diff --git a/jib-gradle-plugin/CHANGELOG.md b/jib-gradle-plugin/CHANGELOG.md index f259127aba..253ef74839 100644 --- a/jib-gradle-plugin/CHANGELOG.md +++ b/jib-gradle-plugin/CHANGELOG.md @@ -7,6 +7,7 @@ All notable changes to this project will be documented in this file. - Glob pattern support for `jib.extraDirectories.permissions`. ([#1200](https://github.com/GoogleContainerTools/jib/issues/1200)) - Support for image references with both a tag and a digest. ([#1481](https://github.com/GoogleContainerTools/jib/issues/1481)) +- The `DOCKER_CONFIG` environment variable specifying the directory containing docker configs is now checked during credential retrieval. ([#1618](https://github.com/GoogleContainerTools/jib/issues/1618)) ### Changed diff --git a/jib-maven-plugin/CHANGELOG.md b/jib-maven-plugin/CHANGELOG.md index 924acf7cb1..6e9c39c574 100644 --- a/jib-maven-plugin/CHANGELOG.md +++ b/jib-maven-plugin/CHANGELOG.md @@ -7,6 +7,7 @@ All notable changes to this project will be documented in this file. - Glob pattern support for ``. ([#1200](https://github.com/GoogleContainerTools/jib/issues/1200)) - Support for image references with both a tag and a digest. ([#1481](https://github.com/GoogleContainerTools/jib/issues/1481)) +- The `DOCKER_CONFIG` environment variable specifying the directory containing docker configs is now checked during credential retrieval. ([#1618](https://github.com/GoogleContainerTools/jib/issues/1618)) ### Changed diff --git a/jib-plugins-common/src/main/java/com/google/cloud/tools/jib/plugins/common/DefaultCredentialRetrievers.java b/jib-plugins-common/src/main/java/com/google/cloud/tools/jib/plugins/common/DefaultCredentialRetrievers.java index f52e7e7e88..2c36f1e885 100644 --- a/jib-plugins-common/src/main/java/com/google/cloud/tools/jib/plugins/common/DefaultCredentialRetrievers.java +++ b/jib-plugins-common/src/main/java/com/google/cloud/tools/jib/plugins/common/DefaultCredentialRetrievers.java @@ -41,7 +41,8 @@ *
  • {@link CredentialRetrieverFactory#dockerCredentialHelper} for a known credential helper, if * set *
  • {@link CredentialRetrieverFactory#known} for known inferred credential, if set - *
  • {@link CredentialRetrieverFactory#dockerConfig} for {@code + *
  • {@link CredentialRetrieverFactory#dockerConfig} for {@code $DOCKER_CONFIG/config.json}, + * {@code $DOCKER_CONFIG/.dockerconfigjson}, {@code $DOCKER_CONFIG/.dockercfg}, * System.get("user.home")/.docker/config.json}, {@code * System.get("user.home")/.docker/.dockerconfigjson}, {@code * System.get("user.home")/.docker/.dockercfg}, {@code $HOME/.docker/config.json}, {@code @@ -57,11 +58,11 @@ public class DefaultCredentialRetrievers { * See https://docs.docker.com/engine/reference/commandline/login/#privileged-user-requirement. */ - private static final Path DOCKER_CONFIG_FILE = Paths.get(".docker", "config.json"); + private static final Path DOCKER_CONFIG_FILE = Paths.get("config.json"); // For Kubernetes: https://github.com/GoogleContainerTools/jib/issues/2260 - private static final Path KUBERNETES_DOCKER_CONFIG_FILE = - Paths.get(".docker", ".dockerconfigjson"); - private static final Path LEGACY_DOCKER_CONFIG_FILE = Paths.get(".docker", ".dockercfg"); + private static final Path KUBERNETES_DOCKER_CONFIG_FILE = Paths.get(".dockerconfigjson"); + private static final Path LEGACY_DOCKER_CONFIG_FILE = Paths.get(".dockercfg"); + private static final Path DOCKER_DIRECTORY = Paths.get(".docker"); /** * Creates a new {@link DefaultCredentialRetrievers} with a given {@link @@ -71,8 +72,7 @@ public class DefaultCredentialRetrievers { * CredentialRetriever}s * @return a new {@link DefaultCredentialRetrievers} */ - public static DefaultCredentialRetrievers init( - CredentialRetrieverFactory credentialRetrieverFactory) { + static DefaultCredentialRetrievers init(CredentialRetrieverFactory credentialRetrieverFactory) { return new DefaultCredentialRetrievers( credentialRetrieverFactory, System.getProperties(), System.getenv()); } @@ -166,29 +166,43 @@ public List asList() throws FileNotFoundException { credentialRetrievers.add(inferredCredentialRetriever); } + List checkedDockerDirs = new ArrayList<>(); + String dockerConfigEnv = environment.get("DOCKER_CONFIG"); + if (dockerConfigEnv != null) { + Path dockerConfigEnvPath = Paths.get(dockerConfigEnv); + addDockerFiles(credentialRetrievers, Paths.get(dockerConfigEnv)); + checkedDockerDirs.add(dockerConfigEnvPath); + } + String homeProperty = systemProperties.getProperty("user.home"); - String homeEnvVar = environment.get("HOME"); if (homeProperty != null) { - Path home = Paths.get(homeProperty); - credentialRetrievers.add( - credentialRetrieverFactory.dockerConfig(home.resolve(DOCKER_CONFIG_FILE))); - credentialRetrievers.add( - credentialRetrieverFactory.dockerConfig(home.resolve(KUBERNETES_DOCKER_CONFIG_FILE))); - credentialRetrievers.add( - credentialRetrieverFactory.legacyDockerConfig(home.resolve(LEGACY_DOCKER_CONFIG_FILE))); + Path homePropertyPath = Paths.get(homeProperty).resolve(DOCKER_DIRECTORY); + if (!checkedDockerDirs.contains(homePropertyPath)) { + addDockerFiles(credentialRetrievers, homePropertyPath); + checkedDockerDirs.add(homePropertyPath); + } } - if (homeEnvVar != null && !homeEnvVar.equals(homeProperty)) { - Path home = Paths.get(homeEnvVar); - credentialRetrievers.add( - credentialRetrieverFactory.dockerConfig(home.resolve(DOCKER_CONFIG_FILE))); - credentialRetrievers.add( - credentialRetrieverFactory.dockerConfig(home.resolve(KUBERNETES_DOCKER_CONFIG_FILE))); - credentialRetrievers.add( - credentialRetrieverFactory.legacyDockerConfig(home.resolve(LEGACY_DOCKER_CONFIG_FILE))); + + String homeEnvVar = environment.get("HOME"); + if (homeEnvVar != null) { + Path homeEnvDockerPath = Paths.get(homeEnvVar).resolve(DOCKER_DIRECTORY); + if (!checkedDockerDirs.contains(homeEnvDockerPath)) { + addDockerFiles(credentialRetrievers, homeEnvDockerPath); + } } credentialRetrievers.add(credentialRetrieverFactory.wellKnownCredentialHelpers()); credentialRetrievers.add(credentialRetrieverFactory.googleApplicationDefaultCredentials()); return credentialRetrievers; } + + private void addDockerFiles(List credentialRetrievers, Path configDir) { + credentialRetrievers.add( + credentialRetrieverFactory.dockerConfig(configDir.resolve(DOCKER_CONFIG_FILE))); + credentialRetrievers.add( + credentialRetrieverFactory.dockerConfig(configDir.resolve(KUBERNETES_DOCKER_CONFIG_FILE))); + credentialRetrievers.add( + credentialRetrieverFactory.legacyDockerConfig( + configDir.resolve(LEGACY_DOCKER_CONFIG_FILE))); + } } diff --git a/jib-plugins-common/src/test/java/com/google/cloud/tools/jib/plugins/common/DefaultCredentialRetrieversTest.java b/jib-plugins-common/src/test/java/com/google/cloud/tools/jib/plugins/common/DefaultCredentialRetrieversTest.java index 7c82ffaca5..811e0d840a 100644 --- a/jib-plugins-common/src/test/java/com/google/cloud/tools/jib/plugins/common/DefaultCredentialRetrieversTest.java +++ b/jib-plugins-common/src/test/java/com/google/cloud/tools/jib/plugins/common/DefaultCredentialRetrieversTest.java @@ -51,6 +51,9 @@ public class DefaultCredentialRetrieversTest { @Mock private CredentialRetriever mockKnownCredentialRetriever; @Mock private CredentialRetriever mockInferredCredentialRetriever; @Mock private CredentialRetriever mockWellKnownCredentialHelpersCredentialRetriever; + @Mock private CredentialRetriever mockDockerConfigEnvDockerConfigCredentialRetriever; + @Mock private CredentialRetriever mockDockerConfigEnvKubernetesDockerConfigCredentialRetriever; + @Mock private CredentialRetriever mockDockerConfigEnvLegacyDockerConfigCredentialRetriever; @Mock private CredentialRetriever mockSystemHomeDockerConfigCredentialRetriever; @Mock private CredentialRetriever mockSystemHomeKubernetesDockerConfigCredentialRetriever; @Mock private CredentialRetriever mockSystemHomeLegacyDockerConfigCredentialRetriever; @@ -69,7 +72,12 @@ public class DefaultCredentialRetrieversTest { public void setUp() { properties = new Properties(); properties.setProperty("user.home", Paths.get("/system/home").toString()); - environment = ImmutableMap.of("HOME", Paths.get("/env/home").toString()); + environment = + ImmutableMap.of( + "HOME", + Paths.get("/env/home").toString(), + "DOCKER_CONFIG", + Paths.get("/docker_config").toString()); Mockito.when(mockCredentialRetrieverFactory.dockerCredentialHelper(Mockito.anyString())) .thenReturn(mockDockerCredentialHelperCredentialRetriever); @@ -80,6 +88,17 @@ public void setUp() { .thenReturn(mockInferredCredentialRetriever); Mockito.when(mockCredentialRetrieverFactory.wellKnownCredentialHelpers()) .thenReturn(mockWellKnownCredentialHelpersCredentialRetriever); + Mockito.when( + mockCredentialRetrieverFactory.dockerConfig(Paths.get("/docker_config/config.json"))) + .thenReturn(mockDockerConfigEnvDockerConfigCredentialRetriever); + Mockito.when( + mockCredentialRetrieverFactory.dockerConfig( + Paths.get("/docker_config/.dockerconfigjson"))) + .thenReturn(mockDockerConfigEnvKubernetesDockerConfigCredentialRetriever); + Mockito.when( + mockCredentialRetrieverFactory.legacyDockerConfig( + Paths.get("/docker_config/.dockercfg"))) + .thenReturn(mockDockerConfigEnvLegacyDockerConfigCredentialRetriever); Mockito.when( mockCredentialRetrieverFactory.dockerConfig( Paths.get("/system/home/.docker/config.json"))) @@ -114,6 +133,9 @@ public void testAsList() throws FileNotFoundException { .asList(); Assert.assertEquals( Arrays.asList( + mockDockerConfigEnvDockerConfigCredentialRetriever, + mockDockerConfigEnvKubernetesDockerConfigCredentialRetriever, + mockDockerConfigEnvLegacyDockerConfigCredentialRetriever, mockSystemHomeDockerConfigCredentialRetriever, mockSystemHomeKubernetesDockerConfigCredentialRetriever, mockSystemHomeLegacyDockerConfigCredentialRetriever, @@ -138,6 +160,9 @@ public void testAsList_all() throws FileNotFoundException { mockKnownCredentialRetriever, mockDockerCredentialHelperCredentialRetriever, mockInferredCredentialRetriever, + mockDockerConfigEnvDockerConfigCredentialRetriever, + mockDockerConfigEnvKubernetesDockerConfigCredentialRetriever, + mockDockerConfigEnvLegacyDockerConfigCredentialRetriever, mockSystemHomeDockerConfigCredentialRetriever, mockSystemHomeKubernetesDockerConfigCredentialRetriever, mockSystemHomeLegacyDockerConfigCredentialRetriever, @@ -166,6 +191,9 @@ public void testAsList_credentialHelperPath() throws IOException { Assert.assertEquals( Arrays.asList( mockDockerCredentialHelperCredentialRetriever, + mockDockerConfigEnvDockerConfigCredentialRetriever, + mockDockerConfigEnvKubernetesDockerConfigCredentialRetriever, + mockDockerConfigEnvLegacyDockerConfigCredentialRetriever, mockSystemHomeDockerConfigCredentialRetriever, mockSystemHomeKubernetesDockerConfigCredentialRetriever, mockSystemHomeLegacyDockerConfigCredentialRetriever, @@ -208,6 +236,27 @@ public void testDockerConfigRetrievers_noDuplicateRetrievers() throws FileNotFou List credentialRetrievers = new DefaultCredentialRetrievers(mockCredentialRetrieverFactory, properties, environment) .asList(); + Assert.assertEquals( + Arrays.asList( + mockDockerConfigEnvDockerConfigCredentialRetriever, + mockDockerConfigEnvKubernetesDockerConfigCredentialRetriever, + mockDockerConfigEnvLegacyDockerConfigCredentialRetriever, + mockEnvHomeDockerConfigCredentialRetriever, + mockEnvHomeKubernetesDockerConfigCredentialRetriever, + mockEnvHomeLegacyDockerConfigCredentialRetriever, + mockWellKnownCredentialHelpersCredentialRetriever, + mockApplicationDefaultCredentialRetriever), + credentialRetrievers); + + environment = + ImmutableMap.of( + "HOME", + Paths.get("/env/home").toString(), + "DOCKER_CONFIG", + Paths.get("/env/home/.docker").toString()); + credentialRetrievers = + new DefaultCredentialRetrievers(mockCredentialRetrieverFactory, properties, environment) + .asList(); Assert.assertEquals( Arrays.asList( mockEnvHomeDockerConfigCredentialRetriever,