Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support multiple secrets of type dockercfg and dockerconfigjson #3659

Merged
merged 1 commit into from
Jan 21, 2021
Merged

Support multiple secrets of type dockercfg and dockerconfigjson #3659

merged 1 commit into from
Jan 21, 2021

Conversation

SaschaSchwarze0
Copy link
Contributor

Changes

In the documentation, Tekton explicitly claims to support this use case:

For example, a Run might require access to multiple private Git and Docker repositories.

Support is provided through the Secrets associated with the TaskRuns ServiceAccount. The implementation of the credentials code for Docker authentication already supported many credentials provided as basic-auth Secrets, also in combination with credentials defined in exactly one Secret of type dockercfg and/or dockerconfigjson. I am lifting the limitations on non basic-auth secrets. The Tekton code already creates Pod containers with multiple -docker-config arguments, but the consuming code only accepted one and therefore only honored the last item. One may argue whether this is a feature or fixes a bug.

/kind feature

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

  • Includes tests (if functionality changed/added)
  • Includes docs (if user facing)
  • Commit messages follow commit message best practices
  • Release notes block has been filled in or deleted (only if no user facing changes)

-> Docs linked from above is already good enough = it had not mentioned that only one Secret had been supported.

Reviewer Notes

If API changes are included, additive changes must be approved by at least two OWNERS and backwards incompatible changes must be approved by more than 50% of the OWNERS, and they must first be added in a backwards compatible way.

Release Notes

Adds support for multiple secrets of type dockercfg or dockerconfigjson

@SaschaSchwarze0
Support multiple Docker secrets
17f3d0a 
This changes the credentials initialization to support multiple secrets
not just of type basic-auth but also of type dockercfg and
dockerconfigjson.
@tekton-robot tekton-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/feature Categorizes issue or PR as related to a new feature. labels Jan 5, 2021
@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Jan 5, 2021
edited
Loading

CLA Signed

The committers are authorized under a signed CLA.

@tekton-robot tekton-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Jan 5, 2021
@tekton-robot
Copy link
Collaborator

Hi @SaschaSchwarze0. Thanks for your PR.

I'm waiting for a tektoncd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@tekton-robot tekton-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Jan 5, 2021
@SaschaSchwarze0 SaschaSchwarze0 mentioned this pull request Jan 7, 2021
Open
@ghost
Copy link

ghost commented Jan 7, 2021

/ok-to-test

/approve

Thanks for this!

@tekton-robot tekton-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. approved Indicates a PR has been approved by an approver from all required OWNERS files. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Jan 7, 2021
@tekton-robot
Copy link
Collaborator

The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/credentials/dockercreds/creds.go 86.2% 87.0% 0.7

@SaschaSchwarze0
Copy link
Contributor Author

CLA Not Signed

Quick update on that: is in progress. I expect to get the approval of the responsible IBMer managing this today.

@SaschaSchwarze0
Copy link
Contributor Author

Received the CLA approval with this statement:

If you had previously submitted one or more pull requests to Continuous Delivery Foundation (CDF) that had failed, you should close and re-open the pull request to force a recheck by the EasyCLA system.

Based on that, I'll close this one and will try to re-open it.

@tekton-robot
Copy link
Collaborator

The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/credentials/dockercreds/creds.go 86.2% 87.0% 0.7

@SaschaSchwarze0
Copy link
Contributor Author

/test pull-tekton-pipeline-integration-tests

@ghost
Copy link

ghost commented Jan 8, 2021

The kind job looks like it's stuck. I'm going to flip the labels to try and bring it back to life.

@ghost ghost added kind/feature Categorizes issue or PR as related to a new feature. and removed kind/feature Categorizes issue or PR as related to a new feature. labels Jan 8, 2021
@SaschaSchwarze0
Copy link
Contributor Author

Hi @sbwsg, anything else you need from me for this pull request?

@ghost
Copy link

ghost commented Jan 21, 2021

Hi @sbwsg, anything else you need from me for this pull request?

At this point we're waiting for someone else to review & lgtm it on top of my approve.

vdemeester
vdemeester approved these changes Jan 21, 2021
View reviewed changes
Copy link
Member

@vdemeester vdemeester left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/meow
/lgtm

@tekton-robot
Copy link
Collaborator

@vdemeester: cat image

In response to this:

/meow
/lgtm

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Jan 21, 2021
@tekton-robot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: sbwsg, vdemeester

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot merged commit 5003ca2 into tektoncd:master Jan 21, 2021
@SaschaSchwarze0 SaschaSchwarze0 deleted the sascha-multiple-secrets-support branch March 25, 2021 14:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vdemeester vdemeester vdemeester approved these changes

@bobcatfish bobcatfish Awaiting requested review from bobcatfish

@dlorenc dlorenc Awaiting requested review from dlorenc

Assignees

@vdemeester vdemeester

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/feature Categorizes issue or PR as related to a new feature. lgtm Indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@SaschaSchwarze0 @tekton-robot @vdemeester