wanderer/drone-kaniko
1
1
Fork 0
Code Issues 1 Pull Requests Projects Releases Activity

fix cert issue in acr images

Browse Source
This commit is contained in:
Aman Singh 2022-08-03 12:50:10 +05:30
parent d96c3d05e8
commit d0df077e6e
2 changed files with 31 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -2,3 +2,4 @@ release
coverage.out coverage.out
vendor vendor
.idea .idea
.vscode/launch.json

35
cmd/kaniko-acr/main.go
View File

@ -2,6 +2,7 @@ package main
import ( import (
"context" "context"
"encoding/base64"
"encoding/json" "encoding/json"
"fmt" "fmt"
"io/ioutil" "io/ioutil"
@ -267,6 +268,7 @@ func createDockerConfig(tenantId, clientId, cert,
return nil return nil
} }
fmt.Printf("tenantId %s clientId %s cert %s", tenantId, clientId, cert)
// case of client secret or cert based auth // case of client secret or cert based auth
if clientId != "" { if clientId != "" {
// only setup auth when pushing or credentials are defined // only setup auth when pushing or credentials are defined
@ -275,6 +277,7 @@ func createDockerConfig(tenantId, clientId, cert,
if err != nil { if err != nil {
return errors.Wrap(err, "failed to fetch ACR Token") return errors.Wrap(err, "failed to fetch ACR Token")
} }
fmt.Printf("token %s err %s", token, err)
err = docker.CreateDockerCfgFile(username, token, registry, dockerConfigPath) err = docker.CreateDockerCfgFile(username, token, registry, dockerConfigPath)
if err != nil { if err != nil {
return errors.Wrap(err, "failed to create docker config") return errors.Wrap(err, "failed to create docker config")
@ -308,15 +311,27 @@ func getACRToken(tenantId, clientId, clientSecret, cert, registry string) (strin
} }
// TODO check for presence of file as well. // TODO check for presence of file as well.
os.Setenv(clientIdEnv, clientId) err := os.Setenv(clientIdEnv, clientId)
os.Setenv(clientSecretKeyEnv, clientSecret) if err != nil {
os.Setenv(tenantKeyEnv, tenantId) errors.Wrap(err, "failed to set env variable client Id")
}
err = os.Setenv(clientSecretKeyEnv, clientSecret)
if err != nil {
errors.Wrap(err, "failed to set env variable client secret")
}
err = os.Setenv(tenantKeyEnv, tenantId)
if err != nil {
errors.Wrap(err, "failed to set env variable tenant Id")
}
os.Setenv(certPathEnv, ACRCertPath) os.Setenv(certPathEnv, ACRCertPath)
if err != nil {
errors.Wrap(err, "failed to set env variable cert path")
}
env, err := azidentity.NewEnvironmentCredential(nil) env, err := azidentity.NewEnvironmentCredential(nil)
if err != nil { if err != nil {
return "", errors.Wrap(err, "failed to get env credentials from azure") return "", errors.Wrap(err, "failed to get env credentials from azure")
} }
policy := policy.TokenRequestOptions{ policy := policy.TokenRequestOptions{
Scopes: []string{"https://management.azure.com/.default"}, Scopes: []string{"https://management.azure.com/.default"},
} }
@ -330,14 +345,17 @@ func getACRToken(tenantId, clientId, clientSecret, cert, registry string) (strin
return "", errors.Wrap(err, "failed to fetch access token") return "", errors.Wrap(err, "failed to fetch access token")
} }
fmt.Printf("azToken %s\n", azToken)
ACRToken, err := fetchACRToken(tenantId, azToken.Token, registry) ACRToken, err := fetchACRToken(tenantId, azToken.Token, registry)
if err != nil { if err != nil {
return "", errors.Wrap(err, "failed to fetch ACR token") return "", errors.Wrap(err, "failed to fetch ACR token")
} }
fmt.Printf("ACRTokrn %s\n", ACRToken)
return ACRToken, nil return ACRToken, nil
} }
func fetchACRToken(tenantId, token, registry string) (string, error) { func fetchACRToken(tenantId, token, registry string) (string, error) {
fmt.Printf("tenant token %s %s\n", tenantId, token)
formData := url.Values{ formData := url.Values{
"grant_type": {"access_token"}, "grant_type": {"access_token"},
"service": {registry}, "service": {registry},
@ -348,12 +366,14 @@ func fetchACRToken(tenantId, token, registry string) (string, error) {
if err != nil { if err != nil {
return "", errors.Wrap(err, "failed to fetch ACR token") return "", errors.Wrap(err, "failed to fetch ACR token")
} }
fmt.Printf("Json Response %s %s\n", jsonResponse.Status, jsonResponse.Body)
var response map[string]interface{} var response map[string]interface{}
err = json.NewDecoder(jsonResponse.Body).Decode(&response) err = json.NewDecoder(jsonResponse.Body).Decode(&response)
if err != nil { if err != nil {
return "", errors.Wrap(err, "failed to decode oauth exchange response") return "", errors.Wrap(err, "failed to decode oauth exchange response")
} }
fmt.Printf("Json Response %s %s\n", response, jsonResponse.Body)
if x, found := response["refresh_token"]; found { if x, found := response["refresh_token"]; found {
s, ok := x.(string) s, ok := x.(string)
if !ok { if !ok {
@ -368,7 +388,12 @@ func fetchACRToken(tenantId, token, registry string) (string, error) {
} }
func setupACRCert(cert string) error { func setupACRCert(cert string) error {
err := ioutil.WriteFile(ACRCertPath, []byte(cert), 0644) decoded, err := base64.StdEncoding.DecodeString(cert)
if err != nil {
return err
}
fmt.Printf("writing file %s %s", ACRCertPath, decoded)
err = ioutil.WriteFile(ACRCertPath, []byte(decoded), 0644)
if err != nil { if err != nil {
return errors.Wrap(err, "failed to write ACR certificate") return errors.Wrap(err, "failed to write ACR certificate")
} }