github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-30 15:05:27 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #87509 from Gridasov/ar-hosts

Browse Source 
Whitelisting *.pkg.dev for the GCP credential provider
This commit is contained in:
Kubernetes Prow Robot 2020-01-24 19:21:38 -08:00 committed by GitHub
commit 4af73508f5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 76 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/credentialprovider/gcp/metadata.go
View File

@ -50,7 +50,7 @@ var gceProductNameFile = "/sys/class/dmi/id/product_name"
// For these urls, the parts of the host name can be glob, for example '*.gcr.io" will match // For these urls, the parts of the host name can be glob, for example '*.gcr.io" will match
// "foo.gcr.io" and "bar.gcr.io". // "foo.gcr.io" and "bar.gcr.io".
var containerRegistryUrls = []string{"container.cloud.google.com", "gcr.io", "*.gcr.io"} var containerRegistryUrls = []string{"container.cloud.google.com", "gcr.io", "*.gcr.io", "*.pkg.dev"}
var metadataHeader = &http.Header{ var metadataHeader = &http.Header{
"Metadata-Flavor": []string{"Google"}, "Metadata-Flavor": []string{"Google"},

6
pkg/credentialprovider/gcp/metadata_test.go
View File

@ -193,7 +193,9 @@ func TestDockerKeyringFromGoogleDockerConfigMetadataUrl(t *testing.T) {
} }
func TestContainerRegistryBasics(t *testing.T) { func TestContainerRegistryBasics(t *testing.T) {
registryURL := "container.cloud.google.com" registryURLs := []string{"container.cloud.google.com", "eu.gcr.io", "us-west2-docker.pkg.dev"}
for _, registryURL := range registryURLs {
t.Run(registryURL, func(t *testing.T) {
email := "1234@project.gserviceaccount.com" email := "1234@project.gserviceaccount.com"
token := &tokenBlob{AccessToken: "ya26.lots-of-indiscernible-garbage"} token := &tokenBlob{AccessToken: "ya26.lots-of-indiscernible-garbage"}
@ -274,6 +276,8 @@ func TestContainerRegistryBasics(t *testing.T) {
if email != val.Email { if email != val.Email {
t.Errorf("Unexpected email value, want: %s, got: %s", email, val.Email) t.Errorf("Unexpected email value, want: %s, got: %s", email, val.Email)
} }
})
}
} }
func TestContainerRegistryNoServiceAccount(t *testing.T) { func TestContainerRegistryNoServiceAccount(t *testing.T) {