Revert "Run docker_credentials_gcr in warmer (GoogleContainerTools#1780…

…)"

This reverts commit cf4822c.

cmd/warmer/cmd/root.go

@@ -19,13 +19,11 @@ package cmd
 import (
 	"fmt"
 	"os"
-	"strings"
 	"time"
 
 	"github.com/GoogleContainerTools/kaniko/pkg/cache"
 	"github.com/GoogleContainerTools/kaniko/pkg/config"
 	"github.com/GoogleContainerTools/kaniko/pkg/logging"
-	"github.com/GoogleContainerTools/kaniko/pkg/util"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
@@ -65,24 +63,9 @@ var RootCmd = &cobra.Command{
 				exit(errors.Wrap(err, "Failed to create cache directory"))
 			}
 		}
-		isGCR := false
-		for _, image := range opts.Images {
-			if strings.Contains(image, "gcr.io") || strings.Contains(image, ".pkg.dev") {
-				isGCR = true
-				break
-			}
-		}
-		// Historically kaniko was pre-configured by default with gcr credential helper,
-		// in here we keep the backwards compatibility by enabling the GCR helper only
-		// when gcr.io (or pkg.dev) is in one of the destinations.
-		if isGCR {
-			util.ConfigureGCR("")
-		}
-
 		if err := cache.WarmCache(opts); err != nil {
 			exit(errors.Wrap(err, "Failed warming cache"))
 		}
-
 	},
 }
 

deploy/Dockerfile

@@ -61,5 +61,6 @@ ENV SSL_CERT_DIR=/kaniko/ssl/certs
 ENV DOCKER_CONFIG /kaniko/.docker/
 ENV DOCKER_CREDENTIAL_GCR_CONFIG /kaniko/.config/gcloud/docker_credential_gcr_config.json
 WORKDIR /workspace
+RUN ["/kaniko/docker-credential-gcr", "config", "--token-source=env"]
 
 ENTRYPOINT ["/kaniko/executor"]

deploy/Dockerfile_debug

@@ -54,6 +54,7 @@ COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr
 COPY --from=0 /usr/local/bin/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
 COPY --from=0 /usr/local/bin/docker-credential-acr-env /kaniko/docker-credential-acr
 COPY --from=busybox:1.32.0 /bin /busybox
+
 # Declare /busybox as a volume to get it automatically in the path to ignore
 VOLUME /busybox
 
@@ -67,6 +68,7 @@ ENV SSL_CERT_DIR=/kaniko/ssl/certs
 ENV DOCKER_CONFIG /kaniko/.docker/
 ENV DOCKER_CREDENTIAL_GCR_CONFIG /kaniko/.config/gcloud/docker_credential_gcr_config.json
 WORKDIR /workspace
+RUN ["/kaniko/docker-credential-gcr", "config", "--token-source=env"]
 RUN ["/busybox/mkdir", "-p", "/bin"]
 RUN ["/busybox/ln", "-s", "/busybox/sh", "/bin/sh"]
 ENTRYPOINT ["/kaniko/executor"]

deploy/Dockerfile_warmer

@@ -61,4 +61,5 @@ ENV SSL_CERT_DIR=/kaniko/ssl/certs
 ENV DOCKER_CONFIG /kaniko/.docker/
 ENV DOCKER_CREDENTIAL_GCR_CONFIG /kaniko/.config/gcloud/docker_credential_gcr_config.json
 WORKDIR /workspace
+RUN ["/kaniko/docker-credential-gcr", "config", "--token-source=env"]
 ENTRYPOINT ["/kaniko/warmer"]

hack/boilerplate/boilerplate.py

@@ -147,7 +147,7 @@ def get_regexs():
     # Search for "YEAR" which exists in the boilerplate, but shouldn't in the real thing
     regexs["year"] = re.compile( 'YEAR' )
     # dates can be 2018, 2019, 2020 company holder names can be anything
-    regexs["date"] = re.compile( '(2018|2019|2020|2021)' )
+    regexs["date"] = re.compile( '(2018|2019|2020)' )
     # strip // go:build \n\n build constraints
     regexs["go_build_constraints_go"] = re.compile(r"^(//go\:build.*)+\n", re.MULTILINE)
     # strip // +build \n\n build constraints

pkg/executor/push.go

@@ -17,11 +17,13 @@ limitations under the License.
 package executor
 
 import (
+	"bytes"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"os"
+	"os/exec"
 	"path/filepath"
 	"strings"
 	"time"
@@ -59,6 +61,28 @@ const (
 	UpstreamClientUaKey = "UPSTREAM_CLIENT_TYPE"
 )
 
+// DockerConfLocation returns the file system location of the Docker
+// configuration file under the directory set in the DOCKER_CONFIG environment
+// variable.  If that variable is not set, it returns the OS-equivalent of
+// "/kaniko/.docker/config.json".
+func DockerConfLocation() string {
+	configFile := "config.json"
+	if dockerConfig := os.Getenv("DOCKER_CONFIG"); dockerConfig != "" {
+		file, err := os.Stat(dockerConfig)
+		if err == nil {
+			if file.IsDir() {
+				return filepath.Join(dockerConfig, configFile)
+			}
+		} else {
+			if os.IsNotExist(err) {
+				return string(os.PathSeparator) + filepath.Join("kaniko", ".docker", configFile)
+			}
+		}
+		return filepath.Clean(dockerConfig)
+	}
+	return string(os.PathSeparator) + filepath.Join("kaniko", ".docker", configFile)
+}
+
 func (w *withUserAgent) RoundTrip(r *http.Request) (*http.Response, error) {
 	ua := []string{fmt.Sprintf("kaniko/%s", version.Version())}
 	if upstream := os.Getenv(UpstreamClientUaKey); upstream != "" {
@@ -71,6 +95,7 @@ func (w *withUserAgent) RoundTrip(r *http.Request) (*http.Response, error) {
 // for testing
 var (
 	fs                        = afero.NewOsFs()
+	execCommand               = exec.Command
 	checkRemotePushPermission = remote.CheckPushPermission
 )
 
@@ -85,6 +110,8 @@ func CheckPushPermissions(opts *config.KanikoOptions) error {
 	}
 
 	checked := map[string]bool{}
+	_, err := fs.Stat(DockerConfLocation())
+	dockerConfNotExists := os.IsNotExist(err)
 	for _, destination := range targets {
 		destRef, err := name.NewTag(destination, name.WeakValidation)
 		if err != nil {
@@ -99,8 +126,18 @@ func CheckPushPermissions(opts *config.KanikoOptions) error {
 		// in here we keep the backwards compatibility by enabling the GCR helper only
 		// when gcr.io (or pkg.dev) is in one of the destinations.
 		if registryName == "gcr.io" || strings.HasSuffix(registryName, ".gcr.io") || strings.HasSuffix(registryName, ".pkg.dev") {
-			if err := util.ConfigureGCR(fmt.Sprintf("--registries=%s", registryName)); err != nil {
-				return err
+			// Checking for existence of docker.config as it's normally required for
+			// authenticated registries and prevent overwriting user provided docker conf
+			if dockerConfNotExists {
+				flags := fmt.Sprintf("--registries=%s", registryName)
+				cmd := execCommand("docker-credential-gcr", "configure-docker", flags)
+				var out bytes.Buffer
+				cmd.Stderr = &out
+				if err := cmd.Run(); err != nil {
+					return errors.Wrap(err, fmt.Sprintf("error while configuring docker-credential-gcr helper: %s : %s", cmd.String(), out.String()))
+				}
+			} else {
+				logrus.Warnf("\nSkip running docker-credential-gcr as user provided docker configuration exists at %s", DockerConfLocation())
 			}
 		}
 		if opts.Insecure || opts.InsecureRegistries.Contains(registryName) {

pkg/executor/push_test.go

@@ -22,11 +22,11 @@ import (
 	"io/ioutil"
 	"net/http"
 	"os"
+	"os/exec"
 	"path/filepath"
 	"testing"
 
 	"github.com/GoogleContainerTools/kaniko/pkg/config"
-	"github.com/GoogleContainerTools/kaniko/pkg/util"
 	"github.com/GoogleContainerTools/kaniko/testutil"
 	"github.com/google/go-containerregistry/pkg/authn"
 	"github.com/google/go-containerregistry/pkg/name"
@@ -36,6 +36,11 @@ import (
 	"github.com/spf13/afero"
 )
 
+const (
+	DefaultKanikoDockerConfigJSON = "/kaniko/.docker/config.json"
+	DockerConfigEnvKey            = "DOCKER_CONFIG"
+)
+
 func mustTag(t *testing.T, s string) name.Tag {
 	tag, err := name.NewTag(s, name.StrictValidation)
 	if err != nil {
@@ -44,6 +49,107 @@ func mustTag(t *testing.T, s string) name.Tag {
 	return tag
 }
 
+func TestDockerConfLocationWithFileLocation(t *testing.T) {
+	originalDockerConfig := os.Getenv(DockerConfigEnvKey)
+	if err := os.Unsetenv(DockerConfigEnvKey); err != nil {
+		t.Fatalf("Failed to unset DOCKER_CONFIG: %v", err)
+	}
+	file, err := ioutil.TempFile("", "docker.conf")
+	if err != nil {
+		t.Fatalf("could not create temp file: %s", err)
+	}
+	defer os.Remove(file.Name())
+	if err := os.Setenv(DockerConfigEnvKey, file.Name()); err != nil {
+		t.Fatalf("Failed to unset DOCKER_CONFIG: %v", err)
+	}
+	unset := DockerConfLocation()
+	unsetExpected := file.Name()
+	if unset != unsetExpected {
+		t.Errorf("Unexpected default Docker configuration file location: expected:'%s' got:'%s'", unsetExpected, unset)
+	}
+	restoreOriginalDockerConfigEnv(t, originalDockerConfig)
+}
+
+func TestDockerConfLocationWithInvalidFileLocation(t *testing.T) {
+	originalDockerConfig := os.Getenv(DockerConfigEnvKey)
+	if err := os.Unsetenv(DockerConfigEnvKey); err != nil {
+		t.Fatalf("Failed to unset DOCKER_CONFIG: %v", err)
+	}
+	tmpDir, err := ioutil.TempDir("", "*")
+	if err != nil {
+		t.Fatalf("could not create temp dir: %s", err)
+	}
+	defer os.RemoveAll(tmpDir)
+	random := "fdgdsfrdfgdf-fdfsf-24dsgfd" //replace with a really random string
+	file := filepath.Join(tmpDir, random)  // an random file name, shouldn't exist
+	if err := os.Setenv(DockerConfigEnvKey, file); err != nil {
+		t.Fatalf("Failed to unset DOCKER_CONFIG: %v", err)
+	}
+	unset := DockerConfLocation()
+	// as file doesn't point to a real file,  DockerConfLocation() should return the default kaniko path for config.json
+	unsetExpected := DefaultKanikoDockerConfigJSON
+	if unset != unsetExpected {
+		t.Errorf("Unexpected default Docker configuration file location: expected:'%s' got:'%s'", unsetExpected, unset)
+	}
+	restoreOriginalDockerConfigEnv(t, originalDockerConfig)
+}
+
+func TestDockerConfLocation(t *testing.T) {
+	originalDockerConfig := os.Getenv(DockerConfigEnvKey)
+
+	if err := os.Unsetenv(DockerConfigEnvKey); err != nil {
+		t.Fatalf("Failed to unset DOCKER_CONFIG: %v", err)
+	}
+	unset := DockerConfLocation()
+	unsetExpected := DefaultKanikoDockerConfigJSON // will fail on Windows
+	if unset != unsetExpected {
+		t.Errorf("Unexpected default Docker configuration file location: expected:'%s' got:'%s'", unsetExpected, unset)
+	}
+	tmpDir, err := ioutil.TempDir("", "*")
+	if err != nil {
+		t.Fatalf("could not create temp dir: %s", err)
+	}
+	defer os.RemoveAll(tmpDir)
+
+	dir := filepath.Join(tmpDir, "/kaniko/.docker")
+	os.MkdirAll(dir, os.ModePerm)
+	if err := os.Setenv(DockerConfigEnvKey, dir); err != nil {
+		t.Fatalf("Failed to set DOCKER_CONFIG: %v", err)
+	}
+	kanikoDefault := DockerConfLocation()
+	kanikoDefaultExpected := filepath.Join(tmpDir, DefaultKanikoDockerConfigJSON) // will fail on Windows
+	if kanikoDefault != kanikoDefaultExpected {
+		t.Errorf("Unexpected kaniko default Docker conf file location: expected:'%s' got:'%s'", kanikoDefaultExpected, kanikoDefault)
+	}
+
+	differentPath, err := ioutil.TempDir("", "differentPath")
+	if err != nil {
+		t.Fatalf("could not create temp dir: %s", err)
+	}
+	defer os.RemoveAll(differentPath)
+	if err := os.Setenv(DockerConfigEnvKey, differentPath); err != nil {
+		t.Fatalf("Failed to set DOCKER_CONFIG: %v", err)
+	}
+	set := DockerConfLocation()
+	setExpected := filepath.Join(differentPath, "config.json") // will fail on Windows ?
+	if set != setExpected {
+		t.Errorf("Unexpected DOCKER_CONF-based file location: expected:'%s' got:'%s'", setExpected, set)
+	}
+	restoreOriginalDockerConfigEnv(t, originalDockerConfig)
+}
+
+func restoreOriginalDockerConfigEnv(t *testing.T, originalDockerConfig string) {
+	if originalDockerConfig != "" {
+		if err := os.Setenv(DockerConfigEnvKey, originalDockerConfig); err != nil {
+			t.Fatalf("Failed to set DOCKER_CONFIG back to original value '%s': %v", originalDockerConfig, err)
+		}
+	} else {
+		if err := os.Unsetenv(DockerConfigEnvKey); err != nil {
+			t.Fatalf("Failed to unset DOCKER_CONFIG after testing: %v", err)
+		}
+	}
+}
+
 func TestWriteImageOutputs(t *testing.T) {
 	img, err := random.Image(1024, 3)
 	if err != nil {
@@ -264,6 +370,15 @@ func setCalledFalse() {
 	calledCheckPushPermission = false
 }
 
+func fakeExecCommand(command string, args ...string) *exec.Cmd {
+	calledExecCommand = append(calledExecCommand, true)
+	cs := []string{"-test.run=TestHelperProcess", "--", command}
+	cs = append(cs, args...)
+	cmd := exec.Command(os.Args[0], cs...)
+	cmd.Env = []string{"GO_WANT_HELPER_PROCESS=1"}
+	return cmd
+}
+
 func fakeCheckPushPermission(ref name.Reference, kc authn.Keychain, t http.RoundTripper) error {
 	calledCheckPushPermission = true
 	return nil
@@ -306,6 +421,7 @@ func TestCheckPushPermissions(t *testing.T) {
 		},
 	}
 
+	execCommand = fakeExecCommand
 	checkRemotePushPermission = fakeCheckPushPermission
 	for _, test := range tests {
 		t.Run(test.description, func(t *testing.T) {
@@ -315,8 +431,8 @@ func TestCheckPushPermissions(t *testing.T) {
 				Destinations: test.Destination,
 			}
 			if test.ExistingConfig {
-				afero.WriteFile(fs, util.DockerConfLocation(), []byte(""), os.FileMode(0644))
-				defer fs.Remove(util.DockerConfLocation())
+				afero.WriteFile(fs, DockerConfLocation(), []byte(""), os.FileMode(0644))
+				defer fs.Remove(DockerConfLocation())
 			}
 			CheckPushPermissions(&opts)
 			for i, shdCall := range test.ShouldCallExecCommand {