From 49309bfa4299c13d7b0fa190ebbc1fcef5c692d9 Mon Sep 17 00:00:00 2001 From: Shubham Agrawal Date: Wed, 20 Jan 2021 00:25:23 +0530 Subject: [PATCH] Make access key & secret optional in case of iam role usage on EKS cluster --- cmd/kaniko-ecr/main.go | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/cmd/kaniko-ecr/main.go b/cmd/kaniko-ecr/main.go index 3b2bc2f..89683e8 100644 --- a/cmd/kaniko-ecr/main.go +++ b/cmd/kaniko-ecr/main.go @@ -117,28 +117,25 @@ func run(c *cli.Context) error { } func setupECRAuth(accessKey, secretKey, registry string) error { - if accessKey == "" { - return fmt.Errorf("Access key must be specified") - } - if secretKey == "" { - return fmt.Errorf("Secret key must be specified") - } if registry == "" { return fmt.Errorf("Registry must be specified") } - err := os.Setenv(accessKeyEnv, accessKey) - if err != nil { - return errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", accessKeyEnv)) - } + // If IAM role is used, access key & secret key are not required + if accessKey != "" && secretKey != "" { + err := os.Setenv(accessKeyEnv, accessKey) + if err != nil { + return errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", accessKeyEnv)) + } - err = os.Setenv(secretKeyEnv, secretKey) - if err != nil { - return errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", secretKeyEnv)) + err = os.Setenv(secretKeyEnv, secretKey) + if err != nil { + return errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", secretKeyEnv)) + } } jsonBytes := []byte(fmt.Sprintf(`{"credStore": "ecr-login", "credHelpers": {"%s": "ecr-login"}}`, registry)) - err = ioutil.WriteFile(dockerConfigPath, jsonBytes, 0644) + err := ioutil.WriteFile(dockerConfigPath, jsonBytes, 0644) if err != nil { return errors.Wrap(err, "failed to create docker config file") }