diff --git a/.gitignore b/.gitignore index 94cd9bef2..11b93414b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ /imgpkg /imgpkg-darwin-amd64 -/imgpkg-darwin-arm66 +/imgpkg-darwin-arm64 /imgpkg-linux-amd64 /imgpkg-windows-amd64.exe /tmp diff --git a/hack/build-binaries.sh b/hack/build-binaries.sh index f917830f3..22c93901a 100755 --- a/hack/build-binaries.sh +++ b/hack/build-binaries.sh @@ -12,6 +12,12 @@ go fmt ./cmd/... ./pkg/... ./test/... go mod vendor go mod tidy +# related to https://github.com/vmware-tanzu/carvel-imgpkg/pull/255 +# there doesn't appear to be a simple way to disable the defaultDockerConfigProvider +# Having defaultDockerConfigProvider enabled by default results in the imgpkg auth ordering not working correctly +# Specifically, the docker config.json is loaded before cli flags (and maybe even IaaS metadata services) +git apply ./hack/patch-k8s-pkg-credentialprovider.patch + # makes builds reproducible export CGO_ENABLED=0 LDFLAGS="-X github.com/k14s/imgpkg/pkg/imgpkg/cmd.Version=$VERSION -buildid=" diff --git a/hack/build.sh b/hack/build.sh index 03088188d..7736aee18 100755 --- a/hack/build.sh +++ b/hack/build.sh @@ -10,6 +10,12 @@ go fmt ./cmd/... ./pkg/... ./test/... go mod vendor go mod tidy +# related to https://github.com/vmware-tanzu/carvel-imgpkg/pull/255 +# there doesn't appear to be a simple way to disable the defaultDockerConfigProvider +# Having defaultDockerConfigProvider enabled by default results in the imgpkg auth ordering not working correctly +# Specifically, the docker config.json is loaded before cli flags (and maybe even IaaS metadata services) +git apply ./hack/patch-k8s-pkg-credentialprovider.patch + # export GOOS=linux GOARCH=amd64 go build -ldflags="$LDFLAGS" -trimpath -o imgpkg ./cmd/imgpkg/... ./imgpkg version diff --git a/hack/patch-k8s-pkg-credentialprovider.patch b/hack/patch-k8s-pkg-credentialprovider.patch new file mode 100644 index 000000000..101f91f8b --- /dev/null +++ b/hack/patch-k8s-pkg-credentialprovider.patch @@ -0,0 +1,13 @@ +diff --git a/vendor/github.com/vdemeester/k8s-pkg-credentialprovider/provider.go b/vendor/github.com/vdemeester/k8s-pkg-credentialprovider/provider.go +index 8c9ad34..f953bb4 100644 +--- a/vendor/github.com/vdemeester/k8s-pkg-credentialprovider/provider.go ++++ b/vendor/github.com/vdemeester/k8s-pkg-credentialprovider/provider.go +@@ -70,7 +70,7 @@ type CachingDockerConfigProvider struct { + + // Enabled implements dockerConfigProvider + func (d *defaultDockerConfigProvider) Enabled() bool { +- return true ++ return false + } + + // Provide implements dockerConfigProvider diff --git a/pkg/imgpkg/registry/keychain_test.go b/pkg/imgpkg/registry/keychain_test.go index 53ed7e82f..cefebc80d 100644 --- a/pkg/imgpkg/registry/keychain_test.go +++ b/pkg/imgpkg/registry/keychain_test.go @@ -36,6 +36,9 @@ func TestMain(m *testing.M) { gcpRegistryURL, server = registerGCPProvider() defer server.Close() + tempConfigJSONProviderDir := registerDefaultDockerProvider() + defer os.RemoveAll(tempConfigJSONProviderDir) + os.Exit(m.Run()) } @@ -664,6 +667,36 @@ func TestOrderingOfAuthOpts(t *testing.T) { }) } +func registerDefaultDockerProvider() string { + // TestOrderingOfAuthOpts does *not* use the default .docker/config.json location (they use the DOCKER_CONFIG env var) + // (to avoid test pollution and/or messing with a dev's docker files they may rely on) + // Setting up the ordering tests in that way resulted in a slight loss of test coverage. + // for e.g. the introduction of credentialprovider.defaultDockerConfigProvider resulted in none of the tests failing + // So, in order to assert that credentialprovider.defaultDockerConfigProvider is disabled now and in the future + // we configure the credentialprovider.defaultDockerConfigProvider with a docker config json file with credentials + // (that shouldn't be chosen ever) for the same registry as the ordering tests. + // This is also done before any test is run since the credentialprovider.defaultDockerConfigProvider is cached + tempConfigJSONProviderDir, err := ioutil.TempDir(os.TempDir(), "test-default-keychain-provider") + if err != nil { + panic(fmt.Errorf("unable to run test: %s", err)) + } + + err = ioutil.WriteFile(filepath.Join(tempConfigJSONProviderDir, "config.json"), []byte(`{ + "auths" : { + "http://some.fake.registry/v1/" : { + "username": "provider-username", + "password": "provider-password" + } + } +}`), os.ModePerm) + if err != nil { + panic(fmt.Errorf("unable to run test: %s", err)) + } + + credentialprovider.SetPreferredDockercfgPath(tempConfigJSONProviderDir) + return tempConfigJSONProviderDir +} + func registerGCPProvider() (string, *httptest.Server) { registryURL := "imgpkg-testing.kubernetes.carvel" email := "foo@bar.baz" diff --git a/vendor/github.com/vdemeester/k8s-pkg-credentialprovider/provider.go b/vendor/github.com/vdemeester/k8s-pkg-credentialprovider/provider.go index 8c9ad347b..f953bb471 100644 --- a/vendor/github.com/vdemeester/k8s-pkg-credentialprovider/provider.go +++ b/vendor/github.com/vdemeester/k8s-pkg-credentialprovider/provider.go @@ -70,7 +70,7 @@ type CachingDockerConfigProvider struct { // Enabled implements dockerConfigProvider func (d *defaultDockerConfigProvider) Enabled() bool { - return true + return false } // Provide implements dockerConfigProvider