diff --git a/pkg/publish/default.go b/pkg/publish/default.go index b0f58cc994..5742b4e5ae 100644 --- a/pkg/publish/default.go +++ b/pkg/publish/default.go @@ -40,8 +40,9 @@ type defalt struct { base string t http.RoundTripper userAgent string - auth authn.Authenticator namer Namer + auth authn.Authenticator + keychain authn.Keychain tags []string tagOnly bool insecure bool @@ -55,6 +56,7 @@ type defaultOpener struct { t http.RoundTripper userAgent string auth authn.Authenticator + keychain authn.Keychain namer Namer tags []string tagOnly bool @@ -67,8 +69,8 @@ type Namer func(string, string) string // identity is the default namer, so import paths are affixed as-is under the repository // name for maximum clarity, e.g. -// gcr.io/foo/github.com/bar/baz/cmd/blah -// ^--base--^ ^-------import path-------^ +// gcr.io/foo/github.com/bar/baz/cmd/blah +// ^--base--^ ^-------import path-------^ func identity(base, in string) string { return path.Join(base, in) } // As some registries do not support pushing an image by digest, the default tag for pushing @@ -90,6 +92,7 @@ func (do *defaultOpener) Open() (Interface, error) { t: do.t, userAgent: do.userAgent, auth: do.auth, + keychain: do.keychain, namer: do.namer, tags: do.tags, tagOnly: do.tagOnly, @@ -105,6 +108,7 @@ func NewDefault(base string, options ...Option) (Interface, error) { t: http.DefaultTransport, userAgent: "ko", auth: authn.Anonymous, + keychain: authn.DefaultKeychain, namer: identity, tags: defaultTags, } @@ -203,7 +207,7 @@ func (d *defalt) Publish(ctx context.Context, br build.Result, s string) (name.R // https://github.com/google/go-containerregistry/issues/212 s = strings.ToLower(s) - ro := []remote.Option{remote.WithAuth(d.auth), remote.WithTransport(d.t), remote.WithContext(ctx), remote.WithUserAgent(d.userAgent)} + ro := []remote.Option{remote.WithAuthFromKeychain(d.keychain), remote.WithTransport(d.t), remote.WithContext(ctx), remote.WithUserAgent(d.userAgent)} no := []name.Option{} if d.insecure { no = append(no, name.Insecure) diff --git a/pkg/publish/options.go b/pkg/publish/options.go index ead9fd4050..4959b04061 100644 --- a/pkg/publish/options.go +++ b/pkg/publish/options.go @@ -16,12 +16,8 @@ package publish import ( "crypto/tls" - "log" - "net/http" - "path" - "github.com/google/go-containerregistry/pkg/authn" - "github.com/google/go-containerregistry/pkg/name" + "net/http" ) // WithTransport is a functional option for overriding the default transport @@ -55,25 +51,7 @@ func WithAuth(auth authn.Authenticator) Option { // authenticator on a default publisher using an authn.Keychain func WithAuthFromKeychain(keys authn.Keychain) Option { return func(i *defaultOpener) error { - // We parse this lazily because it is a repository prefix, which - // means that docker.io/mattmoor actually gets interpreted as - // docker.io/library/mattmoor, which gets tricky when we start - // appending things to it in the publisher. - // - // We append a fake path "ko" to KO_DOCKER_REPO in order to - // make parsing out the registry easier. - repo, err := name.NewRepository(path.Join(i.base, "ko")) - if err != nil { - return err - } - auth, err := keys.Resolve(repo.Registry) - if err != nil { - return err - } - if auth == authn.Anonymous { - log.Println("No matching credentials were found, falling back on anonymous") - } - i.auth = auth + i.keychain = keys return nil } }