public_git
/
kaniko
mirror of https://github.com/GoogleContainerTools/kaniko
1
0
Fork 0
Code Issues Releases Wiki Activity

Pick up per-repository auth changes from go-containerregistry (#1939)

This commit is contained in:
Jason Hall 2022-02-15 10:36:08 -05:00 committed by GitHub
parent 99a09a7153
commit 09e70e44d9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 63 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
go.mod
View File

@ -24,7 +24,7 @@ require (
github.com/godbus/dbus/v5 v5.0.6 // indirect github.com/godbus/dbus/v5 v5.0.6 // indirect
github.com/golang/mock v1.6.0 github.com/golang/mock v1.6.0
github.com/google/go-cmp v0.5.7 github.com/google/go-cmp v0.5.7
github.com/google/go-containerregistry v0.8.1-0.20220128225446-c63684ed5f15 github.com/google/go-containerregistry v0.8.1-0.20220214202839-625fe7b4276a
github.com/google/go-github v17.0.0+incompatible github.com/google/go-github v17.0.0+incompatible
github.com/google/slowjam v1.0.0 github.com/google/slowjam v1.0.0
github.com/karrick/godirwalk v1.16.1 github.com/karrick/godirwalk v1.16.1

2
go.sum
View File

@ -807,6 +807,8 @@ github.com/google/go-containerregistry v0.1.2/go.mod h1:GPivBPgdAyd2SU+vf6EpsgOt
github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0= github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0=
github.com/google/go-containerregistry v0.8.1-0.20220128225446-c63684ed5f15 h1:yzCJSh/ZFHLiZ92yidtkRRENjtJML4teFEch7vzuL+U= github.com/google/go-containerregistry v0.8.1-0.20220128225446-c63684ed5f15 h1:yzCJSh/ZFHLiZ92yidtkRRENjtJML4teFEch7vzuL+U=
github.com/google/go-containerregistry v0.8.1-0.20220128225446-c63684ed5f15/go.mod h1:cwx3SjrH84Rh9VFJSIhPh43ovyOp3DCWgY3h8nWmdGQ= github.com/google/go-containerregistry v0.8.1-0.20220128225446-c63684ed5f15/go.mod h1:cwx3SjrH84Rh9VFJSIhPh43ovyOp3DCWgY3h8nWmdGQ=
github.com/google/go-containerregistry v0.8.1-0.20220214202839-625fe7b4276a h1:dc718J30nnewleBWCCDQXgpWeZWp17cgTmw6mpbF0xM=
github.com/google/go-containerregistry v0.8.1-0.20220214202839-625fe7b4276a/go.mod h1:cwx3SjrH84Rh9VFJSIhPh43ovyOp3DCWgY3h8nWmdGQ=
github.com/google/go-github v17.0.0+incompatible h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY= github.com/google/go-github v17.0.0+incompatible h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY=
github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ=
github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv38lDZ8kPZcQVoM= github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv38lDZ8kPZcQVoM=

25
vendor/github.com/google/go-containerregistry/pkg/authn/keychain.go generated vendored
View File

@ -114,20 +114,27 @@ func (dk *defaultKeychain) Resolve(target Resource) (Authenticator, error) {
// See: // See:
// https://github.com/google/ko/issues/90 // https://github.com/google/ko/issues/90
// https://github.com/moby/moby/blob/fc01c2b481097a6057bec3cd1ab2d7b4488c50c4/registry/config.go#L397-L404 // https://github.com/moby/moby/blob/fc01c2b481097a6057bec3cd1ab2d7b4488c50c4/registry/config.go#L397-L404
key := target.RegistryStr() var cfg, empty types.AuthConfig
if key == name.DefaultRegistry { for _, key := range []string{
key = DefaultAuthKey target.String(),
} target.RegistryStr(),
} {
if key == name.DefaultRegistry {
key = DefaultAuthKey
}
cfg, err := cf.GetAuthConfig(key) cfg, err = cf.GetAuthConfig(key)
if err != nil { if err != nil {
return nil, err return nil, err
}
if cfg != empty {
break
}
} }
empty := types.AuthConfig{}
if cfg == empty { if cfg == empty {
return Anonymous, nil return Anonymous, nil
} }
return FromConfig(AuthConfig{ return FromConfig(AuthConfig{
Username: cfg.Username, Username: cfg.Username,
Password: cfg.Password, Password: cfg.Password,

3
vendor/github.com/google/go-containerregistry/pkg/v1/google/auth.go generated vendored
View File

@ -19,7 +19,6 @@ import (
"context" "context"
"encoding/json" "encoding/json"
"fmt" "fmt"
"os"
"os/exec" "os/exec"
"time" "time"
@ -155,7 +154,7 @@ func (gs gcloudSource) Token() (*oauth2.Token, error) {
cmd.Stdout = &out cmd.Stdout = &out
// Don't attempt to interpret stderr, just pass it through. // Don't attempt to interpret stderr, just pass it through.
cmd.Stderr = os.Stderr cmd.Stderr = logs.Warn.Writer()
if err := cmd.Run(); err != nil { if err := cmd.Run(); err != nil {
return nil, fmt.Errorf("error executing `gcloud config config-helper`: %w", err) return nil, fmt.Errorf("error executing `gcloud config config-helper`: %w", err)

31
vendor/github.com/google/go-containerregistry/pkg/v1/google/keychain.go generated vendored
View File

@ -15,11 +15,11 @@
package google package google
import ( import (
"fmt"
"strings" "strings"
"sync" "sync"
"github.com/google/go-containerregistry/pkg/authn" "github.com/google/go-containerregistry/pkg/authn"
"github.com/google/go-containerregistry/pkg/logs"
) )
// Keychain exports an instance of the google Keychain. // Keychain exports an instance of the google Keychain.
@ -28,7 +28,6 @@ var Keychain authn.Keychain = &googleKeychain{}
type googleKeychain struct { type googleKeychain struct {
once sync.Once once sync.Once
auth authn.Authenticator auth authn.Authenticator
err error
} }
// Resolve implements authn.Keychain a la docker-credential-gcr. // Resolve implements authn.Keychain a la docker-credential-gcr.
@ -55,27 +54,37 @@ type googleKeychain struct {
func (gk *googleKeychain) Resolve(target authn.Resource) (authn.Authenticator, error) { func (gk *googleKeychain) Resolve(target authn.Resource) (authn.Authenticator, error) {
// Only authenticate GCR and AR so it works with authn.NewMultiKeychain to fallback. // Only authenticate GCR and AR so it works with authn.NewMultiKeychain to fallback.
host := target.RegistryStr() host := target.RegistryStr()
if host != "gcr.io" && !strings.HasSuffix(host, ".gcr.io") && !strings.HasSuffix(host, ".pkg.dev") && !strings.HasSuffix(host, ".google.com") { if host != "gcr.io" &&
!strings.HasSuffix(host, ".gcr.io") &&
!strings.HasSuffix(host, ".pkg.dev") &&
!strings.HasSuffix(host, ".google.com") {
return authn.Anonymous, nil return authn.Anonymous, nil
} }
gk.once.Do(func() { gk.once.Do(func() {
gk.auth, gk.err = resolve() gk.auth = resolve()
}) })
return gk.auth, gk.err return gk.auth, nil
} }
func resolve() (authn.Authenticator, error) { func resolve() authn.Authenticator {
auth, envErr := NewEnvAuthenticator() auth, envErr := NewEnvAuthenticator()
if envErr == nil { if envErr == nil && auth != authn.Anonymous {
return auth, nil return auth
} }
auth, gErr := NewGcloudAuthenticator() auth, gErr := NewGcloudAuthenticator()
if gErr == nil { if gErr == nil && auth != authn.Anonymous {
return auth, nil return auth
} }
return nil, fmt.Errorf("failed to create token source from env: %v or gcloud: %v", envErr, gErr) //nolint: errorlint logs.Debug.Println("Failed to get any Google credentials, falling back to Anonymous")
if envErr != nil {
logs.Debug.Printf("Google env error: %v", envErr)
}
if gErr != nil {
logs.Debug.Printf("gcloud error: %v", gErr)
}
return authn.Anonymous
} }

30
vendor/github.com/google/go-containerregistry/pkg/v1/tarball/layer.go generated vendored
View File

@ -17,6 +17,7 @@ package tarball
import ( import (
"bytes" "bytes"
"compress/gzip" "compress/gzip"
"fmt"
"io" "io"
"io/ioutil" "io/ioutil"
"os" "os"
@ -39,6 +40,7 @@ type layer struct {
compression int compression int
annotations map[string]string annotations map[string]string
estgzopts []estargz.Option estgzopts []estargz.Option
mediaType types.MediaType
} }
// Descriptor implements partial.withDescriptor. // Descriptor implements partial.withDescriptor.
@ -51,7 +53,7 @@ func (l *layer) Descriptor() (*v1.Descriptor, error) {
Size: l.size, Size: l.size,
Digest: digest, Digest: digest,
Annotations: l.annotations, Annotations: l.annotations,
MediaType: types.DockerLayer, MediaType: l.mediaType,
}, nil }, nil
} }
@ -82,7 +84,7 @@ func (l *layer) Size() (int64, error) {
// MediaType implements v1.Layer // MediaType implements v1.Layer
func (l *layer) MediaType() (types.MediaType, error) { func (l *layer) MediaType() (types.MediaType, error) {
return types.DockerLayer, nil return l.mediaType, nil
} }
// LayerOption applies options to layer // LayerOption applies options to layer
@ -96,6 +98,13 @@ func WithCompressionLevel(level int) LayerOption {
} }
} }
// WithMediaType is a functional option for overriding the layer's media type.
func WithMediaType(mt types.MediaType) LayerOption {
return func(l *layer) {
l.mediaType = mt
}
}
// WithCompressedCaching is a functional option that overrides the // WithCompressedCaching is a functional option that overrides the
// logic for accessing the compressed bytes to memoize the result // logic for accessing the compressed bytes to memoize the result
// and avoid expensive repeated gzips. // and avoid expensive repeated gzips.
@ -204,6 +213,7 @@ func LayerFromOpener(opener Opener, opts ...LayerOption) (v1.Layer, error) {
layer := &layer{ layer := &layer{
compression: gzip.BestSpeed, compression: gzip.BestSpeed,
annotations: make(map[string]string, 1), annotations: make(map[string]string, 1),
mediaType: types.DockerLayer,
} }
if estgz := os.Getenv("GGCR_EXPERIMENT_ESTARGZ"); estgz == "1" { if estgz := os.Getenv("GGCR_EXPERIMENT_ESTARGZ"); estgz == "1" {
@ -249,15 +259,19 @@ func LayerFromOpener(opener Opener, opts ...LayerOption) (v1.Layer, error) {
} }
// LayerFromReader returns a v1.Layer given a io.Reader. // LayerFromReader returns a v1.Layer given a io.Reader.
//
// The reader's contents are read and buffered to a temp file in the process.
//
// Deprecated: Use LayerFromOpener or stream.NewLayer instead, if possible.
func LayerFromReader(reader io.Reader, opts ...LayerOption) (v1.Layer, error) { func LayerFromReader(reader io.Reader, opts ...LayerOption) (v1.Layer, error) {
// Buffering due to Opener requiring multiple calls. tmp, err := ioutil.TempFile("", "")
a, err := ioutil.ReadAll(reader)
if err != nil { if err != nil {
return nil, err return nil, fmt.Errorf("creating temp file to buffer reader: %w", err)
} }
return LayerFromOpener(func() (io.ReadCloser, error) { if _, err := io.Copy(tmp, reader); err != nil {
return ioutil.NopCloser(bytes.NewReader(a)), nil return nil, fmt.Errorf("writing temp file to buffer reader: %w", err)
}, opts...) }
return LayerFromFile(tmp.Name(), opts...)
} }
func computeDigest(opener Opener) (v1.Hash, int64, error) { func computeDigest(opener Opener) (v1.Hash, int64, error) {

2
vendor/modules.txt vendored
View File

@ -538,7 +538,7 @@ github.com/google/go-cmp/cmp/internal/diff
github.com/google/go-cmp/cmp/internal/flags github.com/google/go-cmp/cmp/internal/flags
github.com/google/go-cmp/cmp/internal/function github.com/google/go-cmp/cmp/internal/function
github.com/google/go-cmp/cmp/internal/value github.com/google/go-cmp/cmp/internal/value
# github.com/google/go-containerregistry v0.8.1-0.20220128225446-c63684ed5f15 # github.com/google/go-containerregistry v0.8.1-0.20220214202839-625fe7b4276a
## explicit; go 1.14 ## explicit; go 1.14
github.com/google/go-containerregistry/internal/and github.com/google/go-containerregistry/internal/and
github.com/google/go-containerregistry/internal/estargz github.com/google/go-containerregistry/internal/estargz