fix docker-credential-gcr helper being called for multiple registries (#1439)

* fix multiple registryies docker-credential-gcr * Update pkg/executor/push.go
2020-09-30 16:43:16 -07:00 · 2020-09-30 16:43:16 -07:00 · 0c386e3f4a
parent f21435caee
commit 0c386e3f4a
3 changed files with 15 additions and 7 deletions
--- a/deploy/Dockerfile
+++ b/deploy/Dockerfile
@ -18,8 +18,8 @@ FROM golang:1.14
 ARG GOARCH=amd64
 WORKDIR /go/src/github.com/GoogleContainerTools/kaniko
 # Get GCR credential helper
-ADD https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v2.0.1/docker-credential-gcr_linux_amd64-2.0.1.tar.gz /usr/local/bin/
-RUN tar --no-same-owner -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-gcr_linux_amd64-2.0.1.tar.gz
+ADD https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v2.0.2/docker-credential-gcr_linux_amd64-2.0.2.tar.gz /usr/local/bin/
+RUN tar --no-same-owner -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-gcr_linux_amd64-2.0.2.tar.gz
 # Get Amazon ECR credential helper
 RUN go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login
 RUN make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper linux-amd64
--- a/deploy/Dockerfile_debug
+++ b/deploy/Dockerfile_debug
@ -19,8 +19,8 @@ FROM golang:1.14
 ARG GOARCH=amd64
 WORKDIR /go/src/github.com/GoogleContainerTools/kaniko
 # Get GCR credential helper
-ADD https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v2.0.1/docker-credential-gcr_linux_amd64-2.0.1.tar.gz /usr/local/bin/
-RUN tar --no-same-owner -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-gcr_linux_amd64-2.0.1.tar.gz
+ADD https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v2.0.2/docker-credential-gcr_linux_amd64-2.0.2.tar.gz /usr/local/bin/
+RUN tar --no-same-owner -C /usr/local/bin/ -xvzf /usr/local/bin/docker-credential-gcr_linux_amd64-2.0.2.tar.gz
 # Get Amazon ECR credential helper
 RUN go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login
 RUN make -C /go/src/github.com/awslabs/amazon-ecr-credential-helper linux-amd64
--- a/pkg/executor/push.go
+++ b/pkg/executor/push.go
@ -17,6 +17,7 @@ limitations under the License.
 package executor

 import (
+	"bytes"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@ -96,6 +97,8 @@ func CheckPushPermissions(opts *config.KanikoOptions) error {
 	}

 	checked := map[string]bool{}
+	_, err := fs.Stat(DockerConfLocation())
+	dockerConfNotExists := os.IsNotExist(err)
 	for _, destination := range opts.Destinations {
 		destRef, err := name.NewTag(destination, name.WeakValidation)
 		if err != nil {
@ -112,11 +115,16 @@ func CheckPushPermissions(opts *config.KanikoOptions) error {
 		if registryName == "gcr.io" || strings.HasSuffix(registryName, ".gcr.io") || strings.HasSuffix(registryName, ".pkg.dev") {
 			// Checking for existence of docker.config as it's normally required for
 			// authenticated registries and prevent overwriting user provided docker conf
-			if _, err := fs.Stat(DockerConfLocation()); os.IsNotExist(err) {
+			if dockerConfNotExists {
 				flags := fmt.Sprintf("--registries=%s", registryName)
-				if err := execCommand("docker-credential-gcr", "configure-docker", flags).Run(); err != nil {
-					return errors.Wrap(err, "error while configuring docker-credential-gcr helper")
+				cmd := execCommand("docker-credential-gcr", "configure-docker", flags)
+				var out bytes.Buffer
+				cmd.Stderr = &out
+				if err := cmd.Run(); err != nil {
+					return errors.Wrap(err, fmt.Sprintf("error while configuring docker-credential-gcr helper: %s : %s", cmd.String(), out.String()))
 				}
+			} else {
+				logrus.Warnf("\nSkip running docker-credential-gcr as user provided docker configuration exists at %s", DockerConfLocation())
 			}
 		}
 		if opts.Insecure || opts.InsecureRegistries.Contains(registryName) {