Merge pull request #58 from drone/aman-fix-acr

Fix cert not working in ACR
addressed comments
2026-06-16 14:49:02 +08:00 · 2022-08-03 15:06:01 +05:30 · 2022-08-03 13:14:03 +05:30 · 2022-08-03 13:09:41 +05:30 · 2022-08-03 13:07:49 +05:30 · 2022-08-03 13:07:27 +05:30
4 changed files with 31 additions and 15 deletions
@@ -2,3 +2,4 @@ release
 coverage.out
 vendor
 .idea
+.vscode
@@ -17,6 +17,7 @@ export GO111MODULE=on
 go build -v -a -tags netgo -o release/linux/amd64/kaniko-docker ./cmd/kaniko-docker
 go build -v -a -tags netgo -o release/linux/amd64/kaniko-gcr ./cmd/kaniko-gcr
 go build -v -a -tags netgo -o release/linux/amd64/kaniko-ecr ./cmd/kaniko-ecr
+go build -v -a -tags netgo -o release/linux/amd64/kaniko-acr ./cmd/kaniko-acr
 ```

 ## Docker
@@ -28,6 +29,11 @@ docker build \
  --label org.label-schema.build-date=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
  --label org.label-schema.vcs-ref=$(git rev-parse --short HEAD) \
  --file docker/docker/Dockerfile.linux.amd64 --tag plugins/kaniko .
+  
+docker build \
+  --label org.label-schema.build-date=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
+  --label org.label-schema.vcs-ref=$(git rev-parse --short HEAD) \
+  --file docker/acr/Dockerfile.linux.amd64 --tag plugins/kaniko-acr .

 docker build \
  --label org.label-schema.build-date=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
@@ -2,6 +2,7 @@ package main

 import (
 	"context"
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -26,7 +27,7 @@ const (
 	clientSecretKeyEnv string = "AZURE_CLIENT_SECRET"
 	tenantKeyEnv       string = "AZURE_TENANT_ID"
 	certPathEnv        string = "AZURE_CLIENT_CERTIFICATE_PATH"
-	dockerConfigPath   string = "/kaniko/.docker/config.json"
+	dockerConfigPath   string = "/kaniko/.docker"
 	defaultDigestFile  string = "/kaniko/digest-file"
 )

@@ -130,7 +131,7 @@ func main() {
 		},
 		cli.StringFlag{
 			Name:   "client-cert",
-			Usage:  "Azure client certificate",
+			Usage:  "Azure client certificate encoded in base64 format",
 			EnvVar: "CLIENT_CERTIFICATE",
 		},
 		cli.StringFlag{
@@ -296,7 +297,7 @@ func getACRToken(tenantId, clientId, clientSecret, cert, registry string) (strin
 	}

 	if clientSecret == "" && cert == "" {
-		return "", fmt.Errorf("one of client secert or cert should be defined")
+		return "", fmt.Errorf("one of client secret or cert should be defined")
 	}

 	// in case of authentication via cert
@@ -307,15 +308,22 @@ func getACRToken(tenantId, clientId, clientSecret, cert, registry string) (strin
 		}
 	}

-	// TODO check for presence of file as well.
-	os.Setenv(clientIdEnv, clientId)
-	os.Setenv(clientSecretKeyEnv, clientSecret)
-	os.Setenv(tenantKeyEnv, tenantId)
+	if err := os.Setenv(clientIdEnv, clientId); err != nil {
+		return "", errors.Wrap(err, "failed to set env variable client Id")
+	}
+	if err := os.Setenv(clientSecretKeyEnv, clientSecret); err != nil {
+		return "", errors.Wrap(err, "failed to set env variable client secret")
+	}
+	if err := os.Setenv(tenantKeyEnv, tenantId); err != nil {
+		return "", errors.Wrap(err, "failed to set env variable tenant Id")
+	}
+	if err := os.Setenv(certPathEnv, ACRCertPath); err != nil {
+		return "", errors.Wrap(err, "failed to set env variable cert path")
+	}
 	env, err := azidentity.NewEnvironmentCredential(nil)
 	if err != nil {
 		return "", errors.Wrap(err, "failed to get env credentials from azure")
 	}
-
 	policy := policy.TokenRequestOptions{
 		Scopes: []string{"https://management.azure.com/.default"},
 	}
@@ -366,14 +374,14 @@ func fetchACRToken(tenantId, token, registry string) (string, error) {
 	return "", errors.New("failed to get refresh token from acr")
 }

-func setupACRCert(jsonKey string) error {
-	err := ioutil.WriteFile(ACRCertPath, []byte(jsonKey), 0644)
+func setupACRCert(cert string) error {
+	decoded, err := base64.StdEncoding.DecodeString(cert)
+	if err != nil {
+		return errors.Wrap(err, "failed to base64 decode ACR certificate")
+	}
+	err = ioutil.WriteFile(ACRCertPath, []byte(decoded), 0644)
 	if err != nil {
 		return errors.Wrap(err, "failed to write ACR certificate")
 	}
-	err = os.Setenv(certPathEnv, ACRCertPath)
-	if err != nil {
-		return errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", certPathEnv))
-	}
 	return nil
 }
@@ -26,7 +26,8 @@ func CreateDockerCfgFile(username, password, registry, path string) error {
 	authBytes := []byte(fmt.Sprintf("%s:%s", username, password))
 	encodedString := base64.StdEncoding.EncodeToString(authBytes)
 	jsonBytes := []byte(fmt.Sprintf(`{"auths": {"%s": {"auth": "%s"}}}`, "https://"+registry, encodedString))
-	err = ioutil.WriteFile(path, jsonBytes, 0644)
+	filePath := path + "/config.json"
+	err = ioutil.WriteFile(filePath, jsonBytes, 0644)
 	if err != nil {
 		return errors.Wrap(err, "failed to create docker config file")
 	}
Author	SHA1	Message	Date
Aman Singh	33e44ca23a	Merge pull request #58 from drone/aman-fix-acr Fix cert not working in ACR	2022-08-03 15:06:01 +05:30
Aman Singh	1409e80406	addressed comments	2022-08-03 13:14:03 +05:30
Aman Singh	97ecf9b992	addressed comments	2022-08-03 13:09:41 +05:30
Aman Singh	0ae1cbc382	addressed comments	2022-08-03 13:07:49 +05:30
Aman Singh	fe57a616ed	addressed comments	2022-08-03 13:07:27 +05:30
Aman Singh	4da1f904b0	Update README.md	2022-08-03 12:56:58 +05:30
Aman Singh	eaeab5fddb	updated .gitignore	2022-08-03 12:54:53 +05:30
Aman Singh	546dc21a7e	removed fmt.print	2022-08-03 12:53:16 +05:30
Aman Singh	d0df077e6e	fix cert issue in acr images	2022-08-03 12:50:10 +05:30
Aman Singh	d96c3d05e8	fixed acr	2022-08-02 09:26:23 +05:30