Merge pull request #8 from drone/ecr_iam

Make access key & secret optional in case of iam role usage on EKS cluster
2021-01-20 00:28:57 +05:30 · 2021-01-20 00:28:57 +05:30 · fa7726153d
commit fa7726153d
parent 428642719b 49309bfa42
1 changed files with 11 additions and 14 deletions
--- a/cmd/kaniko-ecr/main.go
+++ b/cmd/kaniko-ecr/main.go
@ -117,28 +117,25 @@ func run(c *cli.Context) error {
 }
 func setupECRAuth(accessKey, secretKey, registry string) error {
 	if accessKey == "" {
 		return fmt.Errorf("Access key must be specified")
 	}
 	if secretKey == "" {
 		return fmt.Errorf("Secret key must be specified")
 	}
 	if registry == "" {
 		return fmt.Errorf("Registry must be specified")
 	}
-	err := os.Setenv(accessKeyEnv, accessKey)
+	// If IAM role is used, access key & secret key are not required
-	if err != nil {
+	if accessKey != "" && secretKey != "" {
-		return errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", accessKeyEnv))
+		err := os.Setenv(accessKeyEnv, accessKey)
-	}
+		if err != nil {
 			return errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", accessKeyEnv))
 		}
-	err = os.Setenv(secretKeyEnv, secretKey)
+		err = os.Setenv(secretKeyEnv, secretKey)
-	if err != nil {
+		if err != nil {
-		return errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", secretKeyEnv))
+			return errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", secretKeyEnv))
 		}
 	}
 	jsonBytes := []byte(fmt.Sprintf(`{"credStore": "ecr-login", "credHelpers": {"%s": "ecr-login"}}`, registry))
-	err = ioutil.WriteFile(dockerConfigPath, jsonBytes, 0644)
+	err := ioutil.WriteFile(dockerConfigPath, jsonBytes, 0644)
 	if err != nil {
 		return errors.Wrap(err, "failed to create docker config file")
 	}