "Directory to store OCI layout.",
-			EnvVar: "PLUGIN_OCI_LAYOUT_PATH",
-		},
-		cli.IntFlag{
-			Name:   "push-retry",
-			Usage:  "Number of times to retry pushing an image.",
-			EnvVar: "PLUGIN_PUSH_RETRY",
-		},
-		cli.StringFlag{
-			Name:   "registry-certificate",
-			Usage:  "Path to a file containing a registry certificate.",
-			EnvVar: "PLUGIN_REGISTRY_CERTIFICATE",
-		},
-		cli.StringFlag{
-			Name:   "registry-client-cert",
-			Usage:  "Path to a file containing a registry client certificate.",
-			EnvVar: "PLUGIN_REGISTRY_CLIENT_CERT",
-		},
-		cli.BoolFlag{
-			Name:   "skip-default-registry-fallback",
-			Usage:  "Skip Docker Hub and default registry fallback.",
-			EnvVar: "PLUGIN_SKIP_DEFAULT_REGISTRY_FALLBACK",
-		},
-		cli.BoolFlag{
-			Name:   "reproducible",
-			Usage:  "Create a reproducible image.",
-			EnvVar: "PLUGIN_REPRODUCIBLE",
-		},
-		cli.BoolFlag{
-			Name:   "single-snapshot",
-			Usage:  "Only create a single snapshot of the image.",
-			EnvVar: "PLUGIN_SINGLE_SNAPSHOT",
-		},
-		cli.BoolFlag{
-			Name:   "skip-push-permission-check",
-			Usage:  "Skip permission check when pushing.",
-			EnvVar: "PLUGIN_SKIP_PUSH_PERMISSION_CHECK",
-		},
-		cli.BoolFlag{
-			Name:   "skip-tls-verify-pull",
-			Usage:  "Skip TLS verification when pulling.",
-			EnvVar: "PLUGIN_SKIP_TLS_VERIFY_PULL",
-		},
-		cli.BoolFlag{
-			Name:   "skip-tls-verify-registry",
-			Usage:  "Skip TLS verification when connecting to a registry.",
-			EnvVar: "PLUGIN_SKIP_TLS_VERIFY_REGISTRY",
-		},
-		cli.BoolFlag{
-			Name:   "use-new-run",
-			Usage:  "Skip TLS verification when connecting to a registry.",
-			EnvVar: "PLUGIN_USE_NEW_RUN",
-		},
-		cli.BoolFlag{
-			Name:   "ignore-var-run",
-			Usage:  "Ignore the /var/run directory during build.",
-			EnvVar: "PLUGIN_IGNORE_VAR_RUN",
-		},
-		cli.StringFlag{
-			Name:   "ignore-path",
-			Usage:  "Path to ignore during the build.",
-			EnvVar: "PLUGIN_IGNORE_PATH",
-		},
-		cli.IntFlag{
-			Name:   "image-fs-extract-retry",
-			Usage:  "Number of retries for extracting filesystem layers.",
-			EnvVar: "PLUGIN_IMAGE_FS_EXTRACT_RETRY",
-		},
-		cli.IntFlag{
-			Name:   "image-download-retry",
-			Usage:  "Number of retries for downloading base images.",
-			EnvVar: "PLUGIN_IMAGE_DOWNLOAD_RETRY",
-		},
 	}
 
 	if err := app.Run(os.Args); err != nil {
@@ -374,83 +212,45 @@ func run(c *cli.Context) error {
 	username := c.String("username")
 	noPush := c.Bool("no-push")
 	configOverride := c.String("dockerconfig")
-	// if configOverride is provided, use this directly to write to docker config file
+
+	// if configOverride is provided, use this for docker auth
 	if len(configOverride) > 0 {
-		if err := docker.WriteDockerConfig([]byte(configOverride), dockerPath); err != nil {
+		if err := writeDockerCfgFile([]byte(configOverride)); err != nil {
 			return err
 		}
 	} else if !noPush || username != "" {
-		// setup auth when pushing/pulling or credentials are defined and docker config override is false
-		err := setDockerAuth(
-			c.String("username"),
-			c.String("password"),
-			c.String("registry"),
-			c.String("base-image-username"),
-			c.String("base-image-password"),
-			c.String("base-image-registry"),
-		)
-		if err != nil {
-			return errors.Wrap(err, "failed to create docker config")
+		// setup auth when pushing or credentials are defined and docker config override is false
+		if err := createDockerCfgFile(username, c.String("password"), c.String("registry")); err != nil {
+			return err
 		}
 	}
 
 	plugin := kaniko.Plugin{
 		Build: kaniko.Build{
-			DroneCommitRef:              c.String("drone-commit-ref"),
-			DroneRepoBranch:             c.String("drone-repo-branch"),
-			Dockerfile:                  c.String("dockerfile"),
-			Context:                     c.String("context"),
-			Tags:                        c.StringSlice("tags"),
-			AutoTag:                     c.Bool("auto-tag"),
-			AutoTagSuffix:               c.String("auto-tag-suffix"),
-			ExpandTag:                   c.Bool("expand-tag"),
-			Args:                        c.StringSlice("args"),
-			Target:                      c.String("target"),
-			Repo:                        buildRepo(c.String("registry"), c.String("repo"), c.Bool("expand-repo")),
-			Mirrors:                     c.StringSlice("registry-mirrors"),
-			Labels:                      c.StringSlice("custom-labels"),
-			SkipTlsVerify:               c.Bool("skip-tls-verify"),
-			SnapshotMode:                c.String("snapshot-mode"),
-			EnableCache:                 c.Bool("enable-cache"),
-			CacheRepo:                   buildRepo(c.String("registry"), c.String("cache-repo"), c.Bool("expand-repo")),
-			CacheTTL:                    c.Int("cache-ttl"),
-			DigestFile:                  defaultDigestFile,
-			NoPush:                      noPush,
-			TarPath:                     c.String("tar-path"),
-			Verbosity:                   c.String("verbosity"),
-			Platform:                    c.String("platform"),
-			SkipUnusedStages:            c.Bool("skip-unused-stages"),
-			CacheDir:                    c.String("cache-dir"),
-			CacheCopyLayers:             c.Bool("cache-copy-layers"),
-			CacheRunLayers:              c.Bool("cache-run-layers"),
-			Cleanup:                     c.Bool("cleanup"),
-			ContextSubPath:              c.String("context-sub-path"),
-			CustomPlatform:              c.String("custom-platform"),
-			Force:                       c.Bool("force"),
-			ImageNameWithDigestFile:     c.String("image-name-with-digest-file"),
-			ImageNameTagWithDigestFile:  c.String("image-name-tag-with-digest-file"),
-			Insecure:                    c.Bool("insecure"),
-			InsecurePull:                c.Bool("insecure-pull"),
-			InsecureRegistry:            c.String("insecure-registry"),
-			Label:                       c.String("label"),
-			LogFormat:                   c.String("log-format"),
-			LogTimestamp:                c.Bool("log-timestamp"),
-			OCILayoutPath:               c.String("oci-layout-path"),
-			PushRetry:                   c.Int("push-retry"),
-			RegistryCertificate:         c.String("registry-certificate"),
-			RegistryClientCert:          c.String("registry-client-cert"),
-			SkipDefaultRegistryFallback: c.Bool("skip-default-registry-fallback"),
-			Reproducible:                c.Bool("reproducible"),
-			SingleSnapshot:              c.Bool("single-snapshot"),
-			SkipTLSVerify:               c.Bool("skip-tls-verify"),
-			SkipPushPermissionCheck:     c.Bool("skip-push-permission-check"),
-			SkipTLSVerifyPull:           c.Bool("skip-tls-verify-pull"),
-			SkipTLSVerifyRegistry:       c.Bool("skip-tls-verify-registry"),
-			UseNewRun:                   c.Bool("use-new-run"),
-			IgnorePath:                  c.String("ignore-path"),
-
-			ImageFSExtractRetry: c.Int("image-fs-extract-retry"),
-			ImageDownloadRetry:  c.Int("image-download-retry"),
+			DroneCommitRef:   c.String("drone-commit-ref"),
+			DroneRepoBranch:  c.String("drone-repo-branch"),
+			Dockerfile:       c.String("dockerfile"),
+			Context:          c.String("context"),
+			Tags:             c.StringSlice("tags"),
+			AutoTag:          c.Bool("auto-tag"),
+			AutoTagSuffix:    c.String("auto-tag-suffix"),
+			ExpandTag:        c.Bool("expand-tag"),
+			Args:             c.StringSlice("args"),
+			Target:           c.String("target"),
+			Repo:             buildRepo(c.String("registry"), c.String("repo"), c.Bool("expand-repo")),
+			Mirrors:          c.StringSlice("registry-mirrors"),
+			Labels:           c.StringSlice("custom-labels"),
+			SkipTlsVerify:    c.Bool("skip-tls-verify"),
+			SnapshotMode:     c.String("snapshot-mode"),
+			EnableCache:      c.Bool("enable-cache"),
+			CacheRepo:        buildRepo(c.String("registry"), c.String("cache-repo"), c.Bool("expand-repo")),
+			CacheTTL:         c.Int("cache-ttl"),
+			DigestFile:       defaultDigestFile,
+			NoPush:           noPush,
+			TarPath:          c.String("tar-path"),
+			Verbosity:        c.String("verbosity"),
+			Platform:         c.String("platform"),
+			SkipUnusedStages: c.Bool("skip-unused-stages"),
 		},
 		Artifact: kaniko.Artifact{
 			Tags:         c.StringSlice("tags"),
@@ -463,36 +263,48 @@ func run(c *cli.Context) error {
 			OutputFile: c.String("output-file"),
 		},
 	}
-	if c.IsSet("compressed-caching") {
-		flag := c.Bool("compressed-caching")
-		plugin.Build.CompressedCaching = &flag
-	}
-	if c.IsSet("ignore-var-run") {
-		flag := c.Bool("ignore-var-run")
-		plugin.Build.IgnoreVarRun = &flag
-	}
 	return plugin.Exec()
 }
 
-func setDockerAuth(username, password, registry, baseImageUsername, baseImagePassword, baseImageRegistry string) error {
-	dockerConfig := docker.NewConfig()
-	pushToRegistryCreds := docker.RegistryCredentials{
-		Registry: registry,
-		Username: username,
-		Password: password,
+// Create the docker config file for authentication
+func createDockerCfgFile(username, password, registry string) error {
+	if username == "" {
+		return fmt.Errorf("Username must be specified")
+	}
+	if password == "" {
+		return fmt.Errorf("Password must be specified")
+	}
+	if registry == "" {
+		return fmt.Errorf("Registry must be specified")
 	}
-	credentials := []docker.RegistryCredentials{pushToRegistryCreds}
 
-	if baseImageRegistry != "" {
-		pullFromRegistryCreds := docker.RegistryCredentials{
-			Registry: baseImageRegistry,
-			Username: baseImageUsername,
-			Password: baseImagePassword,
-		}
-		credentials = append(credentials, pullFromRegistryCreds)
+	if registry == v2RegistryURL || registry == v2HubRegistryURL {
+		fmt.Println("Docker v2 registry is not supported in kaniko. Refer issue: https://github.com/GoogleContainerTools/kaniko/issues/1209")
+		fmt.Printf("Using v1 registry instead: %s\n", v1RegistryURL)
+		registry = v1RegistryURL
 	}
-	// Creates docker config for both the regustries used for authentication
-	return dockerConfig.CreateDockerConfig(credentials, dockerPath)
+
+	authBytes := []byte(fmt.Sprintf("%s:%s", username, password))
+	encodedString := base64.StdEncoding.EncodeToString(authBytes)
+	jsonBytes := []byte(fmt.Sprintf(`{"auths": {"%s": {"auth": "%s"}}}`, registry, encodedString))
+
+	if err := writeDockerCfgFile(jsonBytes); err != nil {
+		return errors.Wrap(err, "failed to write docker config file")
+	}
+	return nil
+}
+
+// Write json bytes in the docker config file
+func writeDockerCfgFile(jsonBytes []byte) error {
+	err := os.MkdirAll(dockerPath, 0600)
+	if err != nil {
+		return errors.Wrap(err, fmt.Sprintf("failed to create %s directory", dockerPath))
+	}
+	err = ioutil.WriteFile(dockerConfigPath, jsonBytes, 0644)
+	if err != nil {
+		return errors.Wrap(err, "failed to create docker config file")
+	}
+	return nil
 }
 
 func buildRepo(registry, repo string, expandRepo bool) string {

cmd/kaniko-docker/main_test.go

@@ -1,12 +1,6 @@
 package main
 
-import (
-	"io/ioutil"
-	"os"
-	"testing"
-
-	"github.com/drone/drone-kaniko/pkg/docker"
-)
+import "testing"
 
 func Test_buildRepo(t *testing.T) {
 	tests := []struct {
@@ -41,83 +35,3 @@ func Test_buildRepo(t *testing.T) {
 		})
 	}
 }
-
-func TestCreateDockerConfig(t *testing.T) {
-	config := docker.NewConfig()
-	tempDir, err := ioutil.TempDir("", "docker-config-test")
-	if err != nil {
-		t.Fatalf("Failed to create temporary directory: %v", err)
-	}
-	defer os.RemoveAll(tempDir)
-
-	tests := []struct {
-		name        string
-		credentials []docker.RegistryCredentials
-		wantErr     bool
-	}{
-		{
-			name: "valid credentials",
-			credentials: []docker.RegistryCredentials{
-				{
-					Registry: "https://index.docker.io/v1/",
-					Username: "testuser",
-					Password: "testpassword",
-				},
-			},
-			wantErr: false,
-		},
-		{
-			name: "v2 registry",
-			credentials: []docker.RegistryCredentials{
-				{
-					Registry: "https://index.docker.io/v2/",
-					Username: "testuser",
-					Password: "testpassword",
-				},
-			},
-			wantErr: false,
-		},
-		{
-			name: "docker registry credentials",
-			credentials: []docker.RegistryCredentials{
-				{
-					Registry: "https://index.docker.io/v1/",
-					Username: "testuser",
-					Password: "testpassword",
-				},
-				{
-					Registry: "https://docker.io",
-					Username: "dockeruser",
-					Password: "dockerpassword",
-				},
-			},
-			wantErr: false,
-		},
-		{
-			name: "empty docker registry",
-			credentials: []docker.RegistryCredentials{
-				{
-					Registry: "https://index.docker.io/v1/",
-					Username: "testuser",
-					Password: "testpassword",
-				},
-				{
-					Registry: "https://docker.io",
-					Username: "dockeruser",
-					Password: "",
-				},
-			},
-			wantErr: true,
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			err := config.CreateDockerConfig(tt.credentials, tempDir)
-			if (err != nil) != tt.wantErr {
-				t.Errorf("CreateDockerConfig() error = %v, wantErr %v", err, tt.wantErr)
-				return
-			}
-		})
-	}
-}

cmd/kaniko-ecr/main.go

@@ -3,6 +3,7 @@ package main
 import (
 	"context"
 	"encoding/base64"
+	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"os"
@@ -31,8 +32,8 @@ import (
 
 const (
 	accessKeyEnv     string = "AWS_ACCESS_KEY_ID"
-	dockerConfigPath string = "/kaniko/.docker"
 	secretKeyEnv     string = "AWS_SECRET_ACCESS_KEY"
+	dockerConfigPath string = "/kaniko/.docker/config.json"
 	ecrPublicDomain  string = "public.ecr.aws"
 	kanikoVersionEnv string = "KANIKO_VERSION"
 
@@ -66,18 +67,18 @@ func main() {
 		},
 		cli.StringFlag{
 			Name:   "docker-registry",
-			Usage:  "Docker registry for base image",
-			EnvVar: "PLUGIN_DOCKER_REGISTRY,DOCKER_REGISTRY,PLUGIN_BASE_IMAGE_REGISTRY",
+			Usage:  "docker registry",
+			EnvVar: "PLUGIN_DOCKER_REGISTRY,DOCKER_REGISTRY",
 		},
 		cli.StringFlag{
 			Name:   "docker-username",
-			Usage:  "Docker username for base image registry",
-			EnvVar: "PLUGIN_USERNAME,PLUGIN_DOCKER_USERNAME,PLUGIN_BASE_IMAGE_USERNAME,DOCKER_USERNAME",
+			Usage:  "docker username",
+			EnvVar: "PLUGIN_USERNAME,DOCKER_USERNAME",
 		},
 		cli.StringFlag{
 			Name:   "docker-password",
-			Usage:  "Docker password for base image registry",
-			EnvVar: "PLUGIN_PASSWORD,PLUGIN_DOCKER_PASSWORD,PLUGIN_BASE_IMAGE_PASSWORD,DOCKER_PASSWORD",
+			Usage:  "docker password",
+			EnvVar: "PLUGIN_PASSWORD,DOCKER_PASSWORD",
 		},
 		cli.StringFlag{
 			Name:   "context",
@@ -233,157 +234,6 @@ func main() {
 			Usage:  "build only used stages",
 			EnvVar: "PLUGIN_SKIP_UNUSED_STAGES",
 		},
-		cli.StringFlag{
-			Name:   "cache-dir",
-			Usage:  "Set this flag to specify a local directory cache for base images",
-			EnvVar: "PLUGIN_CACHE_DIR",
-		},
-
-		cli.BoolFlag{
-			Name:   "cache-copy-layers",
-			Usage:  "Enable or disable copying layers from the cache.",
-			EnvVar: "PLUGIN_CACHE_COPY_LAYERS",
-		},
-		cli.BoolFlag{
-			Name:   "cache-run-layers",
-			Usage:  "Enable or disable running layers from the cache.",
-			EnvVar: "PLUGIN_CACHE_RUN_LAYERS",
-		},
-		cli.BoolFlag{
-			Name:   "cleanup",
-			Usage:  "Enable or disable cleanup of temporary files.",
-			EnvVar: "PLUGIN_CLEANUP",
-		},
-		cli.BoolFlag{
-			Name:   "compressed-caching",
-			Usage:  "Enable or disable compressed caching.",
-			EnvVar: "PLUGIN_COMPRESSED_CACHING",
-		},
-		cli.StringFlag{
-			Name:   "context-sub-path",
-			Usage:  "Sub-path within the context to build.",
-			EnvVar: "PLUGIN_CONTEXT_SUB_PATH",
-		},
-		cli.StringFlag{
-			Name:   "custom-platform",
-			Usage:  "Platform to use for building.",
-			EnvVar: "PLUGIN_CUSTOM_PLATFORM",
-		},
-		cli.BoolFlag{
-			Name:   "force",
-			Usage:  "Force building the image even if it already exists.",
-			EnvVar: "PLUGIN_FORCE",
-		},
-		cli.StringFlag{
-			Name:   "image-name-with-digest-file",
-			Usage:  "Write image name with digest to a file.",
-			EnvVar: "PLUGIN_IMAGE_NAME_WITH_DIGEST_FILE",
-		},
-		cli.StringFlag{
-			Name:   "image-name-tag-with-digest-file",
-			Usage:  "Write image name with tag and digest to a file.",
-			EnvVar: "PLUGIN_IMAGE_NAME_TAG_WITH_DIGEST_FILE",
-		},
-		cli.BoolFlag{
-			Name:   "insecure",
-			Usage:  "Allow connecting to registries without TLS.",
-			EnvVar: "PLUGIN_INSECURE",
-		},
-		cli.BoolFlag{
-			Name:   "insecure-pull",
-			Usage:  "Allow insecure pulls from the registry.",
-			EnvVar: "PLUGIN_INSECURE_PULL",
-		},
-		cli.StringFlag{
-			Name:   "insecure-registry",
-			Usage:  "Use plain HTTP for registry communication.",
-			EnvVar: "PLUGIN_INSECURE_REGISTRY",
-		},
-		cli.StringFlag{
-			Name:   "log-format",
-			Usage:  "Set the log format for build output.",
-			EnvVar: "PLUGIN_LOG_FORMAT",
-		},
-		cli.BoolFlag{
-			Name:   "log-timestamp",
-			Usage:  "Show timestamps in build output.",
-			EnvVar: "PLUGIN_LOG_TIMESTAMP",
-		},
-		cli.StringFlag{
-			Name:   "oci-layout-path",
-			Usage:  "Directory to store OCI layout.",
-			EnvVar: "PLUGIN_OCI_LAYOUT_PATH",
-		},
-		cli.IntFlag{
-			Name:   "push-retry",
-			Usage:  "Number of times to retry pushing an image.",
-			EnvVar: "PLUGIN_PUSH_RETRY",
-		},
-		cli.StringFlag{
-			Name:   "registry-certificate",
-			Usage:  "Path to a file containing a registry certificate.",
-			EnvVar: "PLUGIN_REGISTRY_CERTIFICATE",
-		},
-		cli.StringFlag{
-			Name:   "registry-client-cert",
-			Usage:  "Path to a file containing a registry client certificate.",
-			EnvVar: "PLUGIN_REGISTRY_CLIENT_CERT",
-		},
-		cli.BoolFlag{
-			Name:   "skip-default-registry-fallback",
-			Usage:  "Skip Docker Hub and default registry fallback.",
-			EnvVar: "PLUGIN_SKIP_DEFAULT_REGISTRY_FALLBACK",
-		},
-		cli.BoolFlag{
-			Name:   "reproducible",
-			Usage:  "Create a reproducible image.",
-			EnvVar: "PLUGIN_REPRODUCIBLE",
-		},
-		cli.BoolFlag{
-			Name:   "single-snapshot",
-			Usage:  "Only create a single snapshot of the image.",
-			EnvVar: "PLUGIN_SINGLE_SNAPSHOT",
-		},
-		cli.BoolFlag{
-			Name:   "skip-push-permission-check",
-			Usage:  "Skip permission check when pushing.",
-			EnvVar: "PLUGIN_SKIP_PUSH_PERMISSION_CHECK",
-		},
-		cli.BoolFlag{
-			Name:   "skip-tls-verify-pull",
-			Usage:  "Skip TLS verification when pulling.",
-			EnvVar: "PLUGIN_SKIP_TLS_VERIFY_PULL",
-		},
-		cli.BoolFlag{
-			Name:   "skip-tls-verify-registry",
-			Usage:  "Skip TLS verification when connecting to a registry.",
-			EnvVar: "PLUGIN_SKIP_TLS_VERIFY_REGISTRY",
-		},
-		cli.BoolFlag{
-			Name:   "use-new-run",
-			Usage:  "Skip TLS verification when connecting to a registry.",
-			EnvVar: "PLUGIN_USE_NEW_RUN",
-		},
-		cli.BoolFlag{
-			Name:   "ignore-var-run",
-			Usage:  "Ignore the /var/run directory during build.",
-			EnvVar: "PLUGIN_IGNORE_VAR_RUN",
-		},
-		cli.StringFlag{
-			Name:   "ignore-path",
-			Usage:  "Path to ignore during the build.",
-			EnvVar: "PLUGIN_IGNORE_PATH",
-		},
-		cli.IntFlag{
-			Name:   "image-fs-extract-retry",
-			Usage:  "Number of retries for extracting filesystem layers.",
-			EnvVar: "PLUGIN_IMAGE_FS_EXTRACT_RETRY",
-		},
-		cli.IntFlag{
-			Name:   "image-download-retry",
-			Usage:  "Number of retries for downloading base images.",
-			EnvVar: "PLUGIN_IMAGE_DOWNLOAD_RETRY",
-		},
 	}
 
 	if err := app.Run(os.Args); err != nil {
@@ -399,8 +249,7 @@ func run(c *cli.Context) error {
 	assumeRole := c.String("assume-role")
 	externalId := c.String("external-id")
 
-	// setup docker config for azure registry and base image docker registry
-	err := setDockerAuth(
+	dockerConfig, err := createDockerConfig(
 		c.String("docker-registry"),
 		c.String("docker-username"),
 		c.String("docker-password"),
@@ -413,7 +262,16 @@ func run(c *cli.Context) error {
 		noPush,
 	)
 	if err != nil {
-		return errors.Wrap(err, "failed to create docker config")
+		return err
+	}
+
+	jsonBytes, err := json.Marshal(dockerConfig)
+	if err != nil {
+		return err
+	}
+
+	if err := ioutil.WriteFile(dockerConfigPath, jsonBytes, 0644); err != nil {
+		return err
 	}
 
 	// only create repository when pushing and create-repository is true
@@ -445,58 +303,28 @@ func run(c *cli.Context) error {
 
 	plugin := kaniko.Plugin{
 		Build: kaniko.Build{
-			DroneCommitRef:              c.String("drone-commit-ref"),
-			DroneRepoBranch:             c.String("drone-repo-branch"),
-			Dockerfile:                  c.String("dockerfile"),
-			Context:                     c.String("context"),
-			Tags:                        c.StringSlice("tags"),
-			AutoTag:                     c.Bool("auto-tag"),
-			AutoTagSuffix:               c.String("auto-tag-suffix"),
-			ExpandTag:                   c.Bool("expand-tag"),
-			Args:                        c.StringSlice("args"),
-			Target:                      c.String("target"),
-			Repo:                        fmt.Sprintf("%s/%s", c.String("registry"), c.String("repo")),
-			Mirrors:                     c.StringSlice("registry-mirrors"),
-			Labels:                      c.StringSlice("custom-labels"),
-			SnapshotMode:                c.String("snapshot-mode"),
-			EnableCache:                 c.Bool("enable-cache"),
-			CacheRepo:                   fmt.Sprintf("%s/%s", c.String("registry"), c.String("cache-repo")),
-			CacheTTL:                    c.Int("cache-ttl"),
-			DigestFile:                  defaultDigestFile,
-			NoPush:                      noPush,
-			Verbosity:                   c.String("verbosity"),
-			Platform:                    c.String("platform"),
-			SkipUnusedStages:            c.Bool("skip-unused-stages"),
-			CacheDir:                    c.String("cache-dir"),
-			CacheCopyLayers:             c.Bool("cache-copy-layers"),
-			CacheRunLayers:              c.Bool("cache-run-layers"),
-			Cleanup:                     c.Bool("cleanup"),
-			ContextSubPath:              c.String("context-sub-path"),
-			CustomPlatform:              c.String("custom-platform"),
-			Force:                       c.Bool("force"),
-			ImageNameWithDigestFile:     c.String("image-name-with-digest-file"),
-			ImageNameTagWithDigestFile:  c.String("image-name-tag-with-digest-file"),
-			Insecure:                    c.Bool("insecure"),
-			InsecurePull:                c.Bool("insecure-pull"),
-			InsecureRegistry:            c.String("insecure-registry"),
-			Label:                       c.String("label"),
-			LogFormat:                   c.String("log-format"),
-			LogTimestamp:                c.Bool("log-timestamp"),
-			OCILayoutPath:               c.String("oci-layout-path"),
-			PushRetry:                   c.Int("push-retry"),
-			RegistryCertificate:         c.String("registry-certificate"),
-			RegistryClientCert:          c.String("registry-client-cert"),
-			SkipDefaultRegistryFallback: c.Bool("skip-default-registry-fallback"),
-			Reproducible:                c.Bool("reproducible"),
-			SingleSnapshot:              c.Bool("single-snapshot"),
-			SkipTLSVerify:               c.Bool("skip-tls-verify"),
-			SkipPushPermissionCheck:     c.Bool("skip-push-permission-check"),
-			SkipTLSVerifyPull:           c.Bool("skip-tls-verify-pull"),
-			SkipTLSVerifyRegistry:       c.Bool("skip-tls-verify-registry"),
-			UseNewRun:                   c.Bool("use-new-run"),
-			IgnorePath:                  c.String("ignore-path"),
-			ImageFSExtractRetry:         c.Int("image-fs-extract-retry"),
-			ImageDownloadRetry:          c.Int("image-download-retry"),
+			DroneCommitRef:   c.String("drone-commit-ref"),
+			DroneRepoBranch:  c.String("drone-repo-branch"),
+			Dockerfile:       c.String("dockerfile"),
+			Context:          c.String("context"),
+			Tags:             c.StringSlice("tags"),
+			AutoTag:          c.Bool("auto-tag"),
+			AutoTagSuffix:    c.String("auto-tag-suffix"),
+			ExpandTag:        c.Bool("expand-tag"),
+			Args:             c.StringSlice("args"),
+			Target:           c.String("target"),
+			Repo:             fmt.Sprintf("%s/%s", c.String("registry"), c.String("repo")),
+			Mirrors:          c.StringSlice("registry-mirrors"),
+			Labels:           c.StringSlice("custom-labels"),
+			SnapshotMode:     c.String("snapshot-mode"),
+			EnableCache:      c.Bool("enable-cache"),
+			CacheRepo:        fmt.Sprintf("%s/%s", c.String("registry"), c.String("cache-repo")),
+			CacheTTL:         c.Int("cache-ttl"),
+			DigestFile:       defaultDigestFile,
+			NoPush:           noPush,
+			Verbosity:        c.String("verbosity"),
+			Platform:         c.String("platform"),
+			SkipUnusedStages: c.Bool("skip-unused-stages"),
 		},
 		Artifact: kaniko.Artifact{
 			Tags:         c.StringSlice("tags"),
@@ -506,60 +334,44 @@ func run(c *cli.Context) error {
 			RegistryType: artifact.ECR,
 		},
 	}
-	if c.IsSet("compressed-caching") {
-		flag := c.Bool("compressed-caching")
-		plugin.Build.CompressedCaching = &flag
-	}
-	if c.IsSet("ignore-var-run") {
-		flag := c.Bool("ignore-var-run")
-		plugin.Build.IgnoreVarRun = &flag
-	}
 	return plugin.Exec()
 }
 
-func setDockerAuth(dockerRegistry, dockerUsername, dockerPassword, accessKey, secretKey,
-	registry, assumeRole, externalId, region string, noPush bool) error {
+func createDockerConfig(dockerRegistry, dockerUsername, dockerPassword, accessKey, secretKey,
+	registry, assumeRole, externalId, region string, noPush bool) (*docker.Config, error) {
 	dockerConfig := docker.NewConfig()
-	credentials := []docker.RegistryCredentials{}
-	// set docker credentials for base image registry
-	if dockerRegistry != "" {
-		pullFromRegistryCreds := docker.RegistryCredentials{
-			Registry: dockerRegistry,
-			Username: dockerUsername,
-			Password: dockerPassword,
+
+	if dockerUsername != "" {
+		// if no docker registry provided, use dockerhub by default
+		if len(dockerRegistry) == 0 {
+			dockerRegistry = docker.RegistryV1
 		}
-		credentials = append(credentials, pullFromRegistryCreds)
+		dockerConfig.SetAuth(dockerRegistry, dockerUsername, dockerPassword)
 	}
 
 	if assumeRole != "" {
 		var err error
 		username, password, registry, err := getAssumeRoleCreds(region, assumeRole, externalId, "")
 		if err != nil {
-			return err
+			return nil, err
 		}
-		pushToRegistryCreds := docker.RegistryCredentials{
-			Registry: registry,
-			Username: username,
-			Password: password,
-		}
-		credentials = append(credentials, pushToRegistryCreds)
-
+		dockerConfig.SetAuth(registry, username, password)
 	} else if !noPush || accessKey != "" {
 		// only setup auth when pushing or credentials are defined
 		if registry == "" {
-			return fmt.Errorf("registry must be specified")
+			return nil, fmt.Errorf("registry must be specified")
 		}
 
 		// If IAM role is used, access key & secret key are not required
 		if accessKey != "" && secretKey != "" {
 			err := os.Setenv(accessKeyEnv, accessKey)
 			if err != nil {
-				return errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", accessKeyEnv))
+				return nil, errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", accessKeyEnv))
 			}
 
 			err = os.Setenv(secretKeyEnv, secretKey)
 			if err != nil {
-				return errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", secretKeyEnv))
+				return nil, errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", secretKeyEnv))
 			}
 		}
 
@@ -570,7 +382,8 @@ func setDockerAuth(dockerRegistry, dockerUsername, dockerPassword, accessKey, se
 			dockerConfig.SetCredHelper(registry, "ecr-login")
 		}
 	}
-	return dockerConfig.CreateDockerConfig(credentials, dockerConfigPath)
+
+	return dockerConfig, nil
 }
 
 func createRepository(region, repo, registry, assumeRole, externalId string) error {

cmd/kaniko-ecr/main_test.go

@@ -1,45 +1,129 @@
 package main
 
 import (
-	"encoding/base64"
-	"io/ioutil"
 	"os"
+	"reflect"
 	"testing"
 
 	"github.com/drone/drone-kaniko/pkg/docker"
-	"github.com/stretchr/testify/assert"
 )
 
-func TestCreateDockerConfigForECRWithBaseRegistry(t *testing.T) {
-	accessKey := "access-key"
-	secretKey := "secret-key"
-	ecrRegistry := "ecr-registry"
-	dockerUsername := "dockeruser"
-	dockerPassword := "dockerpass"
-	dockerRegistry := "https://index.docker.io/v1/"
-
-	tempDir, err := ioutil.TempDir("", "docker-config-test")
-	assert.NoError(t, err)
-	defer os.RemoveAll(tempDir)
-
-	config := docker.NewConfig()
-
-	pullFromRegistryCreds := docker.RegistryCredentials{
-		Registry: dockerRegistry,
-		Username: dockerUsername,
-		Password: dockerPassword,
-	}
-	credentials := []docker.RegistryCredentials{
-		{Registry: ecrRegistry, Username: accessKey, Password: secretKey},
-		pullFromRegistryCreds,
+func TestCreateDockerConfig(t *testing.T) {
+	got, err := createDockerConfig(
+		"",
+		"docker-username",
+		"docker-password",
+		"access-key",
+		"secret-key",
+		"ecr-registry",
+		"",
+		"",
+		"",
+		false,
+	)
+	if err != nil {
+		t.Error("failed to create docker config")
 	}
 
-	err = config.CreateDockerConfig(credentials, tempDir)
-	assert.NoError(t, err)
+	want := docker.NewConfig()
+	want.SetAuth(docker.RegistryV1, "docker-username", "docker-password")
+	want.SetCredHelper(docker.RegistryECRPublic, "ecr-login")
+	want.SetCredHelper("ecr-registry", "ecr-login")
 
-	expectedECRAuth := docker.Auth{Auth: base64.StdEncoding.EncodeToString([]byte(accessKey + ":" + secretKey))}
-	assert.Equal(t, expectedECRAuth, config.Auths[ecrRegistry])
+	if !reflect.DeepEqual(want, got) {
+		t.Errorf("not equal:\n  want: %#v\n   got: %#v", want, got)
+	}
+}
 
-	expectedDockerAuth := docker.Auth{Auth: base64.StdEncoding.EncodeToString([]byte(dockerUsername + ":" + dockerPassword))}
-	assert.Equal(t, expectedDockerAuth, config.Auths[dockerRegistry])
-}
+func TestCreateDockerConfigFromGivenRegistry(t *testing.T) {
+	got, err := createDockerConfig(
+		"docker-registry",
+		"docker-username",
+		"docker-password",
+		"access-key",
+		"secret-key",
+		"ecr-registry",
+		"",
+		"",
+		"",
+		false,
+	)
+	if err != nil {
+		t.Error("failed to create docker config")
+	}
+
+	want := docker.NewConfig()
+	want.SetAuth("docker-registry", "docker-username", "docker-password")
+	want.SetCredHelper(docker.RegistryECRPublic, "ecr-login")
+	want.SetCredHelper("ecr-registry", "ecr-login")
+	if !reflect.DeepEqual(want, got) {
+		t.Errorf("not equal:\n  want: %#v\n   got: %#v", want, got)
+	}
+}
+
+func TestCreateDockerConfigKanikoOneDotEight(t *testing.T) {
+	os.Setenv(kanikoVersionEnv, "1.8.1")
+	defer os.Setenv(kanikoVersionEnv, "")
+	got, err := createDockerConfig(
+		"",
+		"docker-username",
+		"docker-password",
+		"access-key",
+		"secret-key",
+		"ecr-registry",
+		"",
+		"",
+		"",
+		false,
+	)
+	if err != nil {
+		t.Error("failed to create docker config")
+	}
+
+	want := docker.NewConfig()
+	want.SetAuth(docker.RegistryV1, "docker-username", "docker-password")
+
+	if !reflect.DeepEqual(want, got) {
+		t.Errorf("not equal:\n  want: %#v\n   got: %#v", want, got)
+	}
+}
+
+func TestVersionComparison(t *testing.T) {
+	tests := []struct {
+		title    string
+		version  string
+		expected bool
+	}{
+		{
+			title:    "Kaniko 1.6.0 version",
+			version:  "1.6.0",
+			expected: true,
+		},
+		{
+			title:    "Kaniko 1.8.0 version",
+			version:  "1.8.0",
+			expected: false,
+		},
+		{
+			title:    "Kaniko 1.8.1 version",
+			version:  "1.8.1",
+			expected: false,
+		},
+		{
+			title:    "Empty kaniko version",
+			version:  "",
+			expected: true,
+		},
+		{
+			title:    "Kaniko version 1.10.0",
+			version:  "1.10.0",
+			expected: false,
+		},
+	}
+	for _, test := range tests {
+		got := isKanikoVersionBelowOneDotEight(test.version)
+		if got != test.expected {
+			t.Fatalf("test name: %s, expected: %v, got: %v", test.title, test.expected, got)
+		}
+	}
+}

cmd/kaniko-gar/main.go

@@ -1,10 +1,14 @@
 package main
 
 import (
+	"encoding/base64"
+	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"os"
 
+	"github.com/drone/drone-kaniko/internal"
+
 	"github.com/joho/godotenv"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -12,14 +16,12 @@ import (
 
 	kaniko "github.com/drone/drone-kaniko"
 	"github.com/drone/drone-kaniko/pkg/artifact"
-	"github.com/drone/drone-kaniko/pkg/docker"
 )
 
 const (
-	dockerConfigPath string = "/kaniko/.docker"
 	// GAR JSON key file path
-	garKeyPath       string = "/kaniko/config.json"
-	garEnvVariable   string = "GOOGLE_APPLICATION_CREDENTIALS"
+	garKeyPath     string = "/kaniko/config.json"
+	garEnvVariable string = "GOOGLE_APPLICATION_CREDENTIALS"
 
 	defaultDigestFile string = "/kaniko/digest-file"
 )
@@ -111,21 +113,6 @@ func main() {
 			Usage:  "gar registry",
 			EnvVar: "PLUGIN_REGISTRY",
 		},
-		cli.StringFlag{
-			Name:   "base-image-username",
-			Usage:  "Docker username for base image registry",
-			EnvVar: "PLUGIN_DOCKER_USERNAME,PLUGIN_BASE_IMAGE_USERNAME,DOCKER_USERNAME",
-		},
-		cli.StringFlag{
-			Name:   "base-image-password",
-			Usage:  "Docker password for base image registry",
-			EnvVar: "PLUGIN_DOCKER_PASSWORD,PLUGIN_BASE_IMAGE_PASSWORD,DOCKER_PASSWORD",
-		},
-		cli.StringFlag{
-			Name:   "base-image-registry",
-			Usage:  "Docker registry for base image registry",
-			EnvVar: "PLUGIN_DOCKER_REGISTRY,PLUGIN_BASE_IMAGE_REGISTRY,DOCKER_REGISTRY",
-		},
 		cli.StringSliceFlag{
 			Name:   "registry-mirrors",
 			Usage:  "docker registry mirrors",
@@ -182,155 +169,29 @@ func main() {
 			EnvVar: "PLUGIN_SKIP_UNUSED_STAGES",
 		},
 		cli.StringFlag{
-			Name:   "cache-dir",
-			Usage:  "Set this flag to specify a local directory cache for base images",
-			EnvVar: "PLUGIN_CACHE_DIR",
-		},
-
-		cli.BoolFlag{
-			Name:   "cache-copy-layers",
-			Usage:  "Enable or disable copying layers from the cache.",
-			EnvVar: "PLUGIN_CACHE_COPY_LAYERS",
-		},
-		cli.BoolFlag{
-			Name:   "cache-run-layers",
-			Usage:  "Enable or disable running layers from the cache.",
-			EnvVar: "PLUGIN_CACHE_RUN_LAYERS",
-		},
-		cli.BoolFlag{
-			Name:   "cleanup",
-			Usage:  "Enable or disable cleanup of temporary files.",
-			EnvVar: "PLUGIN_CLEANUP",
-		},
-		cli.BoolFlag{
-			Name:   "compressed-caching",
-			Usage:  "Enable or disable compressed caching.",
-			EnvVar: "PLUGIN_COMPRESSED_CACHING",
+			Name:   "oidc-token",
+			Usage:  "OIDC token to use for authentication",
+			EnvVar: "PLUGIN_OIDC_TOKEN_ID",
 		},
 		cli.StringFlag{
-			Name:   "context-sub-path",
-			Usage:  "Sub-path within the context to build.",
-			EnvVar: "PLUGIN_CONTEXT_SUB_PATH",
+			Name:   "project-number",
+			Usage:  "Google project number",
+			EnvVar: "PLUGIN_PROJECT_NUMBER",
 		},
 		cli.StringFlag{
-			Name:   "custom-platform",
-			Usage:  "Platform to use for building.",
-			EnvVar: "PLUGIN_CUSTOM_PLATFORM",
-		},
-		cli.BoolFlag{
-			Name:   "force",
-			Usage:  "Force building the image even if it already exists.",
-			EnvVar: "PLUGIN_FORCE",
+			Name:   "pool-id",
+			Usage:  "Google pool id",
+			EnvVar: "PLUGIN_POOL_ID",
 		},
 		cli.StringFlag{
-			Name:   "image-name-with-digest-file",
-			Usage:  "Write image name with digest to a file.",
-			EnvVar: "PLUGIN_IMAGE_NAME_WITH_DIGEST_FILE",
+			Name:   "provider-id",
+			Usage:  "Google provider id",
+			EnvVar: "PLUGIN_PROVIDER_ID",
 		},
 		cli.StringFlag{
-			Name:   "image-name-tag-with-digest-file",
-			Usage:  "Write image name with tag and digest to a file.",
-			EnvVar: "PLUGIN_IMAGE_NAME_TAG_WITH_DIGEST_FILE",
-		},
-		cli.BoolFlag{
-			Name:   "insecure",
-			Usage:  "Allow connecting to registries without TLS.",
-			EnvVar: "PLUGIN_INSECURE",
-		},
-		cli.BoolFlag{
-			Name:   "insecure-pull",
-			Usage:  "Allow insecure pulls from the registry.",
-			EnvVar: "PLUGIN_INSECURE_PULL",
-		},
-		cli.StringFlag{
-			Name:   "insecure-registry",
-			Usage:  "Use plain HTTP for registry communication.",
-			EnvVar: "PLUGIN_INSECURE_REGISTRY",
-		},
-		cli.StringFlag{
-			Name:   "log-format",
-			Usage:  "Set the log format for build output.",
-			EnvVar: "PLUGIN_LOG_FORMAT",
-		},
-		cli.BoolFlag{
-			Name:   "log-timestamp",
-			Usage:  "Show timestamps in build output.",
-			EnvVar: "PLUGIN_LOG_TIMESTAMP",
-		},
-		cli.StringFlag{
-			Name:   "oci-layout-path",
-			Usage:  "Directory to store OCI layout.",
-			EnvVar: "PLUGIN_OCI_LAYOUT_PATH",
-		},
-		cli.IntFlag{
-			Name:   "push-retry",
-			Usage:  "Number of times to retry pushing an image.",
-			EnvVar: "PLUGIN_PUSH_RETRY",
-		},
-		cli.StringFlag{
-			Name:   "registry-certificate",
-			Usage:  "Path to a file containing a registry certificate.",
-			EnvVar: "PLUGIN_REGISTRY_CERTIFICATE",
-		},
-		cli.StringFlag{
-			Name:   "registry-client-cert",
-			Usage:  "Path to a file containing a registry client certificate.",
-			EnvVar: "PLUGIN_REGISTRY_CLIENT_CERT",
-		},
-		cli.BoolFlag{
-			Name:   "skip-default-registry-fallback",
-			Usage:  "Skip Docker Hub and default registry fallback.",
-			EnvVar: "PLUGIN_SKIP_DEFAULT_REGISTRY_FALLBACK",
-		},
-		cli.BoolFlag{
-			Name:   "reproducible",
-			Usage:  "Create a reproducible image.",
-			EnvVar: "PLUGIN_REPRODUCIBLE",
-		},
-		cli.BoolFlag{
-			Name:   "single-snapshot",
-			Usage:  "Only create a single snapshot of the image.",
-			EnvVar: "PLUGIN_SINGLE_SNAPSHOT",
-		},
-		cli.BoolFlag{
-			Name:   "skip-push-permission-check",
-			Usage:  "Skip permission check when pushing.",
-			EnvVar: "PLUGIN_SKIP_PUSH_PERMISSION_CHECK",
-		},
-		cli.BoolFlag{
-			Name:   "skip-tls-verify-pull",
-			Usage:  "Skip TLS verification when pulling.",
-			EnvVar: "PLUGIN_SKIP_TLS_VERIFY_PULL",
-		},
-		cli.BoolFlag{
-			Name:   "skip-tls-verify-registry",
-			Usage:  "Skip TLS verification when connecting to a registry.",
-			EnvVar: "PLUGIN_SKIP_TLS_VERIFY_REGISTRY",
-		},
-		cli.BoolFlag{
-			Name:   "use-new-run",
-			Usage:  "Skip TLS verification when connecting to a registry.",
-			EnvVar: "PLUGIN_USE_NEW_RUN",
-		},
-		cli.BoolFlag{
-			Name:   "ignore-var-run",
-			Usage:  "Ignore the /var/run directory during build.",
-			EnvVar: "PLUGIN_IGNORE_VAR_RUN",
-		},
-		cli.StringFlag{
-			Name:   "ignore-path",
-			Usage:  "Path to ignore during the build.",
-			EnvVar: "PLUGIN_IGNORE_PATH",
-		},
-		cli.IntFlag{
-			Name:   "image-fs-extract-retry",
-			Usage:  "Number of retries for extracting filesystem layers.",
-			EnvVar: "PLUGIN_IMAGE_FS_EXTRACT_RETRY",
-		},
-		cli.IntFlag{
-			Name:   "image-download-retry",
-			Usage:  "Number of retries for downloading base images.",
-			EnvVar: "PLUGIN_IMAGE_DOWNLOAD_RETRY",
+			Name:   "service-account-email",
+			Usage:  "Google service account email",
+			EnvVar: "PLUGIN_SERVICE_ACCOUNT_EMAIL",
 		},
 	}
 
@@ -342,6 +203,12 @@ func main() {
 func run(c *cli.Context) error {
 	noPush := c.Bool("no-push")
 	jsonKey := c.String("json-key")
+	idToken := c.String("oidc-token")
+	projectNumber := c.String("project-number")
+	poolId := c.String("pool-id")
+	providerId := c.String("provider-id")
+	serviceAccountEmail := c.String("service-account-email")
+	registry := c.String("registry")
 	// JSON key may not be set in the following cases:
 	// 1. Image does not need to be pushed to GAR.
 	// 2. Workload identity is set on GKE in which pod will inherit the credentials via service account.
@@ -349,105 +216,51 @@ func run(c *cli.Context) error {
 		if err := setupGARAuth(jsonKey); err != nil {
 			return err
 		}
-
-		// setup docker config only when base image registry is specified
-		if c.String("base-image-registry") != ""{
-			if err := setDockerAuth(
-				c.String("base-image-username"),
-				c.String("base-image-password"),
-				c.String("base-image-registry"),
-			); err != nil {
-				return errors.Wrap(err, "failed to create docker config")
+	} else if idToken != "" {
+		accessToken := setupOIDCAuth(idToken, projectNumber, poolId, providerId, serviceAccountEmail)
+		if accessToken != "" {
+			if err := setupAccessTokenAuth(accessToken, registry); err != nil {
+				return err
 			}
 		}
 	}
 
 	plugin := kaniko.Plugin{
 		Build: kaniko.Build{
-			DroneCommitRef:              c.String("drone-commit-ref"),
-			DroneRepoBranch:             c.String("drone-repo-branch"),
-			Dockerfile:                  c.String("dockerfile"),
-			Context:                     c.String("context"),
-			Tags:                        c.StringSlice("tags"),
-			AutoTag:                     c.Bool("auto-tag"),
-			AutoTagSuffix:               c.String("auto-tag-suffix"),
-			ExpandTag:                   c.Bool("expand-tag"),
-			Args:                        c.StringSlice("args"),
-			Target:                      c.String("target"),
-			Repo:                        fmt.Sprintf("%s/%s", c.String("registry"), c.String("repo")),
-			Mirrors:                     c.StringSlice("registry-mirrors"),
-			Labels:                      c.StringSlice("custom-labels"),
-			SnapshotMode:                c.String("snapshot-mode"),
-			EnableCache:                 c.Bool("enable-cache"),
-			CacheRepo:                   fmt.Sprintf("%s/%s", c.String("registry"), c.String("cache-repo")),
-			CacheTTL:                    c.Int("cache-ttl"),
-			DigestFile:                  defaultDigestFile,
-			NoPush:                      noPush,
-			Verbosity:                   c.String("verbosity"),
-			Platform:                    c.String("platform"),
-			SkipUnusedStages:            c.Bool("skip-unused-stages"),
-			CacheDir:                    c.String("cache-dir"),
-			CacheCopyLayers:             c.Bool("cache-copy-layers"),
-			CacheRunLayers:              c.Bool("cache-run-layers"),
-			Cleanup:                     c.Bool("cleanup"),
-			ContextSubPath:              c.String("context-sub-path"),
-			CustomPlatform:              c.String("custom-platform"),
-			Force:                       c.Bool("force"),
-			ImageNameWithDigestFile:     c.String("image-name-with-digest-file"),
-			ImageNameTagWithDigestFile:  c.String("image-name-tag-with-digest-file"),
-			Insecure:                    c.Bool("insecure"),
-			InsecurePull:                c.Bool("insecure-pull"),
-			InsecureRegistry:            c.String("insecure-registry"),
-			Label:                       c.String("label"),
-			LogFormat:                   c.String("log-format"),
-			LogTimestamp:                c.Bool("log-timestamp"),
-			OCILayoutPath:               c.String("oci-layout-path"),
-			PushRetry:                   c.Int("push-retry"),
-			RegistryCertificate:         c.String("registry-certificate"),
-			RegistryClientCert:          c.String("registry-client-cert"),
-			SkipDefaultRegistryFallback: c.Bool("skip-default-registry-fallback"),
-			Reproducible:                c.Bool("reproducible"),
-			SingleSnapshot:              c.Bool("single-snapshot"),
-			SkipTLSVerify:               c.Bool("skip-tls-verify"),
-			SkipPushPermissionCheck:     c.Bool("skip-push-permission-check"),
-			SkipTLSVerifyPull:           c.Bool("skip-tls-verify-pull"),
-			SkipTLSVerifyRegistry:       c.Bool("skip-tls-verify-registry"),
-			UseNewRun:                   c.Bool("use-new-run"),
-			IgnorePath:                  c.String("ignore-path"),
-			ImageFSExtractRetry:         c.Int("image-fs-extract-retry"),
-			ImageDownloadRetry:          c.Int("image-download-retry"),
+			DroneCommitRef:   c.String("drone-commit-ref"),
+			DroneRepoBranch:  c.String("drone-repo-branch"),
+			Dockerfile:       c.String("dockerfile"),
+			Context:          c.String("context"),
+			Tags:             c.StringSlice("tags"),
+			AutoTag:          c.Bool("auto-tag"),
+			AutoTagSuffix:    c.String("auto-tag-suffix"),
+			ExpandTag:        c.Bool("expand-tag"),
+			Args:             c.StringSlice("args"),
+			Target:           c.String("target"),
+			Repo:             fmt.Sprintf("%s/%s", c.String("registry"), c.String("repo")),
+			Mirrors:          c.StringSlice("registry-mirrors"),
+			Labels:           c.StringSlice("custom-labels"),
+			SnapshotMode:     c.String("snapshot-mode"),
+			EnableCache:      c.Bool("enable-cache"),
+			CacheRepo:        fmt.Sprintf("%s/%s", c.String("registry"), c.String("cache-repo")),
+			CacheTTL:         c.Int("cache-ttl"),
+			DigestFile:       defaultDigestFile,
+			NoPush:           noPush,
+			Verbosity:        c.String("verbosity"),
+			Platform:         c.String("platform"),
+			SkipUnusedStages: c.Bool("skip-unused-stages"),
 		},
 		Artifact: kaniko.Artifact{
 			Tags:         c.StringSlice("tags"),
 			Repo:         c.String("repo"),
-			Registry:     c.String("registry"),
+			Registry:     registry,
 			ArtifactFile: c.String("artifact-file"),
 			RegistryType: artifact.GAR,
 		},
 	}
-	if c.IsSet("compressed-caching") {
-		flag := c.Bool("compressed-caching")
-		plugin.Build.CompressedCaching = &flag
-	}
-	if c.IsSet("ignore-var-run") {
-		flag := c.Bool("ignore-var-run")
-		plugin.Build.IgnoreVarRun = &flag
-	}
 	return plugin.Exec()
 }
 
-func setDockerAuth(dockerUsername, dockerPassword, dockerRegistry string) (error) {
-	dockerConfig := docker.NewConfig()
-	dockerRegistryCreds := docker.RegistryCredentials{
-		Registry: dockerRegistry,
-		Username: dockerUsername,
-		Password: dockerPassword,
-	}
-	credentials := []docker.RegistryCredentials{dockerRegistryCreds}
-
-	return dockerConfig.CreateDockerConfig(credentials, dockerConfigPath)
-}
-
 func setupGARAuth(jsonKey string) error {
 	err := ioutil.WriteFile(garKeyPath, []byte(jsonKey), 0644)
 	if err != nil {
@@ -460,3 +273,41 @@ func setupGARAuth(jsonKey string) error {
 	}
 	return nil
 }
+
+func setupAccessTokenAuth(accessToken, registryURL string) error {
+	dockerConfig := map[string]interface{}{
+		"auths": map[string]interface{}{
+			registryURL: map[string]string{
+				"auth": encodeAccessToken(accessToken),
+			},
+		},
+	}
+
+	dockerConfigJson, err := json.Marshal(dockerConfig)
+	if err != nil {
+		return fmt.Errorf("failed to marshal docker config: %w", err)
+	}
+
+	if err := ioutil.WriteFile("/root/.docker/config.json", dockerConfigJson, 0600); err != nil {
+		return fmt.Errorf("failed to write docker config file: %w", err)
+	}
+
+	return nil
+}
+
+func encodeAccessToken(token string) string {
+	auth := base64.StdEncoding.EncodeToString([]byte("_json_key:" + token))
+	return auth
+}
+
+func setupOIDCAuth(idToken, projectId, poolId, providerId, serviceAccountEmail string) string {
+	federalToken, err := internal.GetFederalToken(idToken, projectId, poolId, providerId)
+	if err != nil {
+		logrus.Fatalf("Error (getFederalToken): %s", err)
+	}
+	accessToken, err := internal.GetGoogleCloudAccessToken(federalToken, serviceAccountEmail)
+	if err != nil {
+		logrus.Fatalf("Error (getGoogleCloudAccessToken): %s", err)
+	}
+	return accessToken
+}

cmd/kaniko-gcr/main.go

@@ -12,14 +12,12 @@ import (
 
 	kaniko "github.com/drone/drone-kaniko"
 	"github.com/drone/drone-kaniko/pkg/artifact"
-	"github.com/drone/drone-kaniko/pkg/docker"
 )
 
 const (
-	dockerConfigPath string = "/kaniko/.docker"
 	// GCR JSON key file path
-	gcrKeyPath       string = "/kaniko/config.json"
-	gcrEnvVariable   string = "GOOGLE_APPLICATION_CREDENTIALS"
+	gcrKeyPath     string = "/kaniko/config.json"
+	gcrEnvVariable string = "GOOGLE_APPLICATION_CREDENTIALS"
 
 	defaultDigestFile string = "/kaniko/digest-file"
 )
@@ -110,22 +108,7 @@ func main() {
 			Name:   "registry",
 			Usage:  "gcr registry",
 			Value:  "gcr.io",
-			EnvVar: "PLUGIN_REGISTRY,BASE_REGISTRY",
-		},
-		cli.StringFlag{
-			Name:   "base-image-username",
-			Usage:  "Docker username for base image registry",
-			EnvVar: "PLUGIN_DOCKER_USERNAME,PLUGIN_BASE_IMAGE_USERNAME,DOCKER_USERNAME",
-		},
-		cli.StringFlag{
-			Name:   "base-image-password",
-			Usage:  "Docker password for base image registry",
-			EnvVar: "PLUGIN_DOCKER_PASSWORD,PLUGIN_BASE_IMAGE_PASSWORD,DOCKER_PASSWORD",
-		},
-		cli.StringFlag{
-			Name:   "base-image-registry",
-			Usage:  "Docker registry for base image registry",
-			EnvVar: "PLUGIN_DOCKER_REGISTRY,PLUGIN_BASE_IMAGE_REGISTRY,DOCKER_REGISTRY",
+			EnvVar: "PLUGIN_REGISTRY",
 		},
 		cli.StringSliceFlag{
 			Name:   "registry-mirrors",
@@ -182,157 +165,6 @@ func main() {
 			Usage:  "build only used stages",
 			EnvVar: "PLUGIN_SKIP_UNUSED_STAGES",
 		},
-		cli.StringFlag{
-			Name:   "cache-dir",
-			Usage:  "Set this flag to specify a local directory cache for base images",
-			EnvVar: "PLUGIN_CACHE_DIR",
-		},
-
-		cli.BoolFlag{
-			Name:   "cache-copy-layers",
-			Usage:  "Enable or disable copying layers from the cache.",
-			EnvVar: "PLUGIN_CACHE_COPY_LAYERS",
-		},
-		cli.BoolFlag{
-			Name:   "cache-run-layers",
-			Usage:  "Enable or disable running layers from the cache.",
-			EnvVar: "PLUGIN_CACHE_RUN_LAYERS",
-		},
-		cli.BoolFlag{
-			Name:   "cleanup",
-			Usage:  "Enable or disable cleanup of temporary files.",
-			EnvVar: "PLUGIN_CLEANUP",
-		},
-		cli.BoolFlag{
-			Name:   "compressed-caching",
-			Usage:  "Enable or disable compressed caching.",
-			EnvVar: "PLUGIN_COMPRESSED_CACHING",
-		},
-		cli.StringFlag{
-			Name:   "context-sub-path",
-			Usage:  "Sub-path within the context to build.",
-			EnvVar: "PLUGIN_CONTEXT_SUB_PATH",
-		},
-		cli.StringFlag{
-			Name:   "custom-platform",
-			Usage:  "Platform to use for building.",
-			EnvVar: "PLUGIN_CUSTOM_PLATFORM",
-		},
-		cli.BoolFlag{
-			Name:   "force",
-			Usage:  "Force building the image even if it already exists.",
-			EnvVar: "PLUGIN_FORCE",
-		},
-		cli.StringFlag{
-			Name:   "image-name-with-digest-file",
-			Usage:  "Write image name with digest to a file.",
-			EnvVar: "PLUGIN_IMAGE_NAME_WITH_DIGEST_FILE",
-		},
-		cli.StringFlag{
-			Name:   "image-name-tag-with-digest-file",
-			Usage:  "Write image name with tag and digest to a file.",
-			EnvVar: "PLUGIN_IMAGE_NAME_TAG_WITH_DIGEST_FILE",
-		},
-		cli.BoolFlag{
-			Name:   "insecure",
-			Usage:  "Allow connecting to registries without TLS.",
-			EnvVar: "PLUGIN_INSECURE",
-		},
-		cli.BoolFlag{
-			Name:   "insecure-pull",
-			Usage:  "Allow insecure pulls from the registry.",
-			EnvVar: "PLUGIN_INSECURE_PULL",
-		},
-		cli.StringFlag{
-			Name:   "insecure-registry",
-			Usage:  "Use plain HTTP for registry communication.",
-			EnvVar: "PLUGIN_INSECURE_REGISTRY",
-		},
-		cli.StringFlag{
-			Name:   "log-format",
-			Usage:  "Set the log format for build output.",
-			EnvVar: "PLUGIN_LOG_FORMAT",
-		},
-		cli.BoolFlag{
-			Name:   "log-timestamp",
-			Usage:  "Show timestamps in build output.",
-			EnvVar: "PLUGIN_LOG_TIMESTAMP",
-		},
-		cli.StringFlag{
-			Name:   "oci-layout-path",
-			Usage:  "Directory to store OCI layout.",
-			EnvVar: "PLUGIN_OCI_LAYOUT_PATH",
-		},
-		cli.IntFlag{
-			Name:   "push-retry",
-			Usage:  "Number of times to retry pushing an image.",
-			EnvVar: "PLUGIN_PUSH_RETRY",
-		},
-		cli.StringFlag{
-			Name:   "registry-certificate",
-			Usage:  "Path to a file containing a registry certificate.",
-			EnvVar: "PLUGIN_REGISTRY_CERTIFICATE",
-		},
-		cli.StringFlag{
-			Name:   "registry-client-cert",
-			Usage:  "Path to a file containing a registry client certificate.",
-			EnvVar: "PLUGIN_REGISTRY_CLIENT_CERT",
-		},
-		cli.BoolFlag{
-			Name:   "skip-default-registry-fallback",
-			Usage:  "Skip Docker Hub and default registry fallback.",
-			EnvVar: "PLUGIN_SKIP_DEFAULT_REGISTRY_FALLBACK",
-		},
-		cli.BoolFlag{
-			Name:   "reproducible",
-			Usage:  "Create a reproducible image.",
-			EnvVar: "PLUGIN_REPRODUCIBLE",
-		},
-		cli.BoolFlag{
-			Name:   "single-snapshot",
-			Usage:  "Only create a single snapshot of the image.",
-			EnvVar: "PLUGIN_SINGLE_SNAPSHOT",
-		},
-		cli.BoolFlag{
-			Name:   "skip-push-permission-check",
-			Usage:  "Skip permission check when pushing.",
-			EnvVar: "PLUGIN_SKIP_PUSH_PERMISSION_CHECK",
-		},
-		cli.BoolFlag{
-			Name:   "skip-tls-verify-pull",
-			Usage:  "Skip TLS verification when pulling.",
-			EnvVar: "PLUGIN_SKIP_TLS_VERIFY_PULL",
-		},
-		cli.BoolFlag{
-			Name:   "skip-tls-verify-registry",
-			Usage:  "Skip TLS verification when connecting to a registry.",
-			EnvVar: "PLUGIN_SKIP_TLS_VERIFY_REGISTRY",
-		},
-		cli.BoolFlag{
-			Name:   "use-new-run",
-			Usage:  "Skip TLS verification when connecting to a registry.",
-			EnvVar: "PLUGIN_USE_NEW_RUN",
-		},
-		cli.BoolFlag{
-			Name:   "ignore-var-run",
-			Usage:  "Ignore the /var/run directory during build.",
-			EnvVar: "PLUGIN_IGNORE_VAR_RUN",
-		},
-		cli.StringFlag{
-			Name:   "ignore-path",
-			Usage:  "Path to ignore during the build.",
-			EnvVar: "PLUGIN_IGNORE_PATH",
-		},
-		cli.IntFlag{
-			Name:   "image-fs-extract-retry",
-			Usage:  "Number of retries for extracting filesystem layers.",
-			EnvVar: "PLUGIN_IMAGE_FS_EXTRACT_RETRY",
-		},
-		cli.IntFlag{
-			Name:   "image-download-retry",
-			Usage:  "Number of retries for downloading base images.",
-			EnvVar: "PLUGIN_IMAGE_DOWNLOAD_RETRY",
-		},
 	}
 
 	if err := app.Run(os.Args); err != nil {
@@ -351,73 +183,32 @@ func run(c *cli.Context) error {
 		if err := setupGCRAuth(jsonKey); err != nil {
 			return err
 		}
-
-		// setup docker config only when base image registry is specified
-		if c.String("base-image-registry") != ""{
-			if err := setDockerAuth(
-				c.String("base-image-username"),
-				c.String("base-image-password"),
-				c.String("base-image-registry"),
-			); err != nil {
-				return errors.Wrap(err, "failed to create docker config")
-			}
-		}
 	}
 
 	plugin := kaniko.Plugin{
 		Build: kaniko.Build{
-			DroneCommitRef:              c.String("drone-commit-ref"),
-			DroneRepoBranch:             c.String("drone-repo-branch"),
-			Dockerfile:                  c.String("dockerfile"),
-			Context:                     c.String("context"),
-			Tags:                        c.StringSlice("tags"),
-			AutoTag:                     c.Bool("auto-tag"),
-			AutoTagSuffix:               c.String("auto-tag-suffix"),
-			ExpandTag:                   c.Bool("expand-tag"),
-			Args:                        c.StringSlice("args"),
-			Target:                      c.String("target"),
-			Repo:                        fmt.Sprintf("%s/%s", c.String("registry"), c.String("repo")),
-			Mirrors:                     c.StringSlice("registry-mirrors"),
-			Labels:                      c.StringSlice("custom-labels"),
-			SnapshotMode:                c.String("snapshot-mode"),
-			EnableCache:                 c.Bool("enable-cache"),
-			CacheRepo:                   fmt.Sprintf("%s/%s", c.String("registry"), c.String("cache-repo")),
-			CacheTTL:                    c.Int("cache-ttl"),
-			DigestFile:                  defaultDigestFile,
-			NoPush:                      noPush,
-			Verbosity:                   c.String("verbosity"),
-			Platform:                    c.String("platform"),
-			SkipUnusedStages:            c.Bool("skip-unused-stages"),
-			CacheDir:                    c.String("cache-dir"),
-			CacheCopyLayers:             c.Bool("cache-copy-layers"),
-			CacheRunLayers:              c.Bool("cache-run-layers"),
-			Cleanup:                     c.Bool("cleanup"),
-			ContextSubPath:              c.String("context-sub-path"),
-			CustomPlatform:              c.String("custom-platform"),
-			Force:                       c.Bool("force"),
-			ImageNameWithDigestFile:     c.String("image-name-with-digest-file"),
-			ImageNameTagWithDigestFile:  c.String("image-name-tag-with-digest-file"),
-			Insecure:                    c.Bool("insecure"),
-			InsecurePull:                c.Bool("insecure-pull"),
-			InsecureRegistry:            c.String("insecure-registry"),
-			Label:                       c.String("label"),
-			LogFormat:                   c.String("log-format"),
-			LogTimestamp:                c.Bool("log-timestamp"),
-			OCILayoutPath:               c.String("oci-layout-path"),
-			PushRetry:                   c.Int("push-retry"),
-			RegistryCertificate:         c.String("registry-certificate"),
-			RegistryClientCert:          c.String("registry-client-cert"),
-			SkipDefaultRegistryFallback: c.Bool("skip-default-registry-fallback"),
-			Reproducible:                c.Bool("reproducible"),
-			SingleSnapshot:              c.Bool("single-snapshot"),
-			SkipTLSVerify:               c.Bool("skip-tls-verify"),
-			SkipPushPermissionCheck:     c.Bool("skip-push-permission-check"),
-			SkipTLSVerifyPull:           c.Bool("skip-tls-verify-pull"),
-			SkipTLSVerifyRegistry:       c.Bool("skip-tls-verify-registry"),
-			UseNewRun:                   c.Bool("use-new-run"),
-			IgnorePath:                  c.String("ignore-path"),
-			ImageFSExtractRetry:         c.Int("image-fs-extract-retry"),
-			ImageDownloadRetry:          c.Int("image-download-retry"),
+			DroneCommitRef:   c.String("drone-commit-ref"),
+			DroneRepoBranch:  c.String("drone-repo-branch"),
+			Dockerfile:       c.String("dockerfile"),
+			Context:          c.String("context"),
+			Tags:             c.StringSlice("tags"),
+			AutoTag:          c.Bool("auto-tag"),
+			AutoTagSuffix:    c.String("auto-tag-suffix"),
+			ExpandTag:        c.Bool("expand-tag"),
+			Args:             c.StringSlice("args"),
+			Target:           c.String("target"),
+			Repo:             fmt.Sprintf("%s/%s", c.String("registry"), c.String("repo")),
+			Mirrors:          c.StringSlice("registry-mirrors"),
+			Labels:           c.StringSlice("custom-labels"),
+			SnapshotMode:     c.String("snapshot-mode"),
+			EnableCache:      c.Bool("enable-cache"),
+			CacheRepo:        fmt.Sprintf("%s/%s", c.String("registry"), c.String("cache-repo")),
+			CacheTTL:         c.Int("cache-ttl"),
+			DigestFile:       defaultDigestFile,
+			NoPush:           noPush,
+			Verbosity:        c.String("verbosity"),
+			Platform:         c.String("platform"),
+			SkipUnusedStages: c.Bool("skip-unused-stages"),
 		},
 		Artifact: kaniko.Artifact{
 			Tags:         c.StringSlice("tags"),
@@ -427,28 +218,9 @@ func run(c *cli.Context) error {
 			RegistryType: artifact.GCR,
 		},
 	}
-	if c.IsSet("compressed-caching") {
-		flag := c.Bool("compressed-caching")
-		plugin.Build.CompressedCaching = &flag
-	}
-	if c.IsSet("ignore-var-run") {
-		flag := c.Bool("ignore-var-run")
-		plugin.Build.IgnoreVarRun = &flag
-	}
 	return plugin.Exec()
 }
 
-func setDockerAuth(dockerUsername, dockerPassword, dockerRegistry string) (error) {
-	dockerConfig := docker.NewConfig()
-	dockerRegistryCreds := docker.RegistryCredentials{
-		Registry: dockerRegistry,
-		Username: dockerUsername,
-		Password: dockerPassword,
-	}
-	credentials := []docker.RegistryCredentials{dockerRegistryCreds}
-	return dockerConfig.CreateDockerConfig(credentials, dockerConfigPath)
-}
-
 func setupGCRAuth(jsonKey string) error {
 	err := ioutil.WriteFile(gcrKeyPath, []byte(jsonKey), 0644)
 	if err != nil {

docker/acr/Dockerfile.linux.amd64

@@ -1,5 +1,5 @@
-FROM gcr.io/kaniko-project/executor:v1.23.0
+FROM gcr.io/kaniko-project/executor:v1.9.1
 
-ENV KANIKO_VERSION=1.23.0
+ENV KANIKO_VERSION=1.9.1
 ADD release/linux/amd64/kaniko-acr /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-acr"]

docker/acr/Dockerfile.linux.arm64

@@ -1,8 +1,8 @@
-FROM gcr.io/kaniko-project/executor:v1.23.0
+FROM gcr.io/kaniko-project/executor:v1.9.1
 
 ENV HOME /root
 ENV USER root
 
-ENV KANIKO_VERSION=1.23.0
+ENV KANIKO_VERSION=1.9.1
 ADD release/linux/arm64/kaniko-acr /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-acr"]

docker/docker/Dockerfile.linux.amd64

@@ -1,5 +1,5 @@
-FROM gcr.io/kaniko-project/executor:v1.23.0
+FROM gcr.io/kaniko-project/executor:v1.9.1
 
-ENV KANIKO_VERSION=1.23.0
+ENV KANIKO_VERSION=1.9.1
 ADD release/linux/amd64/kaniko-docker /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-docker"]

docker/docker/Dockerfile.linux.arm64

@@ -1,8 +1,8 @@
-FROM gcr.io/kaniko-project/executor:v1.23.0
+FROM gcr.io/kaniko-project/executor:v1.9.1
 
 ENV HOME /root
 ENV USER root
 
-ENV KANIKO_VERSION=1.23.0
+ENV KANIKO_VERSION=1.9.1
 ADD release/linux/arm64/kaniko-docker /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-docker"]

docker/ecr/Dockerfile.linux.amd64

@@ -1,5 +1,5 @@
-FROM gcr.io/kaniko-project/executor:v1.23.0
+FROM gcr.io/kaniko-project/executor:v1.9.1
 
-ENV KANIKO_VERSION=1.23.0
+ENV KANIKO_VERSION=1.9.1
 ADD release/linux/amd64/kaniko-ecr /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-ecr"]

docker/ecr/Dockerfile.linux.arm64

@@ -1,8 +1,8 @@
-FROM gcr.io/kaniko-project/executor:v1.23.0
+FROM gcr.io/kaniko-project/executor:v1.9.1
 
 ENV HOME /root
 ENV USER root
-ENV KANIKO_VERSION=1.23.0
+ENV KANIKO_VERSION=1.9.1
 
 ADD release/linux/arm64/kaniko-ecr /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-ecr"]

docker/gar/Dockerfile.linux.amd64

@@ -1,5 +1,5 @@
-FROM gcr.io/kaniko-project/executor:v1.23.0
+FROM gcr.io/kaniko-project/executor:v1.9.1
 
-ENV KANIKO_VERSION=1.23.0
+ENV KANIKO_VERSION=1.9.1
 ADD release/linux/amd64/kaniko-gar /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-gar"]

docker/gar/Dockerfile.linux.arm64

@@ -1,8 +1,8 @@
-FROM gcr.io/kaniko-project/executor:v1.23.0
+FROM gcr.io/kaniko-project/executor:v1.9.1
 
 ENV HOME /root
 ENV USER root
-ENV KANIKO_VERSION=1.23.0
+ENV KANIKO_VERSION=1.9.1
 
 ADD release/linux/arm64/kaniko-gar /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-gar"]

docker/gcr/Dockerfile.linux.amd64

@@ -1,5 +1,5 @@
-FROM gcr.io/kaniko-project/executor:v1.23.0
+FROM gcr.io/kaniko-project/executor:v1.9.1
 
-ENV KANIKO_VERSION=1.23.0
+ENV KANIKO_VERSION=1.9.1
 ADD release/linux/amd64/kaniko-gcr /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-gcr"]

docker/gcr/Dockerfile.linux.arm64

@@ -1,8 +1,8 @@
-FROM gcr.io/kaniko-project/executor:v1.20.1
+FROM gcr.io/kaniko-project/executor:v1.9.1
 
 ENV HOME /root
 ENV USER root
-ENV KANIKO_VERSION=1.20.1
+ENV KANIKO_VERSION=1.9.1
 
 ADD release/linux/arm64/kaniko-gcr /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-gcr"]

git-hooks/README.md

@@ -1,8 +0,0 @@
-This document explains on how to install certain git hooks globally for all repositories in your machine.
-
-Step 1: git clone https://github.com/drone/drone-kaniko.git
-Step 2: cd git-hooks
-Step 3: Run install.sh
-
-"install.sh" script will create .git_template in the user directory and will put the git hook and its dependent scripts in it. Along with the .git_template folder, it will add 2 sections "init" and "hooks boolean" in the .gitconfig file in the same user's root directory.
-After running "install.sh" if you create/clone a new git repository then all the hooks will get install automatically for the git repository. In case of existing git repository copy the contents of ~/.git_template/hooks into the .git/hooks directory of existing git repository.

git-hooks/hooks/git-leaks-pre-commit.sh

@@ -1,17 +0,0 @@
-#!/bin/bash
-
-#Helper script to be used as a pre-commit hook.
-
-echo "This hook checks for any secrets getting pushed as part of commit. If you feel that scan is false positive. \
-Then add the exclusion in .gitleaksignore file. For more info visit: https://github.com/zricethezav/gitleaks"
-
-GIT_LEAKS_PRE_COMMIT=s$(git config --bool hook.pre-commit.gitleak)
-
-echo "INFO: Scanning Commits information for any GIT LEAKS"
-gitleaks protect --staged -v --exit-code=100
-STATUS=$?
-if [ $STATUS = 100  ]; then
-    echo "WARNING: GIT LEAKS has detected sensitive information in your changes. Please remove them or add them (IF NON-SENSITIVE) in .gitleaksignore file."
-else
-    exit 0
-fi

git-hooks/hooks/git-leaks.sh

@@ -1,18 +0,0 @@
-#!/bin/bash
-
-#Helper script to be used as a pre-commit hook.
-
-echo "This hook checks for any secrets getting pushed as part of commit. If you feel that scan is false positive. \
-Then add the exclusion in .gitleaksignore file. For more info visit: https://github.com/zricethezav/gitleaks"
-
-GIT_LEAKS=$(git config --bool hook.pre-push.gitleaks)
-
-echo "INFO: Scanning Commits information for any GIT LEAKS"
-gitleaks detect -s ./ --log-level=debug --log-opts=-1 -v
-STATUS=$?
-if [ $STATUS != 0  ]; then
-    echo "WARNING: GIT LEAKS has detected sensitive information in your changes. Please remove them or add them (IF NON-SENSITIVE) in .gitleaksignore file."
-    exit $STATUS
-else
-    exit 0
-fi

git-hooks/hooks/pre-commit

@@ -1,24 +0,0 @@
-#!/usr/bin/env bash
-
-GL_SCRIPT_PATH="$HOME/.git_template/hooks/git-leaks-pre-commit.sh"
-
-pushd `dirname $0` > /dev/null && cd ../.. && BASEDIR=$(pwd -L) && popd > /dev/null
-BASENAME=`basename $0`
-
-if git rev-parse --verify HEAD >/dev/null 2>&1
-then
-    against=HEAD
-else
-    #Initial commit : diff against an empty tree object
-    against=4b825dc642cb6eb9a060e54bf8d69288fbee4904
-fi
-
-GIT_LEAKS_PRE_COMMIT=hook.pre-commit.gitleaks
-if [ "`git config $GIT_LEAKS_PRE_COMMIT`" == "false" ]
-then
-    echo -e '\033[0;31m' checking git leaks is disabled - to enable: '\033[0;37m'git config --unset $GIT_LEAKS_PRE_COMMIT '\033[0m'
-    echo -e '\033[0;34m' checking git leaks  ... to enable: '\033[0;37m'git config --add $GIT_LEAKS_PRE_COMMIT true '\033[0m'
-else
-    echo -e '\033[0;34m' checking for git leaks...
-    [ -f "${GL_SCRIPT_PATH}" ] && . ${GL_SCRIPT_PATH} || echo "ERROR: Hook Script Not Found..." && exit 404
-fi

git-hooks/hooks/pre-push

@@ -1,24 +0,0 @@
-#!/usr/bin/env bash
-
-GL_SCRIPT_PATH="$HOME/.git_template/hooks/git-leaks.sh"
-
-pushd `dirname $0` > /dev/null && cd ../.. && BASEDIR=$(pwd -L) && popd > /dev/null
-BASENAME=`basename $0`
-
-if git rev-parse --verify HEAD >/dev/null 2>&1
-then
-    against=HEAD
-else
-    #Initial commit : diff against an empty tree object
-    against=4b825dc642cb6eb9a060e54bf8d69288fbee4904
-fi
-
-GIT_LEAKS=hook.pre-push.gitleaks
-if [ "`git config $GIT_LEAKS`" == "false" ]
-then
-    echo -e '\033[0;31m' checking git leaks is disabled - to enable: '\033[0;37m'git config --unset $GIT_LEAKS '\033[0m'
-    echo -e '\033[0;34m' checking git leaks  ... to enable: '\033[0;37m'git config --add $GIT_LEAKS true '\033[0m'
-else
-    echo -e '\033[0;34m' checking for git leaks...
-    [ -f "${GL_SCRIPT_PATH}" ] && . ${GL_SCRIPT_PATH} || echo "ERROR: Hook Script Not Found..." && exit 404
-fi

git-hooks/install.sh

@@ -1,44 +0,0 @@
-#!/usr/bin/env bash
-
-#Function to check if package is installed or not
-#args: $1: Name of the Package
-function check_package_installed() {
-  LOCAL_PACKAGE_NAME=$1
-  echo "Checking if $LOCAL_PACKAGE_NAME is installed or not..."
-  brew list $LOCAL_PACKAGE_NAME
-  if [ "$?" -eq 1 ];then
-    echo "Installing $LOCAL_PACKAGE_NAME package..."
-    brew install $LOCAL_PACKAGE_NAME
-  fi
-}
-
-function create_git_template() {
-    cd $BASEDIR
-    mkdir -p ~/.git_template/hooks
-    git config --global init.templatedir ${GIT_TEMPLATE}
-    git config --global --add $GIT_LEAKS true
-    git config --global --add $GIT_LEAKS_PRE_COMMIT true
-    find hooks/ -type f -exec cp "{}" ~/.git_template/hooks \;
-    #cp -f hooks/* ~/.git_template/hooks
-    cat ~/.gitconfig
-}
-
-GIT_TEMPLATE="~/.git_template"
-GIT_LEAKS=hook.pre-push.gitleaks
-GIT_LEAKS_PRE_COMMIT=hook.pre-commit.gitleaks
-
-pushd `dirname $0` && BASEDIR=$(pwd -L) && popd
-
-echo This script will install hooks that run scripts that could be updated without notice.
-
-while true; do
-    read -p "Do you wish to install these hooks?" yn
-    case $yn in
-        [Yy]* ) check_package_installed "gitleaks";
-                break;;
-        [Nn]* ) exit;;
-        * ) echo "Please answer yes or no.";;
-    esac
-done
-
-create_git_template

go.mod

@@ -10,17 +10,18 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.13.8
 	github.com/aws/smithy-go v1.12.0
 	github.com/coreos/go-semver v0.3.0
-	github.com/google/go-cmp v0.5.9
+	github.com/google/go-cmp v0.6.0
 	github.com/hashicorp/go-version v1.6.0
 	github.com/joho/godotenv v1.4.0
 	github.com/pkg/errors v0.9.1
-	github.com/sirupsen/logrus v1.9.3
-	github.com/stretchr/testify v1.8.4
+	github.com/sirupsen/logrus v1.8.1
 	github.com/urfave/cli v1.22.9
-	golang.org/x/mod v0.17.0
+	golang.org/x/mod v0.8.0
 )
 
 require (
+	cloud.google.com/go/compute v1.23.1 // indirect
+	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v0.5.3 // indirect
 	github.com/aws/aws-sdk-go-v2/credentials v1.12.9 // indirect
@@ -31,20 +32,29 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.8 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.11.12 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sts v1.16.9 // indirect
-	github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
 	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
-	github.com/google/uuid v1.3.0 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/google/s2a-go v0.1.7 // indirect
+	github.com/google/uuid v1.4.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
-	golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa // indirect
-	golang.org/x/net v0.0.0-20220725212005-46097bf591d3 // indirect
-	golang.org/x/sys v0.19.0 // indirect
-	golang.org/x/text v0.3.7 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	golang.org/x/crypto v0.14.0 // indirect
+	golang.org/x/net v0.17.0 // indirect
+	golang.org/x/oauth2 v0.13.0 // indirect
+	golang.org/x/sys v0.13.0 // indirect
+	golang.org/x/text v0.13.0 // indirect
+	google.golang.org/api v0.151.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405 // indirect
+	google.golang.org/grpc v1.59.0 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
 )
 
-go 1.22.4
+go 1.21

go.sum

@@ -1,3 +1,8 @@
+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go/compute v1.23.1 h1:V97tBoDaZHb6leicZ1G6DLK2BAaZLJ/7+9BB/En3hR0=
+cloud.google.com/go/compute v1.23.1/go.mod h1:CqB3xpmPKKt3OJpW2ndFIXnA9A4xAy/F3Xp1ixncW78=
+cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
+cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1 h1:tz19qLF65vuu2ibfTqGVJxG/zZAI27NEIIbvAOQwYbw=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 h1:QkAcEIAKbNL4KoFr4SathZPhDhF4mVwpBMFlYjyAqy8=
@@ -35,27 +40,68 @@ github.com/aws/aws-sdk-go-v2/service/sts v1.16.9 h1:yOfILxyjmtr2ubRkRJldlHDFBhf5
 github.com/aws/aws-sdk-go-v2/service/sts v1.16.9/go.mod h1:O1IvkYxr+39hRf960Us6j0x1P8pDqhTX+oXM5kQNl/Y=
 github.com/aws/smithy-go v1.12.0 h1:gXpeZel/jPoWQ7OEmLIgCUnhkFftqNfwWUwAHSlp1v0=
 github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
+github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
-github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
+github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dnaeon/go-vcr v1.1.0 h1:ReYa/UBrRyQdant9B4fNHGoCNKw6qh6P0fsdGmZpR7c=
 github.com/dnaeon/go-vcr v1.1.0/go.mod h1:M7tiix8f0r6mKKJ3Yq/kqU1OYf3MnfmBWVbPx/yU9ko=
+github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU=
 github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
+github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
-github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=
+github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4=
+github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
+github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
+github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas=
+github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU=
 github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=
 github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
@@ -74,42 +120,125 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
-github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
-github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
+github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/urfave/cli v1.22.9 h1:cv3/KhXGBGjEXLC4bH0sLuJ9BewaAbpk5oyMOveu4pw=
 github.com/urfave/cli v1.22.9/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
+go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
+go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa h1:zuSxTR4o9y82ebqCUJYNGJbGPo6sKVl54f/TVDObg1c=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
-golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/mod v0.5.1 h1:OJxoQ/rynoF0dcCdI7cLPktw/hR2cueqYfjm43oqK38=
+golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
+golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220725212005-46097bf591d3 h1:2yWTtPWWRcISTw3/o+s/Y4UOMnQL71DWyToOANFusCg=
 golang.org/x/net v0.0.0-20220725212005-46097bf591d3/go.mod h1:AaygXjzTFtRAg2ttMY5RMuhpJ3cNnI0XpyFJD1iQRSM=
+golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY=
+golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
-golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
+golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/api v0.151.0 h1:FhfXLO/NFdJIzQtCqjpysWwqKk8AzGWBUhMIx67cVDU=
+google.golang.org/api v0.151.0/go.mod h1:ccy+MJ6nrYFgE3WgRx/AMXOxOmU8Q4hSa+jjibzhxcg=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
+google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b h1:+YaDE2r2OG8t/z5qmsh7Y+XXwCbvadxxZ0YY6mTdrVA=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405 h1:AB/lmRny7e2pLhFEYIbl5qkDAUt2h0ZRO4wGPhZf+ik=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405/go.mod h1:67X1fPuzjcrkymZzZV1vvkFeTn2Rvc6lYF9MYFGCcwE=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
+google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
+google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
+google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
+google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

internal/tokenutil.go

@@ -0,0 +1,65 @@
+package internal
+
+import (
+	"context"
+	"fmt"
+
+	"golang.org/x/oauth2"
+	"google.golang.org/api/iamcredentials/v1"
+	"google.golang.org/api/option"
+	"google.golang.org/api/sts/v1"
+)
+
+type staticTokenSource struct {
+	token *oauth2.Token
+}
+
+func (s *staticTokenSource) Token() (*oauth2.Token, error) {
+	return s.token, nil
+}
+
+func GetFederalToken(idToken, projectNumber, poolId, providerId string) (string, error) {
+	ctx := context.Background()
+	stsService, err := sts.NewService(ctx, option.WithoutAuthentication())
+	if err != nil {
+		return "", err
+	}
+	audience := fmt.Sprintf("//iam.googleapis.com/projects/%s/locations/global/workloadIdentityPools/%s/providers/%s", projectNumber, poolId, providerId)
+	tokenRequest := &sts.GoogleIdentityStsV1ExchangeTokenRequest{
+		GrantType:          "urn:ietf:params:oauth:grant-type:token-exchange",
+		SubjectToken:       idToken,
+		Audience:           audience,
+		Scope:              "https://www.googleapis.com/auth/cloud-platform",
+		RequestedTokenType: "urn:ietf:params:oauth:token-type:access_token",
+		SubjectTokenType:   "urn:ietf:params:oauth:token-type:id_token",
+	}
+	tokenResponse, err := stsService.V1.Token(tokenRequest).Do()
+	if err != nil {
+		return "", err
+	}
+
+	return tokenResponse.AccessToken, nil
+}
+
+func GetGoogleCloudAccessToken(federatedToken string, serviceAccountEmail string) (string, error) {
+	ctx := context.Background()
+	tokenSource := &staticTokenSource{
+		token: &oauth2.Token{AccessToken: federatedToken},
+	}
+	service, err := iamcredentials.NewService(ctx, option.WithTokenSource(tokenSource))
+	if err != nil {
+		return "", err
+	}
+
+	name := "projects/-/serviceAccounts/" + serviceAccountEmail
+	rb := &iamcredentials.GenerateAccessTokenRequest{
+		Scope: []string{"https://www.googleapis.com/auth/cloud-platform"},
+	}
+
+	resp, err := service.Projects.ServiceAccounts.GenerateAccessToken(name, rb).Do()
+	if err != nil {
+		return "", err
+	}
+
+	return resp.AccessToken, nil
+}

kaniko.go

@@ -40,42 +40,6 @@ type (
 		Platform         string   // Allows to build with another default platform than the host, similarly to docker build --platform
 		SkipUnusedStages bool     // Build only used stages
 		TarPath          string   // Set this flag to save the image as a tarball at path
-
-		Cache                       bool   // Enable or disable caching during the build process.
-		CacheDir                    string // Directory to store cached layers.
-		CacheCopyLayers             bool   // Enable or disable copying layers from the cache.
-		CacheRunLayers              bool   // Enable or disable running layers from the cache.
-		Cleanup                     bool   // Enable or disable cleanup of temporary files.
-		CompressedCaching           *bool  // Enable or disable compressed caching.
-		ContextSubPath              string // Sub-path within the context to build.
-		CustomPlatform              string // Platform to use for building.
-		Force                       bool   // Force building the image even if it already exists.
-		Git                         bool   // Branch to clone if build context is a git repository .
-		ImageNameWithDigestFile     string // Write image name with digest to a file.
-		ImageNameTagWithDigestFile  string // Write image name with tag and digest to a file.
-		Insecure                    bool   // Allow connecting to registries without TLS.
-		InsecurePull                bool   // Allow insecure pulls from the registry.
-		InsecureRegistry            string // Use plain HTTP for registry communication.
-		Label                       string // Add metadata to an image.
-		LogFormat                   string // Set the log format for build output.
-		LogTimestamp                bool   // Show timestamps in build output.
-		OCILayoutPath               string // Directory to store OCI layout.
-		PushRetry                   int    // Number of times to retry pushing an image.
-		RegistryCertificate         string // Path to a file containing a registry certificate.
-		RegistryClientCert          string // Path to a file containing a registry client certificate.
-		RegistryMirror              string // Mirror for registry pulls.
-		SkipDefaultRegistryFallback bool   // Skip Docker Hub and default registry fallback.
-		Reproducible                bool   // Create a reproducible image.
-		SingleSnapshot              bool   // Only create a single snapshot of the image.
-		SkipTLSVerify               bool   // Skip TLS verification when connecting to the registry.
-		SkipPushPermissionCheck     bool   // Skip permission check when pushing.
-		SkipTLSVerifyPull           bool   // Skip TLS verification when pulling.
-		SkipTLSVerifyRegistry       bool   // Skip TLS verification when connecting to a registry.
-		UseNewRun                   bool   // Use the new container runtime (`runc`) for builds.
-		IgnoreVarRun                *bool  // Ignore `/var/run` when copying from the context.
-		IgnorePath                  string // Ignore files matching the specified path pattern.
-		ImageFSExtractRetry         int    // Number of times to retry extracting the image filesystem.
-		ImageDownloadRetry          int    // Number of times to retry downloading layers.
 	}
 
 	// Artifact defines content of artifact file
@@ -85,6 +49,7 @@ type (
 		Registry     string                    // Docker artifact registry
 		RegistryType artifact.RegistryTypeEnum // Rocker artifact registry type
 		ArtifactFile string                    // Artifact file location
+		AccessToken  string                    // Access token for registry
 	}
 
 	// Output defines content of output file
@@ -222,7 +187,7 @@ func (p Plugin) Exec() error {
 	}
 
 	if p.Build.SnapshotMode != "" {
-		cmdArgs = append(cmdArgs, fmt.Sprintf("--snapshot-mode=%s", p.Build.SnapshotMode))
+		cmdArgs = append(cmdArgs, fmt.Sprintf("--snapshotMode=%s", p.Build.SnapshotMode))
 	}
 
 	if p.Build.EnableCache {
@@ -261,134 +226,6 @@ func (p Plugin) Exec() error {
 		cmdArgs = append(cmdArgs, fmt.Sprintf("--tar-path=%s", p.Build.TarPath))
 	}
 
-	if p.Build.CacheCopyLayers {
-		cmdArgs = append(cmdArgs, "--cache-copy-layers")
-	}
-
-	if p.Build.CacheRunLayers {
-		cmdArgs = append(cmdArgs, "--cache-run-layers=true")
-	}
-
-	if p.Build.Cleanup {
-		cmdArgs = append(cmdArgs, "--cleanup=true")
-	}
-
-	if p.Build.CompressedCaching != nil {
-		if *p.Build.CompressedCaching {
-			cmdArgs = append(cmdArgs, "--compressed-caching=true")
-		} else {
-			cmdArgs = append(cmdArgs, "--compressed-caching=false")
-		}
-	}
-
-	if p.Build.ContextSubPath != "" {
-		cmdArgs = append(cmdArgs, fmt.Sprintf("--context-sub-path=%s", p.Build.ContextSubPath))
-	}
-
-	if p.Build.CustomPlatform != "" {
-		cmdArgs = append(cmdArgs, fmt.Sprintf("--custom-platform=%s", p.Build.CustomPlatform))
-	}
-
-	if p.Build.Force {
-		cmdArgs = append(cmdArgs, "--force")
-	}
-
-	if p.Build.Git {
-		cmdArgs = append(cmdArgs, "--git")
-	}
-
-	if p.Build.ImageNameWithDigestFile != "" {
-		cmdArgs = append(cmdArgs, fmt.Sprintf("--image-name-with-digest-file=%s", p.Build.ImageNameWithDigestFile))
-	}
-
-	if p.Build.ImageNameTagWithDigestFile != "" {
-		cmdArgs = append(cmdArgs, fmt.Sprintf("--image-name-tag-with-digest-file=%s", p.Build.ImageNameTagWithDigestFile))
-	}
-
-	if p.Build.Insecure {
-		cmdArgs = append(cmdArgs, "--insecure")
-	}
-
-	if p.Build.InsecurePull {
-		cmdArgs = append(cmdArgs, "--insecure-pull")
-	}
-
-	if p.Build.InsecureRegistry != "" {
-		cmdArgs = append(cmdArgs, fmt.Sprintf("--insecure-registry=%s", p.Build.InsecureRegistry))
-	}
-
-	if p.Build.LogFormat != "" {
-		cmdArgs = append(cmdArgs, fmt.Sprintf("--log-format=%s", p.Build.LogFormat))
-	}
-
-	if p.Build.LogTimestamp {
-		cmdArgs = append(cmdArgs, "--log-timestamp")
-	}
-
-	if p.Build.OCILayoutPath != "" {
-		cmdArgs = append(cmdArgs, fmt.Sprintf("--oci-layout-path=%s", p.Build.OCILayoutPath))
-	}
-
-	if p.Build.PushRetry != 0 {
-		cmdArgs = append(cmdArgs, fmt.Sprintf("--push-retry=%d", p.Build.PushRetry))
-	}
-
-	if p.Build.RegistryCertificate != "" {
-		cmdArgs = append(cmdArgs, fmt.Sprintf("--registry-certificate=%s", p.Build.RegistryCertificate))
-	}
-
-	if p.Build.RegistryClientCert != "" {
-		cmdArgs = append(cmdArgs, fmt.Sprintf("--registry-client-cert=%s", p.Build.RegistryClientCert))
-	}
-
-	if p.Build.SkipDefaultRegistryFallback {
-		cmdArgs = append(cmdArgs, "--skip-default-registry-fallback")
-	}
-
-	if p.Build.Reproducible {
-		cmdArgs = append(cmdArgs, "--reproducible")
-	}
-
-	if p.Build.SingleSnapshot {
-		cmdArgs = append(cmdArgs, "--single-snapshot")
-	}
-
-	if p.Build.SkipPushPermissionCheck {
-		cmdArgs = append(cmdArgs, "--skip-push-permission-check")
-	}
-
-	if p.Build.SkipTLSVerifyPull {
-		cmdArgs = append(cmdArgs, "--skip-tls-verify-pull")
-	}
-
-	if p.Build.SkipTLSVerifyRegistry {
-		cmdArgs = append(cmdArgs, "--skip-tls-verify-registry")
-	}
-
-	if p.Build.UseNewRun {
-		cmdArgs = append(cmdArgs, "--use-new-run")
-	}
-
-	if p.Build.IgnoreVarRun != nil {
-		if *p.Build.IgnoreVarRun {
-			cmdArgs = append(cmdArgs, "--ignore-var-run=true")
-		} else {
-			cmdArgs = append(cmdArgs, "--ignore-var-run=false")
-		}
-	}
-
-	if p.Build.IgnorePath != "" {
-		cmdArgs = append(cmdArgs, fmt.Sprintf("--ignore-path=%s", p.Build.IgnorePath))
-	}
-
-	if p.Build.ImageFSExtractRetry != 0 {
-		cmdArgs = append(cmdArgs, fmt.Sprintf("--image-fs-extract-retry=%d", p.Build.ImageFSExtractRetry))
-	}
-
-	if p.Build.ImageDownloadRetry != 0 {
-		cmdArgs = append(cmdArgs, fmt.Sprintf("--image-download-retry=%d", p.Build.ImageDownloadRetry))
-	}
-
 	cmd := exec.Command("/kaniko/executor", cmdArgs...)
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr

pkg/docker/config.go

@@ -2,18 +2,7 @@ package docker
 
 import (
 	"encoding/base64"
-	"encoding/json"
 	"fmt"
-	"io/ioutil"
-	"os"
-
-	"github.com/pkg/errors"
-)
-
-const (
-	v2HubRegistryURL string = "https://registry.hub.docker.com/v2/"
-	v1RegistryURL    string = "https://index.docker.io/v1/" // Default registry
-	v2RegistryURL    string = "https://index.docker.io/v2/" // v2 registry is not supported
 )
 
 type (
@@ -23,25 +12,19 @@ type (
 
 	Config struct {
 		Auths       map[string]Auth   `json:"auths"`
-		CredHelpers map[string]string `json:"credHelpers,omitempty"`
+		CredHelpers map[string]string `json:"credHelpers"`
 	}
 )
 
-type RegistryCredentials struct {
-	Registry string
-	Username string
-	Password string
-}
-
 func NewConfig() *Config {
 	return &Config{
-		Auths:       make(map[string]Auth),
-		CredHelpers: make(map[string]string),
+		Auths:       map[string]Auth{},
+		CredHelpers: map[string]string{},
 	}
 }
 
 func (c *Config) SetAuth(registry, username, password string) {
-	authBytes := []byte(username + ":" + password)
+	authBytes := []byte(fmt.Sprintf("%s:%s", username, password))
 	encodedString := base64.StdEncoding.EncodeToString(authBytes)
 	c.Auths[registry] = Auth{Auth: encodedString}
 }
@@ -49,49 +32,3 @@ func (c *Config) SetAuth(registry, username, password string) {
 func (c *Config) SetCredHelper(registry, helper string) {
 	c.CredHelpers[registry] = helper
 }
-
-func (c *Config) CreateDockerConfig(credentials []RegistryCredentials, dockerPath string) error {
-	for _, cred := range credentials {
-		if cred.Registry != "" {
-			// update v2 docker registry to v1
-			if cred.Registry == v2RegistryURL || cred.Registry == v2HubRegistryURL {
-				fmt.Printf("Docker v2 registry '%s' is not supported in kaniko. Refer issue: https://github.com/GoogleContainerTools/kaniko/issues/1209\n", cred.Registry)
-				fmt.Printf("Using v1 registry instead: %s\n", v1RegistryURL)
-				cred.Registry = v1RegistryURL
-			}
-
-			if cred.Username == "" {
-				return fmt.Errorf("Username must be specified for registry: %s", cred.Registry)
-			}
-			if cred.Password == "" {
-				return fmt.Errorf("Password must be specified for registry: %s", cred.Registry)
-			}
-			c.SetAuth(cred.Registry, cred.Username, cred.Password)
-		}
-	}
-	jsonBytes, err := json.Marshal(c)
-	if err != nil {
-		return errors.Wrap(err, "failed to serialize docker config json")
-	}
-	if err := WriteDockerConfig(jsonBytes, dockerPath); err != nil {
-		return errors.Wrap(err, fmt.Sprintf("failed to write docker config to path: %s", dockerPath))
-	}
-	return nil
-}
-
-func WriteDockerConfig(data []byte, path string) (string error) {
-	err := os.MkdirAll(path, 0600)
-	if err != nil {
-		if !os.IsExist(err) {
-			return errors.Wrap(err, fmt.Sprintf("failed to create %s directory", path))
-		}
-	}
-
-	filePath := path + "/config.json"
-
-	err = ioutil.WriteFile(filePath, data, 0644)
-	if err != nil {
-		return errors.Wrap(err, fmt.Sprintf("failed to create docker config file at %s", path))
-	}
-	return nil
-}

pkg/docker/config_test.go

@@ -2,54 +2,24 @@ package docker
 
 import (
 	"encoding/json"
-	"io/ioutil"
-	"os"
-	"path/filepath"
 	"testing"
-
-	"github.com/stretchr/testify/assert"
 )
 
 func TestConfig(t *testing.T) {
 	c := NewConfig()
-	assert.NotNil(t, c.Auths)
-	assert.NotNil(t, c.CredHelpers)
 
 	c.SetAuth(RegistryV1, "test", "password")
-	expectedAuth := Auth{Auth: "dGVzdDpwYXNzd29yZA=="}
-	assert.Equal(t, expectedAuth, c.Auths[RegistryV1])
-
 	c.SetCredHelper(RegistryECRPublic, "ecr-login")
-	assert.Equal(t, "ecr-login", c.CredHelpers[RegistryECRPublic])
 
-	tempDir, err := ioutil.TempDir("", "docker-config-test")
-	assert.NoError(t, err)
-	defer os.RemoveAll(tempDir)
-
-	credentials := []RegistryCredentials{
-		{
-			Registry: "https://index.docker.io/v1/",
-			Username: "user1",
-			Password: "pass1",
-		},
-		{
-			Registry: "gcr.io",
-			Username: "user2",
-			Password: "pass2",
-		},
+	bytes, err := json.Marshal(c)
+	if err != nil {
+		t.Error("json marshal failed")
 	}
 
-	err = c.CreateDockerConfig(credentials, tempDir)
-	assert.NoError(t, err)
+	want := `{"auths":{"https://index.docker.io/v1/":{"auth":"dGVzdDpwYXNzd29yZA=="}},"credHelpers":{"public.ecr.aws":"ecr-login"}}`
+	got := string(bytes)
 
-	configPath := filepath.Join(tempDir, "config.json")
-	data, err := ioutil.ReadFile(configPath)
-	assert.NoError(t, err)
-
-	var configFromFile Config
-	err = json.Unmarshal(data, &configFromFile)
-	assert.NoError(t, err)
-
-	assert.Equal(t, c.Auths, configFromFile.Auths)
-	assert.Equal(t, c.CredHelpers, configFromFile.CredHelpers)
+	if want != got {
+		t.Errorf("unexpected json output:\n  want: %s\n   got: %s", want, got)
+	}
 }

pkg/docker/docker_file.go

@@ -0,0 +1,35 @@
+package docker
+
+import (
+	"encoding/base64"
+	"fmt"
+	"io/ioutil"
+	"os"
+
+	"github.com/pkg/errors"
+)
+
+// Create the docker config file for authentication
+func CreateDockerCfgFile(username, password, registry, path string) error {
+	if username == "" {
+		return fmt.Errorf("Username must be specified")
+	}
+	if password == "" {
+		return fmt.Errorf("Password must be specified")
+	}
+
+	err := os.MkdirAll(path, 0600)
+	if err != nil {
+		return errors.Wrap(err, fmt.Sprintf("failed to create %s directory", path))
+	}
+
+	authBytes := []byte(fmt.Sprintf("%s:%s", username, password))
+	encodedString := base64.StdEncoding.EncodeToString(authBytes)
+	jsonBytes := []byte(fmt.Sprintf(`{"auths": {"%s": {"auth": "%s"}}}`, "https://"+registry, encodedString))
+	filePath := path + "/config.json"
+	err = ioutil.WriteFile(filePath, jsonBytes, 0644)
+	if err != nil {
+		return errors.Wrap(err, "failed to create docker config file")
+	}
+	return nil
+}