fix cert issue in acr images

2022-08-03 12:50:10 +05:30 · 2022-08-03 12:50:10 +05:30 · d0df077e6e
commit d0df077e6e
parent d96c3d05e8
2 changed files with 31 additions and 5 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,3 +2,4 @@ release
 coverage.out
 vendor
 .idea
+.vscode/launch.json
--- a/cmd/kaniko-acr/main.go
+++ b/cmd/kaniko-acr/main.go
@ -2,6 +2,7 @@ package main

 import (
 	"context"
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@ -267,6 +268,7 @@ func createDockerConfig(tenantId, clientId, cert,
 		return nil
 	}

+	fmt.Printf("tenantId %s clientId %s cert %s", tenantId, clientId, cert)
 	// case of client secret or cert based auth
 	if clientId != "" {
 		// only setup auth when pushing or credentials are defined
@ -275,6 +277,7 @@ func createDockerConfig(tenantId, clientId, cert,
 		if err != nil {
 			return errors.Wrap(err, "failed to fetch ACR Token")
 		}
+		fmt.Printf("token %s err %s", token, err)
 		err = docker.CreateDockerCfgFile(username, token, registry, dockerConfigPath)
 		if err != nil {
 			return errors.Wrap(err, "failed to create docker config")
@ -308,15 +311,27 @@ func getACRToken(tenantId, clientId, clientSecret, cert, registry string) (strin
 	}

 	// TODO check for presence of file as well.
-	os.Setenv(clientIdEnv, clientId)
-	os.Setenv(clientSecretKeyEnv, clientSecret)
-	os.Setenv(tenantKeyEnv, tenantId)
+	err := os.Setenv(clientIdEnv, clientId)
+	if err != nil {
+		errors.Wrap(err, "failed to set env variable client Id")
+	}
+	err = os.Setenv(clientSecretKeyEnv, clientSecret)
+	if err != nil {
+		errors.Wrap(err, "failed to set env variable client secret")
+	}
+	err = os.Setenv(tenantKeyEnv, tenantId)
+	if err != nil {
+		errors.Wrap(err, "failed to set env variable tenant Id")
+	}
 	os.Setenv(certPathEnv, ACRCertPath)
+	if err != nil {
+		errors.Wrap(err, "failed to set env variable cert path")
+	}
+
 	env, err := azidentity.NewEnvironmentCredential(nil)
 	if err != nil {
 		return "", errors.Wrap(err, "failed to get env credentials from azure")
 	}
-
 	policy := policy.TokenRequestOptions{
 		Scopes: []string{"https://management.azure.com/.default"},
 	}
@ -330,14 +345,17 @@ func getACRToken(tenantId, clientId, clientSecret, cert, registry string) (strin
 		return "", errors.Wrap(err, "failed to fetch access token")
 	}

+	fmt.Printf("azToken %s\n", azToken)
 	ACRToken, err := fetchACRToken(tenantId, azToken.Token, registry)
 	if err != nil {
 		return "", errors.Wrap(err, "failed to fetch ACR token")
 	}
+	fmt.Printf("ACRTokrn %s\n", ACRToken)
 	return ACRToken, nil
 }

 func fetchACRToken(tenantId, token, registry string) (string, error) {
+	fmt.Printf("tenant token %s %s\n", tenantId, token)
 	formData := url.Values{
 		"grant_type":   {"access_token"},
 		"service":      {registry},
@ -348,12 +366,14 @@ func fetchACRToken(tenantId, token, registry string) (string, error) {
 	if err != nil {
 		return "", errors.Wrap(err, "failed to fetch ACR token")
 	}
+	fmt.Printf("Json Response %s %s\n", jsonResponse.Status, jsonResponse.Body)
 	var response map[string]interface{}
 	err = json.NewDecoder(jsonResponse.Body).Decode(&response)
 	if err != nil {
 		return "", errors.Wrap(err, "failed to decode oauth exchange response")
 	}

+	fmt.Printf("Json Response %s %s\n", response, jsonResponse.Body)
 	if x, found := response["refresh_token"]; found {
 		s, ok := x.(string)
 		if !ok {
@ -368,7 +388,12 @@ func fetchACRToken(tenantId, token, registry string) (string, error) {
 }

 func setupACRCert(cert string) error {
-	err := ioutil.WriteFile(ACRCertPath, []byte(cert), 0644)
+	decoded, err := base64.StdEncoding.DecodeString(cert)
+	if err != nil {
+		return err
+	}
+	fmt.Printf("writing file %s %s", ACRCertPath, decoded)
+	err = ioutil.WriteFile(ACRCertPath, []byte(decoded), 0644)
 	if err != nil {
 		return errors.Wrap(err, "failed to write ACR certificate")
 	}