fix: [CI-11358]: fix kaniko executor Vulnerabilities

cmd/kaniko-acr/main.go

@@ -23,11 +23,12 @@ import (
 )
 
 const (
+	dockerPath         string = "/kaniko/.docker"
 	clientIdEnv        string = "AZURE_CLIENT_ID"
 	clientSecretKeyEnv string = "AZURE_CLIENT_SECRET"
-	dockerConfigPath   string = "/kaniko/.docker"
 	tenantKeyEnv       string = "AZURE_TENANT_ID"
 	certPathEnv        string = "AZURE_CLIENT_CERTIFICATE_PATH"
+	dockerConfigPath   string = "/kaniko/.docker"
 	defaultDigestFile  string = "/kaniko/digest-file"
 	finalUrl           string = "https://portal.azure.com/#view/Microsoft_Azure_ContainerRegistries/TagMetadataBlade/registryId/"
 )
@@ -121,21 +122,6 @@ func main() {
 			Usage:  "ACR registry",
 			EnvVar: "PLUGIN_REGISTRY",
 		},
-		cli.StringFlag{
-			Name:   "base-image-registry",
-			Usage:  "Docker registry for base image",
-			EnvVar: "PLUGIN_DOCKER_REGISTRY,PLUGIN_BASE_IMAGE_REGISTRY,DOCKER_REGISTRY",
-		},
-		cli.StringFlag{
-			Name:   "base-image-username",
-			Usage:  "Docker username for base image registry",
-			EnvVar: "PLUGIN_DOCKER_USERNAME,PLUGIN_BASE_IMAGE_USERNAME,DOCKER_USERNAME",
-		},
-		cli.StringFlag{
-			Name:   "base-image-password",
-			Usage:  "Docker password for base image registry",
-			EnvVar: "PLUGIN_DOCKER_PASSWORD,PLUGIN_BASE_IMAGE_PASSWORD,DOCKER_PASSWORD",
-		},
 		cli.StringSliceFlag{
 			Name:   "registry-mirrors",
 			Usage:  "docker registry mirrors",
@@ -390,9 +376,6 @@ func run(c *cli.Context) error {
 		c.String("client-secret"),
 		c.String("subscription-id"),
 		registry,
-		c.String("base-image-username"),
-		c.String("base-image-password"),
-		c.String("base-image-registry"),
 		noPush,
 	)
 	if err != nil {
@@ -474,7 +457,7 @@ func run(c *cli.Context) error {
 }
 
 func setupAuth(tenantId, clientId, cert,
-	clientSecret, subscriptionId, registry, dockerUsername, dockerPassword, dockerRegistry string, noPush bool) (string, error) {
+	clientSecret, subscriptionId, registry string, noPush bool) (string, error) {
 	if registry == "" {
 		return "", fmt.Errorf("registry must be specified")
 	}
@@ -491,9 +474,8 @@ func setupAuth(tenantId, clientId, cert,
 		if err != nil {
 			return "", errors.Wrap(err, "failed to fetch ACR Token")
 		}
-
+		err = docker.CreateDockerCfgFile(username, token, registry, dockerConfigPath)
-		// setup docker config for azure registry and base image docker registry
+		if err != nil {
-		if err := setDockerAuth(username, token, registry, dockerUsername, dockerPassword, dockerRegistry); err != nil {
 			return "", errors.Wrap(err, "failed to create docker config")
 		}
 		return publicUrl, nil
@@ -667,25 +649,6 @@ func getPublicUrl(token, registryUrl, subscriptionId string) (string, error) {
 	return "", errors.New("did not receive any registry information from /subscriptions API")
 }
 
-func setDockerAuth(username, password, registry, dockerUsername, dockerPassword, dockerRegistry string) error {
-	dockerConfig := docker.NewConfig()
-	pushToRegistryCreds := docker.RegistryCredentials{
-		Registry: registry,
-		Username: username,
-		Password: password,
-	}
-
-	pullFromRegistryCreds := docker.RegistryCredentials{
-		Registry: dockerRegistry,
-		Username: dockerUsername,
-		Password: dockerPassword,
-	}
-
-	credentials := []docker.RegistryCredentials{pushToRegistryCreds, pullFromRegistryCreds}
-	return dockerConfig.CreateDockerConfig(credentials, dockerConfigPath)
-
-}
-
 func encodeParam(s string) string {
 	return url.QueryEscape(s)
 }

cmd/kaniko-acr/main_test.go

@@ -1,156 +0,0 @@
-package main
-
-import (
-	"encoding/base64"
-	"encoding/json"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"testing"
-
-	"github.com/drone/drone-kaniko/pkg/docker"
-	"github.com/stretchr/testify/assert"
-)
-
-const (
-	v2RegistryURL string = "https://index.docker.io/v2/" // v2 registry is not supported
-)
-
-func TestCreateDockerConfigWithBaseRegistry(t *testing.T) {
-	username := "user1"
-	password := "pass1"
-	registry := "azurecr.io"
-	dockerUsername := "dockeruser"
-	dockerPassword := "dockerpass"
-	dockerRegistry := "https://index.docker.io/v1/"
-	privateRegistry := "privateDockerRegistry"
-	privateRegistryUsername := "priaveUsername"
-	privateRegistryPassword := "privatePassword"
-
-	credentials := []docker.RegistryCredentials{
-		{
-			Registry: registry,
-			Username: username,
-			Password: password,
-		},
-		{
-			Registry: dockerRegistry,
-			Username: dockerUsername,
-			Password: dockerPassword,
-		},
-		{
-			Registry: privateRegistry,
-			Username: privateRegistryUsername,
-			Password: privateRegistryPassword,
-		},
-	}
-
-	tempDir, err := ioutil.TempDir("", "docker-config-test")
-	assert.NoError(t, err)
-	defer os.RemoveAll(tempDir)
-
-	config := docker.NewConfig()
-	err = config.CreateDockerConfig(credentials, tempDir)
-	assert.NoError(t, err)
-
-	expectedAuth := docker.Auth{Auth: base64.StdEncoding.EncodeToString([]byte(username + ":" + password))}
-	assert.Equal(t, expectedAuth, config.Auths[registry])
-
-	expectedDockerAuth := docker.Auth{Auth: base64.StdEncoding.EncodeToString([]byte(dockerUsername + ":" + dockerPassword))}
-	assert.Equal(t, expectedDockerAuth, config.Auths[dockerRegistry])
-
-	configPath := filepath.Join(tempDir, "config.json")
-	data, err := ioutil.ReadFile(configPath)
-	assert.NoError(t, err)
-
-	var configFromFile docker.Config
-	err = json.Unmarshal(data, &configFromFile)
-	assert.NoError(t, err)
-
-	assert.Equal(t, config.Auths, configFromFile.Auths)
-
-	err = config.CreateDockerConfig([]docker.RegistryCredentials{
-		{
-			Registry: registry,
-			Username: "",
-			Password: password,
-		},
-	}, tempDir)
-	assert.EqualError(t, err, "Username must be specified for registry: "+registry)
-
-	err = config.CreateDockerConfig([]docker.RegistryCredentials{
-		{
-			Registry: registry,
-			Username: username,
-			Password: "",
-		},
-	}, tempDir)
-	assert.EqualError(t, err, "Password must be specified for registry: "+registry)
-
-	// v1 registry but without username password
-	err = config.CreateDockerConfig([]docker.RegistryCredentials{
-		{
-			Registry: registry,
-			Username: username,
-			Password: password,
-		},
-		{
-			Registry: dockerRegistry,
-			Username: "",
-			Password: "",
-		},
-	}, tempDir)
-	assert.EqualError(t, err, "Username must be specified for registry: "+dockerRegistry)
-
-	// private base registry without username/password
-	err = config.CreateDockerConfig([]docker.RegistryCredentials{
-		{
-			Registry: privateRegistry,
-			Username: "",
-			Password: "",
-		},
-	}, tempDir)
-	assert.EqualError(t, err, "Username must be specified for registry: "+privateRegistry)
-
-}
-
-func TestCreateDockerConfigWithoutBaseRegistry(t *testing.T) {
-	username := "user1"
-	password := "pass1"
-	registry := "azurecr.io"
-
-	credentials := []docker.RegistryCredentials{
-		{
-			Registry: registry,
-			Username: username,
-			Password: password,
-		},
-	}
-
-	// Create a temporary directory
-	tempDir, err := ioutil.TempDir("", "docker-config-test")
-	assert.NoError(t, err)
-	defer os.RemoveAll(tempDir)
-
-	config := docker.NewConfig()
-	err = config.CreateDockerConfig(credentials, tempDir)
-	assert.NoError(t, err)
-
-	expectedAuth := docker.Auth{Auth: base64.StdEncoding.EncodeToString([]byte(username + ":" + password))}
-	assert.Equal(t, expectedAuth, config.Auths[registry])
-
-	// Check the contents of the config.json file
-	configPath := filepath.Join(tempDir, "config.json")
-	data, err := ioutil.ReadFile(configPath)
-	assert.NoError(t, err)
-
-	var configFromFile docker.Config
-	err = json.Unmarshal(data, &configFromFile)
-	assert.NoError(t, err)
-
-	assert.Equal(t, config.Auths, configFromFile.Auths)
-
-	// Check if the public Docker Hub auth is not set
-	_, exists := config.Auths[""]
-	assert.False(t, exists)
-}

cmd/kaniko-docker/main.go

@@ -1,6 +1,9 @@
 package main
 
 import (
+	"encoding/base64"
+	"fmt"
+	"io/ioutil"
 	"os"
 	"strings"
 
@@ -11,7 +14,6 @@ import (
 
 	kaniko "github.com/drone/drone-kaniko"
 	"github.com/drone/drone-kaniko/pkg/artifact"
-	"github.com/drone/drone-kaniko/pkg/docker"
 )
 
 const (
@@ -19,7 +21,9 @@ const (
 	dockerPath       string = "/kaniko/.docker"
 	dockerConfigPath string = "/kaniko/.docker/config.json"
 
-	v1RegistryURL string = "https://index.docker.io/v1/" // Default registry
+	v1RegistryURL    string = "https://index.docker.io/v1/" // Default registry
+	v2RegistryURL    string = "https://index.docker.io/v2/" // v2 registry is not supported
+	v2HubRegistryURL string = "https://registry.hub.docker.com/v2/"
 
 	defaultDigestFile string = "/kaniko/digest-file"
 )
@@ -118,15 +122,10 @@ func main() {
 		},
 		cli.StringFlag{
 			Name:   "registry",
-			Usage:  "docker registry of registry to push image to",
+			Usage:  "docker registry",
 			Value:  v1RegistryURL,
 			EnvVar: "PLUGIN_REGISTRY",
 		},
-		cli.StringFlag{
-			Name:   "base-image-registry",
-			Usage:  "Docker registry for base image",
-			EnvVar: "PLUGIN_DOCKER_REGISTRY,PLUGIN_BASE_IMAGE_REGISTRY,DOCKER_REGISTRY",
-		},
 		cli.StringSliceFlag{
 			Name:   "registry-mirrors",
 			Usage:  "docker registry mirrors",
@@ -134,24 +133,14 @@ func main() {
 		},
 		cli.StringFlag{
 			Name:   "username",
-			Usage:  "docker username of registry to push image to",
+			Usage:  "docker username",
 			EnvVar: "PLUGIN_USERNAME",
 		},
-		cli.StringFlag{
-			Name:   "base-image-username",
-			Usage:  "Docker username for base image registry",
-			EnvVar: "PLUGIN_DOCKER_USERNAME,PLUGIN_BASE_IMAGE_USERNAME,DOCKER_USERNAME",
-		},
 		cli.StringFlag{
 			Name:   "password",
-			Usage:  "docker password of registry to push image to",
+			Usage:  "docker password",
 			EnvVar: "PLUGIN_PASSWORD",
 		},
-		cli.StringFlag{
-			Name:   "base-image-password",
-			Usage:  "Docker password for base image registry",
-			EnvVar: "PLUGIN_DOCKER_PASSWORD,PLUGIN_BASE_IMAGE_PASSWORD,DOCKER_PASSWORD",
-		},
 		cli.BoolFlag{
 			Name:   "skip-tls-verify",
 			Usage:  "Skip registry tls verify",
@@ -374,23 +363,16 @@ func run(c *cli.Context) error {
 	username := c.String("username")
 	noPush := c.Bool("no-push")
 	configOverride := c.String("dockerconfig")
-	// if configOverride is provided, use this directly to write to docker config file
+
+	// if configOverride is provided, use this for docker auth
 	if len(configOverride) > 0 {
-		if err := docker.WriteDockerConfig([]byte(configOverride), dockerPath); err != nil {
+		if err := writeDockerCfgFile([]byte(configOverride)); err != nil {
 			return err
 		}
 	} else if !noPush || username != "" {
-		// setup auth when pushing/pulling or credentials are defined and docker config override is false
+		// setup auth when pushing or credentials are defined and docker config override is false
-		err := setDockerAuth(
+		if err := createDockerCfgFile(username, c.String("password"), c.String("registry")); err != nil {
-			c.String("username"),
+			return err
-			c.String("password"),
-			c.String("registry"),
-			c.String("base-image-username"),
-			c.String("base-image-password"),
-			c.String("base-image-registry"),
-		)
-		if err != nil {
-			return errors.Wrap(err, "failed to create docker config")
 		}
 	}
 
@@ -448,9 +430,8 @@ func run(c *cli.Context) error {
 			SkipTLSVerifyRegistry:       c.Bool("skip-tls-verify-registry"),
 			UseNewRun:                   c.Bool("use-new-run"),
 			IgnorePath:                  c.String("ignore-path"),
-
+			ImageFSExtractRetry:         c.Int("image-fs-extract-retry"),
-			ImageFSExtractRetry: c.Int("image-fs-extract-retry"),
+			ImageDownloadRetry:          c.Int("image-download-retry"),
-			ImageDownloadRetry:  c.Int("image-download-retry"),
 		},
 		Artifact: kaniko.Artifact{
 			Tags:         c.StringSlice("tags"),
@@ -474,25 +455,45 @@ func run(c *cli.Context) error {
 	return plugin.Exec()
 }
 
-func setDockerAuth(username, password, registry, baseImageUsername, baseImagePassword, baseImageRegistry string) error {
+// Create the docker config file for authentication
-	dockerConfig := docker.NewConfig()
+func createDockerCfgFile(username, password, registry string) error {
-	pushToRegistryCreds := docker.RegistryCredentials{
+	if username == "" {
-		Registry: registry,
+		return fmt.Errorf("Username must be specified")
-		Username: username,
+	}
-		Password: password,
+	if password == "" {
+		return fmt.Errorf("Password must be specified")
+	}
+	if registry == "" {
+		return fmt.Errorf("Registry must be specified")
 	}
-	credentials := []docker.RegistryCredentials{pushToRegistryCreds}
 
-	if baseImageRegistry != "" {
+	if registry == v2RegistryURL || registry == v2HubRegistryURL {
-		pullFromRegistryCreds := docker.RegistryCredentials{
+		fmt.Println("Docker v2 registry is not supported in kaniko. Refer issue: https://github.com/GoogleContainerTools/kaniko/issues/1209")
-			Registry: baseImageRegistry,
+		fmt.Printf("Using v1 registry instead: %s\n", v1RegistryURL)
-			Username: baseImageUsername,
+		registry = v1RegistryURL
-			Password: baseImagePassword,
-		}
-		credentials = append(credentials, pullFromRegistryCreds)
 	}
-	// Creates docker config for both the regustries used for authentication
+
-	return dockerConfig.CreateDockerConfig(credentials, dockerPath)
+	authBytes := []byte(fmt.Sprintf("%s:%s", username, password))
+	encodedString := base64.StdEncoding.EncodeToString(authBytes)
+	jsonBytes := []byte(fmt.Sprintf(`{"auths": {"%s": {"auth": "%s"}}}`, registry, encodedString))
+
+	if err := writeDockerCfgFile(jsonBytes); err != nil {
+		return errors.Wrap(err, "failed to write docker config file")
+	}
+	return nil
+}
+
+// Write json bytes in the docker config file
+func writeDockerCfgFile(jsonBytes []byte) error {
+	err := os.MkdirAll(dockerPath, 0600)
+	if err != nil {
+		return errors.Wrap(err, fmt.Sprintf("failed to create %s directory", dockerPath))
+	}
+	err = ioutil.WriteFile(dockerConfigPath, jsonBytes, 0644)
+	if err != nil {
+		return errors.Wrap(err, "failed to create docker config file")
+	}
+	return nil
 }
 
 func buildRepo(registry, repo string, expandRepo bool) string {

cmd/kaniko-docker/main_test.go

@@ -1,12 +1,6 @@
 package main
 
-import (
+import "testing"
-	"io/ioutil"
-	"os"
-	"testing"
-
-	"github.com/drone/drone-kaniko/pkg/docker"
-)
 
 func Test_buildRepo(t *testing.T) {
 	tests := []struct {
@@ -41,83 +35,3 @@ func Test_buildRepo(t *testing.T) {
 		})
 	}
 }
-
-func TestCreateDockerConfig(t *testing.T) {
-	config := docker.NewConfig()
-	tempDir, err := ioutil.TempDir("", "docker-config-test")
-	if err != nil {
-		t.Fatalf("Failed to create temporary directory: %v", err)
-	}
-	defer os.RemoveAll(tempDir)
-
-	tests := []struct {
-		name        string
-		credentials []docker.RegistryCredentials
-		wantErr     bool
-	}{
-		{
-			name: "valid credentials",
-			credentials: []docker.RegistryCredentials{
-				{
-					Registry: "https://index.docker.io/v1/",
-					Username: "testuser",
-					Password: "testpassword",
-				},
-			},
-			wantErr: false,
-		},
-		{
-			name: "v2 registry",
-			credentials: []docker.RegistryCredentials{
-				{
-					Registry: "https://index.docker.io/v2/",
-					Username: "testuser",
-					Password: "testpassword",
-				},
-			},
-			wantErr: false,
-		},
-		{
-			name: "docker registry credentials",
-			credentials: []docker.RegistryCredentials{
-				{
-					Registry: "https://index.docker.io/v1/",
-					Username: "testuser",
-					Password: "testpassword",
-				},
-				{
-					Registry: "https://docker.io",
-					Username: "dockeruser",
-					Password: "dockerpassword",
-				},
-			},
-			wantErr: false,
-		},
-		{
-			name: "empty docker registry",
-			credentials: []docker.RegistryCredentials{
-				{
-					Registry: "https://index.docker.io/v1/",
-					Username: "testuser",
-					Password: "testpassword",
-				},
-				{
-					Registry: "https://docker.io",
-					Username: "dockeruser",
-					Password: "",
-				},
-			},
-			wantErr: true,
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			err := config.CreateDockerConfig(tt.credentials, tempDir)
-			if (err != nil) != tt.wantErr {
-				t.Errorf("CreateDockerConfig() error = %v, wantErr %v", err, tt.wantErr)
-				return
-			}
-		})
-	}
-}

cmd/kaniko-ecr/main.go

@@ -3,6 +3,7 @@ package main
 import (
 	"context"
 	"encoding/base64"
+	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"os"
@@ -31,8 +32,8 @@ import (
 
 const (
 	accessKeyEnv     string = "AWS_ACCESS_KEY_ID"
-	dockerConfigPath string = "/kaniko/.docker"
 	secretKeyEnv     string = "AWS_SECRET_ACCESS_KEY"
+	dockerConfigPath string = "/kaniko/.docker/config.json"
 	ecrPublicDomain  string = "public.ecr.aws"
 	kanikoVersionEnv string = "KANIKO_VERSION"
 
@@ -66,18 +67,18 @@ func main() {
 		},
 		cli.StringFlag{
 			Name:   "docker-registry",
-			Usage:  "Docker registry for base image",
+			Usage:  "docker registry",
-			EnvVar: "PLUGIN_DOCKER_REGISTRY,DOCKER_REGISTRY,PLUGIN_BASE_IMAGE_REGISTRY",
+			EnvVar: "PLUGIN_DOCKER_REGISTRY,DOCKER_REGISTRY",
 		},
 		cli.StringFlag{
 			Name:   "docker-username",
-			Usage:  "Docker username for base image registry",
+			Usage:  "docker username",
-			EnvVar: "PLUGIN_USERNAME,PLUGIN_DOCKER_USERNAME,PLUGIN_BASE_IMAGE_USERNAME,DOCKER_USERNAME",
+			EnvVar: "PLUGIN_USERNAME,DOCKER_USERNAME",
 		},
 		cli.StringFlag{
 			Name:   "docker-password",
-			Usage:  "Docker password for base image registry",
+			Usage:  "docker password",
-			EnvVar: "PLUGIN_PASSWORD,PLUGIN_DOCKER_PASSWORD,PLUGIN_BASE_IMAGE_PASSWORD,DOCKER_PASSWORD",
+			EnvVar: "PLUGIN_PASSWORD,DOCKER_PASSWORD",
 		},
 		cli.StringFlag{
 			Name:   "context",
@@ -399,8 +400,7 @@ func run(c *cli.Context) error {
 	assumeRole := c.String("assume-role")
 	externalId := c.String("external-id")
 
-	// setup docker config for azure registry and base image docker registry
+	dockerConfig, err := createDockerConfig(
-	err := setDockerAuth(
 		c.String("docker-registry"),
 		c.String("docker-username"),
 		c.String("docker-password"),
@@ -413,7 +413,16 @@ func run(c *cli.Context) error {
 		noPush,
 	)
 	if err != nil {
-		return errors.Wrap(err, "failed to create docker config")
+		return err
+	}
+
+	jsonBytes, err := json.Marshal(dockerConfig)
+	if err != nil {
+		return err
+	}
+
+	if err := ioutil.WriteFile(dockerConfigPath, jsonBytes, 0644); err != nil {
+		return err
 	}
 
 	// only create repository when pushing and create-repository is true
@@ -517,49 +526,41 @@ func run(c *cli.Context) error {
 	return plugin.Exec()
 }
 
-func setDockerAuth(dockerRegistry, dockerUsername, dockerPassword, accessKey, secretKey,
+func createDockerConfig(dockerRegistry, dockerUsername, dockerPassword, accessKey, secretKey,
-	registry, assumeRole, externalId, region string, noPush bool) error {
+	registry, assumeRole, externalId, region string, noPush bool) (*docker.Config, error) {
 	dockerConfig := docker.NewConfig()
-	credentials := []docker.RegistryCredentials{}
+
-	// set docker credentials for base image registry
+	if dockerUsername != "" {
-	if dockerRegistry != "" {
+		// if no docker registry provided, use dockerhub by default
-		pullFromRegistryCreds := docker.RegistryCredentials{
+		if len(dockerRegistry) == 0 {
-			Registry: dockerRegistry,
+			dockerRegistry = docker.RegistryV1
-			Username: dockerUsername,
-			Password: dockerPassword,
 		}
-		credentials = append(credentials, pullFromRegistryCreds)
+		dockerConfig.SetAuth(dockerRegistry, dockerUsername, dockerPassword)
 	}
 
 	if assumeRole != "" {
 		var err error
 		username, password, registry, err := getAssumeRoleCreds(region, assumeRole, externalId, "")
 		if err != nil {
-			return err
+			return nil, err
 		}
-		pushToRegistryCreds := docker.RegistryCredentials{
+		dockerConfig.SetAuth(registry, username, password)
-			Registry: registry,
-			Username: username,
-			Password: password,
-		}
-		credentials = append(credentials, pushToRegistryCreds)
-
 	} else if !noPush || accessKey != "" {
 		// only setup auth when pushing or credentials are defined
 		if registry == "" {
-			return fmt.Errorf("registry must be specified")
+			return nil, fmt.Errorf("registry must be specified")
 		}
 
 		// If IAM role is used, access key & secret key are not required
 		if accessKey != "" && secretKey != "" {
 			err := os.Setenv(accessKeyEnv, accessKey)
 			if err != nil {
-				return errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", accessKeyEnv))
+				return nil, errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", accessKeyEnv))
 			}
 
 			err = os.Setenv(secretKeyEnv, secretKey)
 			if err != nil {
-				return errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", secretKeyEnv))
+				return nil, errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", secretKeyEnv))
 			}
 		}
 
@@ -570,7 +571,8 @@ func setDockerAuth(dockerRegistry, dockerUsername, dockerPassword, accessKey, se
 			dockerConfig.SetCredHelper(registry, "ecr-login")
 		}
 	}
-	return dockerConfig.CreateDockerConfig(credentials, dockerConfigPath)
+
+	return dockerConfig, nil
 }
 
 func createRepository(region, repo, registry, assumeRole, externalId string) error {

cmd/kaniko-ecr/main_test.go

@@ -1,45 +1,129 @@
 package main
 
 import (
-	"encoding/base64"
-	"io/ioutil"
 	"os"
+	"reflect"
 	"testing"
 
 	"github.com/drone/drone-kaniko/pkg/docker"
-	"github.com/stretchr/testify/assert"
 )
 
-func TestCreateDockerConfigForECRWithBaseRegistry(t *testing.T) {
+func TestCreateDockerConfig(t *testing.T) {
-	accessKey := "access-key"
+	got, err := createDockerConfig(
-	secretKey := "secret-key"
+		"",
-	ecrRegistry := "ecr-registry"
+		"docker-username",
-	dockerUsername := "dockeruser"
+		"docker-password",
-	dockerPassword := "dockerpass"
+		"access-key",
-	dockerRegistry := "https://index.docker.io/v1/"
+		"secret-key",
-
+		"ecr-registry",
-	tempDir, err := ioutil.TempDir("", "docker-config-test")
+		"",
-	assert.NoError(t, err)
+		"",
-	defer os.RemoveAll(tempDir)
+		"",
-
+		false,
-	config := docker.NewConfig()
+	)
-
+	if err != nil {
-	pullFromRegistryCreds := docker.RegistryCredentials{
+		t.Error("failed to create docker config")
-		Registry: dockerRegistry,
-		Username: dockerUsername,
-		Password: dockerPassword,
-	}
-	credentials := []docker.RegistryCredentials{
-		{Registry: ecrRegistry, Username: accessKey, Password: secretKey},
-		pullFromRegistryCreds,
 	}
 
-	err = config.CreateDockerConfig(credentials, tempDir)
+	want := docker.NewConfig()
-	assert.NoError(t, err)
+	want.SetAuth(docker.RegistryV1, "docker-username", "docker-password")
+	want.SetCredHelper(docker.RegistryECRPublic, "ecr-login")
+	want.SetCredHelper("ecr-registry", "ecr-login")
 
-	expectedECRAuth := docker.Auth{Auth: base64.StdEncoding.EncodeToString([]byte(accessKey + ":" + secretKey))}
+	if !reflect.DeepEqual(want, got) {
-	assert.Equal(t, expectedECRAuth, config.Auths[ecrRegistry])
+		t.Errorf("not equal:\n  want: %#v\n   got: %#v", want, got)
+	}
+}
 
-	expectedDockerAuth := docker.Auth{Auth: base64.StdEncoding.EncodeToString([]byte(dockerUsername + ":" + dockerPassword))}
+func TestCreateDockerConfigFromGivenRegistry(t *testing.T) {
-	assert.Equal(t, expectedDockerAuth, config.Auths[dockerRegistry])
+	got, err := createDockerConfig(
-}
+		"docker-registry",
+		"docker-username",
+		"docker-password",
+		"access-key",
+		"secret-key",
+		"ecr-registry",
+		"",
+		"",
+		"",
+		false,
+	)
+	if err != nil {
+		t.Error("failed to create docker config")
+	}
+
+	want := docker.NewConfig()
+	want.SetAuth("docker-registry", "docker-username", "docker-password")
+	want.SetCredHelper(docker.RegistryECRPublic, "ecr-login")
+	want.SetCredHelper("ecr-registry", "ecr-login")
+	if !reflect.DeepEqual(want, got) {
+		t.Errorf("not equal:\n  want: %#v\n   got: %#v", want, got)
+	}
+}
+
+func TestCreateDockerConfigKanikoOneDotEight(t *testing.T) {
+	os.Setenv(kanikoVersionEnv, "1.8.1")
+	defer os.Setenv(kanikoVersionEnv, "")
+	got, err := createDockerConfig(
+		"",
+		"docker-username",
+		"docker-password",
+		"access-key",
+		"secret-key",
+		"ecr-registry",
+		"",
+		"",
+		"",
+		false,
+	)
+	if err != nil {
+		t.Error("failed to create docker config")
+	}
+
+	want := docker.NewConfig()
+	want.SetAuth(docker.RegistryV1, "docker-username", "docker-password")
+
+	if !reflect.DeepEqual(want, got) {
+		t.Errorf("not equal:\n  want: %#v\n   got: %#v", want, got)
+	}
+}
+
+func TestVersionComparison(t *testing.T) {
+	tests := []struct {
+		title    string
+		version  string
+		expected bool
+	}{
+		{
+			title:    "Kaniko 1.6.0 version",
+			version:  "1.6.0",
+			expected: true,
+		},
+		{
+			title:    "Kaniko 1.8.0 version",
+			version:  "1.8.0",
+			expected: false,
+		},
+		{
+			title:    "Kaniko 1.8.1 version",
+			version:  "1.8.1",
+			expected: false,
+		},
+		{
+			title:    "Empty kaniko version",
+			version:  "",
+			expected: true,
+		},
+		{
+			title:    "Kaniko version 1.10.0",
+			version:  "1.10.0",
+			expected: false,
+		},
+	}
+	for _, test := range tests {
+		got := isKanikoVersionBelowOneDotEight(test.version)
+		if got != test.expected {
+			t.Fatalf("test name: %s, expected: %v, got: %v", test.title, test.expected, got)
+		}
+	}
+}

cmd/kaniko-gar/main.go

@@ -12,14 +12,12 @@ import (
 
 	kaniko "github.com/drone/drone-kaniko"
 	"github.com/drone/drone-kaniko/pkg/artifact"
-	"github.com/drone/drone-kaniko/pkg/docker"
 )
 
 const (
-	dockerConfigPath string = "/kaniko/.docker"
 	// GAR JSON key file path
-	garKeyPath       string = "/kaniko/config.json"
+	garKeyPath     string = "/kaniko/config.json"
-	garEnvVariable   string = "GOOGLE_APPLICATION_CREDENTIALS"
+	garEnvVariable string = "GOOGLE_APPLICATION_CREDENTIALS"
 
 	defaultDigestFile string = "/kaniko/digest-file"
 )
@@ -111,21 +109,6 @@ func main() {
 			Usage:  "gar registry",
 			EnvVar: "PLUGIN_REGISTRY",
 		},
-		cli.StringFlag{
-			Name:   "base-image-username",
-			Usage:  "Docker username for base image registry",
-			EnvVar: "PLUGIN_DOCKER_USERNAME,PLUGIN_BASE_IMAGE_USERNAME,DOCKER_USERNAME",
-		},
-		cli.StringFlag{
-			Name:   "base-image-password",
-			Usage:  "Docker password for base image registry",
-			EnvVar: "PLUGIN_DOCKER_PASSWORD,PLUGIN_BASE_IMAGE_PASSWORD,DOCKER_PASSWORD",
-		},
-		cli.StringFlag{
-			Name:   "base-image-registry",
-			Usage:  "Docker registry for base image registry",
-			EnvVar: "PLUGIN_DOCKER_REGISTRY,PLUGIN_BASE_IMAGE_REGISTRY,DOCKER_REGISTRY",
-		},
 		cli.StringSliceFlag{
 			Name:   "registry-mirrors",
 			Usage:  "docker registry mirrors",
@@ -342,6 +325,7 @@ func main() {
 func run(c *cli.Context) error {
 	noPush := c.Bool("no-push")
 	jsonKey := c.String("json-key")
+
 	// JSON key may not be set in the following cases:
 	// 1. Image does not need to be pushed to GAR.
 	// 2. Workload identity is set on GKE in which pod will inherit the credentials via service account.
@@ -349,17 +333,6 @@ func run(c *cli.Context) error {
 		if err := setupGARAuth(jsonKey); err != nil {
 			return err
 		}
-
-		// setup docker config only when base image registry is specified
-		if c.String("base-image-registry") != ""{
-			if err := setDockerAuth(
-				c.String("base-image-username"),
-				c.String("base-image-password"),
-				c.String("base-image-registry"),
-			); err != nil {
-				return errors.Wrap(err, "failed to create docker config")
-			}
-		}
 	}
 
 	plugin := kaniko.Plugin{
@@ -436,18 +409,6 @@ func run(c *cli.Context) error {
 	return plugin.Exec()
 }
 
-func setDockerAuth(dockerUsername, dockerPassword, dockerRegistry string) (error) {
-	dockerConfig := docker.NewConfig()
-	dockerRegistryCreds := docker.RegistryCredentials{
-		Registry: dockerRegistry,
-		Username: dockerUsername,
-		Password: dockerPassword,
-	}
-	credentials := []docker.RegistryCredentials{dockerRegistryCreds}
-
-	return dockerConfig.CreateDockerConfig(credentials, dockerConfigPath)
-}
-
 func setupGARAuth(jsonKey string) error {
 	err := ioutil.WriteFile(garKeyPath, []byte(jsonKey), 0644)
 	if err != nil {

cmd/kaniko-gcr/main.go

@@ -12,14 +12,12 @@ import (
 
 	kaniko "github.com/drone/drone-kaniko"
 	"github.com/drone/drone-kaniko/pkg/artifact"
-	"github.com/drone/drone-kaniko/pkg/docker"
 )
 
 const (
-	dockerConfigPath string = "/kaniko/.docker"
 	// GCR JSON key file path
-	gcrKeyPath       string = "/kaniko/config.json"
+	gcrKeyPath     string = "/kaniko/config.json"
-	gcrEnvVariable   string = "GOOGLE_APPLICATION_CREDENTIALS"
+	gcrEnvVariable string = "GOOGLE_APPLICATION_CREDENTIALS"
 
 	defaultDigestFile string = "/kaniko/digest-file"
 )
@@ -110,22 +108,7 @@ func main() {
 			Name:   "registry",
 			Usage:  "gcr registry",
 			Value:  "gcr.io",
-			EnvVar: "PLUGIN_REGISTRY,BASE_REGISTRY",
+			EnvVar: "PLUGIN_REGISTRY",
-		},
-		cli.StringFlag{
-			Name:   "base-image-username",
-			Usage:  "Docker username for base image registry",
-			EnvVar: "PLUGIN_DOCKER_USERNAME,PLUGIN_BASE_IMAGE_USERNAME,DOCKER_USERNAME",
-		},
-		cli.StringFlag{
-			Name:   "base-image-password",
-			Usage:  "Docker password for base image registry",
-			EnvVar: "PLUGIN_DOCKER_PASSWORD,PLUGIN_BASE_IMAGE_PASSWORD,DOCKER_PASSWORD",
-		},
-		cli.StringFlag{
-			Name:   "base-image-registry",
-			Usage:  "Docker registry for base image registry",
-			EnvVar: "PLUGIN_DOCKER_REGISTRY,PLUGIN_BASE_IMAGE_REGISTRY,DOCKER_REGISTRY",
 		},
 		cli.StringSliceFlag{
 			Name:   "registry-mirrors",
@@ -351,17 +334,6 @@ func run(c *cli.Context) error {
 		if err := setupGCRAuth(jsonKey); err != nil {
 			return err
 		}
-
-		// setup docker config only when base image registry is specified
-		if c.String("base-image-registry") != ""{
-			if err := setDockerAuth(
-				c.String("base-image-username"),
-				c.String("base-image-password"),
-				c.String("base-image-registry"),
-			); err != nil {
-				return errors.Wrap(err, "failed to create docker config")
-			}
-		}
 	}
 
 	plugin := kaniko.Plugin{
@@ -438,17 +410,6 @@ func run(c *cli.Context) error {
 	return plugin.Exec()
 }
 
-func setDockerAuth(dockerUsername, dockerPassword, dockerRegistry string) (error) {
-	dockerConfig := docker.NewConfig()
-	dockerRegistryCreds := docker.RegistryCredentials{
-		Registry: dockerRegistry,
-		Username: dockerUsername,
-		Password: dockerPassword,
-	}
-	credentials := []docker.RegistryCredentials{dockerRegistryCreds}
-	return dockerConfig.CreateDockerConfig(credentials, dockerConfigPath)
-}
-
 func setupGCRAuth(jsonKey string) error {
 	err := ioutil.WriteFile(gcrKeyPath, []byte(jsonKey), 0644)
 	if err != nil {

go.mod

@@ -10,14 +10,13 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.13.8
 	github.com/aws/smithy-go v1.12.0
 	github.com/coreos/go-semver v0.3.0
-	github.com/google/go-cmp v0.5.9
+	github.com/google/go-cmp v0.5.8
 	github.com/hashicorp/go-version v1.6.0
 	github.com/joho/godotenv v1.4.0
 	github.com/pkg/errors v0.9.1
-	github.com/sirupsen/logrus v1.9.3
+	github.com/sirupsen/logrus v1.8.1
-	github.com/stretchr/testify v1.8.4
 	github.com/urfave/cli v1.22.9
-	golang.org/x/mod v0.17.0
+	golang.org/x/mod v0.5.1
 )
 
 require (
@@ -31,20 +30,17 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.8 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.11.12 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sts v1.16.9 // indirect
-	github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa // indirect
 	golang.org/x/net v0.0.0-20220725212005-46097bf591d3 // indirect
-	golang.org/x/sys v0.19.0 // indirect
+	golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect
 	golang.org/x/text v0.3.7 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 
-go 1.22.0
+go 1.22

go.sum

@@ -38,8 +38,8 @@ github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J
 github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
+github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
-github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -50,9 +50,8 @@ github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keL
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU=
 github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
+github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
-github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -78,38 +77,36 @@ github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQD
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
-github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
-github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/urfave/cli v1.22.9 h1:cv3/KhXGBGjEXLC4bH0sLuJ9BewaAbpk5oyMOveu4pw=
 github.com/urfave/cli v1.22.9/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa h1:zuSxTR4o9y82ebqCUJYNGJbGPo6sKVl54f/TVDObg1c=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
+golang.org/x/mod v0.5.1 h1:OJxoQ/rynoF0dcCdI7cLPktw/hR2cueqYfjm43oqK38=
-golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220725212005-46097bf591d3 h1:2yWTtPWWRcISTw3/o+s/Y4UOMnQL71DWyToOANFusCg=
 golang.org/x/net v0.0.0-20220725212005-46097bf591d3/go.mod h1:AaygXjzTFtRAg2ttMY5RMuhpJ3cNnI0XpyFJD1iQRSM=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s=
-golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
-gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

pkg/docker/config.go

@@ -2,18 +2,7 @@ package docker
 
 import (
 	"encoding/base64"
-	"encoding/json"
 	"fmt"
-	"io/ioutil"
-	"os"
-
-	"github.com/pkg/errors"
-)
-
-const (
-	v2HubRegistryURL string = "https://registry.hub.docker.com/v2/"
-	v1RegistryURL    string = "https://index.docker.io/v1/" // Default registry
-	v2RegistryURL    string = "https://index.docker.io/v2/" // v2 registry is not supported
 )
 
 type (
@@ -23,25 +12,19 @@ type (
 
 	Config struct {
 		Auths       map[string]Auth   `json:"auths"`
-		CredHelpers map[string]string `json:"credHelpers,omitempty"`
+		CredHelpers map[string]string `json:"credHelpers"`
 	}
 )
 
-type RegistryCredentials struct {
-	Registry string
-	Username string
-	Password string
-}
-
 func NewConfig() *Config {
 	return &Config{
-		Auths:       make(map[string]Auth),
+		Auths:       map[string]Auth{},
-		CredHelpers: make(map[string]string),
+		CredHelpers: map[string]string{},
 	}
 }
 
 func (c *Config) SetAuth(registry, username, password string) {
-	authBytes := []byte(username + ":" + password)
+	authBytes := []byte(fmt.Sprintf("%s:%s", username, password))
 	encodedString := base64.StdEncoding.EncodeToString(authBytes)
 	c.Auths[registry] = Auth{Auth: encodedString}
 }
@@ -49,49 +32,3 @@ func (c *Config) SetAuth(registry, username, password string) {
 func (c *Config) SetCredHelper(registry, helper string) {
 	c.CredHelpers[registry] = helper
 }
-
-func (c *Config) CreateDockerConfig(credentials []RegistryCredentials, dockerPath string) error {
-	for _, cred := range credentials {
-		if cred.Registry != "" {
-			// update v2 docker registry to v1
-			if cred.Registry == v2RegistryURL || cred.Registry == v2HubRegistryURL {
-				fmt.Printf("Docker v2 registry '%s' is not supported in kaniko. Refer issue: https://github.com/GoogleContainerTools/kaniko/issues/1209\n", cred.Registry)
-				fmt.Printf("Using v1 registry instead: %s\n", v1RegistryURL)
-				cred.Registry = v1RegistryURL
-			}
-
-			if cred.Username == "" {
-				return fmt.Errorf("Username must be specified for registry: %s", cred.Registry)
-			}
-			if cred.Password == "" {
-				return fmt.Errorf("Password must be specified for registry: %s", cred.Registry)
-			}
-			c.SetAuth(cred.Registry, cred.Username, cred.Password)
-		}
-	}
-	jsonBytes, err := json.Marshal(c)
-	if err != nil {
-		return errors.Wrap(err, "failed to serialize docker config json")
-	}
-	if err := WriteDockerConfig(jsonBytes, dockerPath); err != nil {
-		return errors.Wrap(err, fmt.Sprintf("failed to write docker config to path: %s", dockerPath))
-	}
-	return nil
-}
-
-func WriteDockerConfig(data []byte, path string) (string error) {
-	err := os.MkdirAll(path, 0600)
-	if err != nil {
-		if !os.IsExist(err) {
-			return errors.Wrap(err, fmt.Sprintf("failed to create %s directory", path))
-		}
-	}
-
-	filePath := path + "/config.json"
-
-	err = ioutil.WriteFile(filePath, data, 0644)
-	if err != nil {
-		return errors.Wrap(err, fmt.Sprintf("failed to create docker config file at %s", path))
-	}
-	return nil
-}

pkg/docker/config_test.go

@@ -2,54 +2,24 @@ package docker
 
 import (
 	"encoding/json"
-	"io/ioutil"
-	"os"
-	"path/filepath"
 	"testing"
-
-	"github.com/stretchr/testify/assert"
 )
 
 func TestConfig(t *testing.T) {
 	c := NewConfig()
-	assert.NotNil(t, c.Auths)
-	assert.NotNil(t, c.CredHelpers)
 
 	c.SetAuth(RegistryV1, "test", "password")
-	expectedAuth := Auth{Auth: "dGVzdDpwYXNzd29yZA=="}
-	assert.Equal(t, expectedAuth, c.Auths[RegistryV1])
-
 	c.SetCredHelper(RegistryECRPublic, "ecr-login")
-	assert.Equal(t, "ecr-login", c.CredHelpers[RegistryECRPublic])
 
-	tempDir, err := ioutil.TempDir("", "docker-config-test")
+	bytes, err := json.Marshal(c)
-	assert.NoError(t, err)
+	if err != nil {
-	defer os.RemoveAll(tempDir)
+		t.Error("json marshal failed")
-
-	credentials := []RegistryCredentials{
-		{
-			Registry: "https://index.docker.io/v1/",
-			Username: "user1",
-			Password: "pass1",
-		},
-		{
-			Registry: "gcr.io",
-			Username: "user2",
-			Password: "pass2",
-		},
 	}
 
-	err = c.CreateDockerConfig(credentials, tempDir)
+	want := `{"auths":{"https://index.docker.io/v1/":{"auth":"dGVzdDpwYXNzd29yZA=="}},"credHelpers":{"public.ecr.aws":"ecr-login"}}`
-	assert.NoError(t, err)
+	got := string(bytes)
 
-	configPath := filepath.Join(tempDir, "config.json")
+	if want != got {
-	data, err := ioutil.ReadFile(configPath)
+		t.Errorf("unexpected json output:\n  want: %s\n   got: %s", want, got)
-	assert.NoError(t, err)
+	}
-
-	var configFromFile Config
-	err = json.Unmarshal(data, &configFromFile)
-	assert.NoError(t, err)
-
-	assert.Equal(t, c.Auths, configFromFile.Auths)
-	assert.Equal(t, c.CredHelpers, configFromFile.CredHelpers)
 }

pkg/docker/docker_file.go

@@ -0,0 +1,35 @@
+package docker
+
+import (
+	"encoding/base64"
+	"fmt"
+	"io/ioutil"
+	"os"
+
+	"github.com/pkg/errors"
+)
+
+// Create the docker config file for authentication
+func CreateDockerCfgFile(username, password, registry, path string) error {
+	if username == "" {
+		return fmt.Errorf("Username must be specified")
+	}
+	if password == "" {
+		return fmt.Errorf("Password must be specified")
+	}
+
+	err := os.MkdirAll(path, 0600)
+	if err != nil {
+		return errors.Wrap(err, fmt.Sprintf("failed to create %s directory", path))
+	}
+
+	authBytes := []byte(fmt.Sprintf("%s:%s", username, password))
+	encodedString := base64.StdEncoding.EncodeToString(authBytes)
+	jsonBytes := []byte(fmt.Sprintf(`{"auths": {"%s": {"auth": "%s"}}}`, "https://"+registry, encodedString))
+	filePath := path + "/config.json"
+	err = ioutil.WriteFile(filePath, jsonBytes, 0644)
+	if err != nil {
+		return errors.Wrap(err, "failed to create docker config file")
+	}
+	return nil
+}