public_git
/
kaniko
mirror of https://github.com/GoogleContainerTools/kaniko
1
0
Fork 0
Code Issues Releases Wiki Activity

Add pkg.dev to automagic config file population 

Kaniko currently does config file setup for GCR such that pushing to GCR
automagically works. This change does the same for pkg.dev:
https://cloud.google.com/artifact-registry

This also tightens up the hostname check to ensure we don't send
credentials to a registry that happens to contain "gcr.io".
This commit is contained in:
Jon Johnson 2020-06-23 10:45:33 -07:00
parent 82f5ec9612
commit c42881410c
2 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pkg/executor/push.go
View File

@ -105,19 +105,20 @@ func CheckPushPermissions(opts *config.KanikoOptions) error {
continue continue
} }
registryName := destRef.Repository.Registry.Name()
// Historically kaniko was pre-configured by default with gcr credential helper, // Historically kaniko was pre-configured by default with gcr credential helper,
// in here we keep the backwards compatibility by enabling the GCR helper only // in here we keep the backwards compatibility by enabling the GCR helper only
// when gcr.io is in one of the destinations. // when gcr.io (or pkg.dev) is in one of the destinations.
if strings.Contains(destRef.RegistryStr(), "gcr.io") { if registryName == "gcr.io" || strings.HasSuffix(registryName, ".gcr.io") || strings.HasSuffix(registryName, ".pkg.dev") {
// Checking for existence of docker.config as it's normally required for // Checking for existence of docker.config as it's normally required for
// authenticated registries and prevent overwriting user provided docker conf // authenticated registries and prevent overwriting user provided docker conf
if _, err := fs.Stat(DockerConfLocation()); os.IsNotExist(err) { if _, err := fs.Stat(DockerConfLocation()); os.IsNotExist(err) {
if err := execCommand("docker-credential-gcr", "configure-docker").Run(); err != nil { flags := fmt.Sprintf("--registries=%s", registryName)
if err := execCommand("docker-credential-gcr", "configure-docker", flags).Run(); err != nil {
return errors.Wrap(err, "error while configuring docker-credential-gcr helper") return errors.Wrap(err, "error while configuring docker-credential-gcr helper")
} }
} }
} }
registryName := destRef.Repository.Registry.Name()
if opts.Insecure || opts.InsecureRegistries.Contains(registryName) { if opts.Insecure || opts.InsecureRegistries.Contains(registryName) {
newReg, err := name.NewRegistry(registryName, name.WeakValidation, name.Insecure) newReg, err := name.NewRegistry(registryName, name.WeakValidation, name.Insecure)
if err != nil { if err != nil {

4
pkg/executor/push_test.go
View File

@ -299,8 +299,12 @@ func TestCheckPushPermissions(t *testing.T) {
}{ }{
{"gcr.io/test-image", true, false}, {"gcr.io/test-image", true, false},
{"gcr.io/test-image", false, true}, {"gcr.io/test-image", false, true},
{"us-docker.pkg.dev/test-image", true, false},
{"us-docker.pkg.dev/test-image", false, true},
{"localhost:5000/test-image", false, false}, {"localhost:5000/test-image", false, false},
{"localhost:5000/test-image", false, true}, {"localhost:5000/test-image", false, true},
{"notgcr.io/test-image", false, false},
{"notgcr.io/test-image", false, true},
} }
execCommand = fakeExecCommand execCommand = fakeExecCommand