Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support env vars for registry auth when executing kp import #251

Closed
tylerphelan opened this issue Jun 14, 2022 · 3 comments · Fixed by #279
Closed

Support env vars for registry auth when executing kp import #251

tylerphelan opened this issue Jun 14, 2022 · 3 comments · Fixed by #279
Assignees
@ncarlson
Labels
good first issue Good for newcomers

Comments

@tylerphelan
Copy link
Contributor

tylerphelan commented Jun 14, 2022
edited by ncarlson
Loading

When authenticating against registries during kp import:

  • Allow for the use of credential-holding environment variables
  • Allow for the use of multiple registries in the style of imgpkg (note: glob wildcards will not be supported)
    • Example of a single registry: 
      REGISTRY=index.docker.io/grossum
REGISTRY_USER=benevolentd
REGISTRY_PASSWORD=g3nerator$Rule!
    • Example of multiple registries: 
      REGISTRY_0=foo.dockerrepo.info/jmccarthy/lambda
REGISTRY_USER_0=jmccarthy
REGISTRY_PASSWORD_0=lambda4L1f3

REGISTRY_1=bar.dockerrepo.info/rhickey/clojure
REGISTRY_USER_1=rhickey
REGISTRY_PASSWORD_1=JVM1sB3tt3r
@ncarlson ncarlson self-assigned this Jan 25, 2023
@ncarlson ncarlson changed the title Use env vars for auth Use env vars for auth in kp import Jan 25, 2023
@ncarlson ncarlson changed the title Use env vars for auth in kp import Use env vars for auth when executing kp import commands Jan 25, 2023
@ncarlson ncarlson changed the title Use env vars for auth when executing kp import commands Use env vars for registry auth when executing kp import Jan 25, 2023
@ncarlson ncarlson changed the title Use env vars for registry auth when executing kp import Support env vars for registry auth when executing kp import Jan 25, 2023
@ncarlson ncarlson linked a pull request Feb 7, 2023 that will close this issue
Use env vars for registry credentials in kp import #279
Merged
@tomkennedy513
Copy link
Contributor

tomkennedy513 commented Feb 8, 2023
edited
Loading

Thinking out loud here, but shouldn't this extend to any place we use a keychain to interact with the registry in kp? I think it might be confusing if we only support these envs in one of the commands that reach out to to the registry

@ncarlson
Copy link
Contributor

ncarlson commented Feb 8, 2023
edited
Loading

Thinking out loud here, but shouldn't this extend to any place we use a keychain to interact with the registry in kp? I think it might be confusing if we only support these envs in one of the commands that reach out to to the registry

Great idea.

I think we could do this anywhere authn.DefaultKeychain is used. We can replace keychain = authn.DefaultKeychain with a shortened version of this:

keychain := authn.NewMultiKeychain(
    authn.NewKeychainFromHelper(
	importpkg.NewCredHelperFromEnvVars(envVarRegistryUrl, envVarRegistryUser, envVarRegistryPassword)),
    defaultKeychain,
)

// maybe just:
//
// keychain := secret.NewDefaultEnvVarKeychain()
//
// which would also move the CredHelper out of helpers.go and into kpack-cli/pkg/secret/helpers.go (or credhelper.go)

The following files would be affected:

image/update_factory.go
image/factory.go
commands/lifecycle/patch.go
commands/import/import.go
commands/clusterstore/create.go
commands/clusterstore/add.go
commands/clusterstack/save.go
commands/clusterstack/patch.go
commands/clusterstack/create.go

@ncarlson
Copy link
Contributor

ncarlson commented Feb 8, 2023

perhaps pkg/dockercreds/ is a better location for this helper.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ncarlson ncarlson

Labels
good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use env vars for registry credentials in kp import buildpacks-community/kpack-cli
3 participants
@ncarlson @tylerphelan @tomkennedy513