github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-10 12:32:03 +00:00
Code Issues Projects Releases Wiki Activity

Fix problem accessing private docker registries

Browse Source 
In 027c8b9ef2, we added code to
move from .dockercfg to config.json file. But we forgot to use
the right secret type and the key to store the base64'ed creds
This commit is contained in:
Davanum Srinivas 2017-12-20 12:05:36 -05:00
parent 51fbd6e637
commit 6738da1d28
3 changed files with 18 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
hack/make-rules/test-cmd-util.sh
View File

@ -2227,8 +2227,8 @@ run_secrets_test() {
kubectl create secret docker-registry test-secret --docker-username=test-user --docker-password=test-password --docker-email='test-user@test.com' --namespace=test-secrets kubectl create secret docker-registry test-secret --docker-username=test-user --docker-password=test-password --docker-email='test-user@test.com' --namespace=test-secrets
# Post-condition: secret exists and has expected values # Post-condition: secret exists and has expected values
kube::test::get_object_assert 'secret/test-secret --namespace=test-secrets' "{{$id_field}}" 'test-secret' kube::test::get_object_assert 'secret/test-secret --namespace=test-secrets' "{{$id_field}}" 'test-secret'
kube::test::get_object_assert 'secret/test-secret --namespace=test-secrets' "{{$secret_type}}" 'kubernetes.io/dockercfg' kube::test::get_object_assert 'secret/test-secret --namespace=test-secrets' "{{$secret_type}}" 'kubernetes.io/dockerconfigjson'
[[ "$(kubectl get secret/test-secret --namespace=test-secrets -o yaml "${kube_flags[@]}" | grep '.dockercfg:')" ]] [[ "$(kubectl get secret/test-secret --namespace=test-secrets -o yaml "${kube_flags[@]}" | grep '.dockerconfigjson:')" ]]
# Clean-up # Clean-up
kubectl delete secret test-secret --namespace=test-secrets kubectl delete secret test-secret --namespace=test-secrets

14
pkg/kubectl/secret_for_docker_registry.go
View File

@ -85,15 +85,15 @@ func (s SecretForDockerRegistryGeneratorV1) StructuredGenerate() (runtime.Object
if err := s.validate(); err != nil { if err := s.validate(); err != nil {
return nil, err return nil, err
} }
dockercfgContent, err := handleDockercfgContent(s.Username, s.Password, s.Email, s.Server) dockercfgJsonContent, err := handleDockerCfgJsonContent(s.Username, s.Password, s.Email, s.Server)
if err != nil { if err != nil {
return nil, err return nil, err
} }
secret := &v1.Secret{} secret := &v1.Secret{}
secret.Name = s.Name secret.Name = s.Name
secret.Type = v1.SecretTypeDockercfg secret.Type = v1.SecretTypeDockerConfigJson
secret.Data = map[string][]byte{} secret.Data = map[string][]byte{}
secret.Data[v1.DockerConfigKey] = dockercfgContent secret.Data[v1.DockerConfigJsonKey] = dockercfgJsonContent
if s.AppendHash { if s.AppendHash {
h, err := hash.SecretHash(secret) h, err := hash.SecretHash(secret)
if err != nil { if err != nil {
@ -133,17 +133,17 @@ func (s SecretForDockerRegistryGeneratorV1) validate() error {
return nil return nil
} }
// handleDockercfgContent serializes a dockercfg json file // handleDockerCfgJsonContent serializes a ~/.docker/config.json file
func handleDockercfgContent(username, password, email, server string) ([]byte, error) { func handleDockerCfgJsonContent(username, password, email, server string) ([]byte, error) {
dockercfgAuth := credentialprovider.DockerConfigEntry{ dockercfgAuth := credentialprovider.DockerConfigEntry{
Username: username, Username: username,
Password: password, Password: password,
Email: email, Email: email,
} }
dockerCfg := credentialprovider.DockerConfigJson{ dockerCfgJson := credentialprovider.DockerConfigJson{
Auths: map[string]credentialprovider.DockerConfigEntry{server: dockercfgAuth}, Auths: map[string]credentialprovider.DockerConfigEntry{server: dockercfgAuth},
} }
return json.Marshal(dockerCfg) return json.Marshal(dockerCfgJson)
} }

18
pkg/kubectl/secret_for_docker_registry_test.go
View File

@ -26,11 +26,11 @@ import (
func TestSecretForDockerRegistryGenerate(t *testing.T) { func TestSecretForDockerRegistryGenerate(t *testing.T) {
username, password, email, server := "test-user", "test-password", "test-user@example.org", "https://index.docker.io/v1/" username, password, email, server := "test-user", "test-password", "test-user@example.org", "https://index.docker.io/v1/"
secretData, err := handleDockercfgContent(username, password, email, server) secretData, err := handleDockerCfgJsonContent(username, password, email, server)
if err != nil { if err != nil {
t.Errorf("unexpected error: %v", err) t.Errorf("unexpected error: %v", err)
} }
secretDataNoEmail, err := handleDockercfgContent(username, password, "", server) secretDataNoEmail, err := handleDockerCfgJsonContent(username, password, "", server)
if err != nil { if err != nil {
t.Errorf("unexpected error: %v", err) t.Errorf("unexpected error: %v", err)
} }
@ -53,9 +53,9 @@ func TestSecretForDockerRegistryGenerate(t *testing.T) {
Name: "foo", Name: "foo",
}, },
Data: map[string][]byte{ Data: map[string][]byte{
v1.DockerConfigKey: secretData, v1.DockerConfigJsonKey: secretData,
}, },
Type: v1.SecretTypeDockercfg, Type: v1.SecretTypeDockerConfigJson,
}, },
expectErr: false, expectErr: false,
}, },
@ -70,12 +70,12 @@ func TestSecretForDockerRegistryGenerate(t *testing.T) {
}, },
expected: &v1.Secret{ expected: &v1.Secret{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: "foo-94759gc65b", Name: "foo-548cm7fgdh",
}, },
Data: map[string][]byte{ Data: map[string][]byte{
v1.DockerConfigKey: secretData, v1.DockerConfigJsonKey: secretData,
}, },
Type: v1.SecretTypeDockercfg, Type: v1.SecretTypeDockerConfigJson,
}, },
expectErr: false, expectErr: false,
}, },
@ -91,9 +91,9 @@ func TestSecretForDockerRegistryGenerate(t *testing.T) {
Name: "foo", Name: "foo",
}, },
Data: map[string][]byte{ Data: map[string][]byte{
v1.DockerConfigKey: secretDataNoEmail, v1.DockerConfigJsonKey: secretDataNoEmail,
}, },
Type: v1.SecretTypeDockercfg, Type: v1.SecretTypeDockerConfigJson,
}, },
expectErr: false, expectErr: false,
}, },