diff --git a/go.mod b/go.mod index 105f4dbca..4e598eaed 100644 --- a/go.mod +++ b/go.mod @@ -34,7 +34,7 @@ require ( ) require ( - github.com/GoogleCloudPlatform/docker-credential-gcr/v2 v2.1.22 + github.com/GoogleCloudPlatform/docker-credential-gcr/v2 v2.1.29 github.com/containerd/containerd v1.7.27 ) diff --git a/go.sum b/go.sum index 19846efd1..219dbb3cd 100644 --- a/go.sum +++ b/go.sum @@ -68,8 +68,8 @@ github.com/Azure/go-autorest/tracing v0.6.1/go.mod h1:/3EgjbsjraOqiicERAeu3m7/z0 github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2 h1:oygO0locgZJe7PpYPXT5A29ZkwJaPqcva7BVeemZOZs= github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/GoogleCloudPlatform/docker-credential-gcr/v2 v2.1.22 h1:HevuUpLsTedep2D6wnIp6AAJbVgP0BiVxaMt3HXeOyA= -github.com/GoogleCloudPlatform/docker-credential-gcr/v2 v2.1.22/go.mod h1:nzCpg7DFIIkQIZB3mdUPXVvqQ5f/GahA6xgWXTjnK7w= +github.com/GoogleCloudPlatform/docker-credential-gcr/v2 v2.1.29 h1:V9Ndh0TeJot+CNrubYJAQ0NmAiaeUNlt/0rvyPtuT18= +github.com/GoogleCloudPlatform/docker-credential-gcr/v2 v2.1.29/go.mod h1:Sn/Fbw3Evc5kOPsyjmFAqRGYjfvO8T1SSzaqprpiDBc= github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.27.0 h1:ErKg/3iS1AKcTkf3yixlZ54f9U1rljCkQyEXWUnIUxc= github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.27.0/go.mod h1:yAZHSGnqScoU556rBOVkwLze6WP5N+U11RHuWaGVxwY= github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.51.0 h1:fYE9p3esPxA/C0rQ0AHhP0drtPXDRhaWiwg1DPqO7IU= diff --git a/vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/.goreleaser.yml b/vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/.goreleaser.yml index 4aa4ca474..82b9f2169 100644 --- a/vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/.goreleaser.yml +++ b/vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/.goreleaser.yml @@ -1,5 +1,6 @@ # This is an example .goreleaser.yml file with some sane defaults. # Make sure to check the documentation at http://goreleaser.com +version: 2 before: hooks: # Needed because we use go modules. @@ -8,7 +9,7 @@ builds: - env: - CGO_ENABLED=0 ldflags: - - "-s -w -X github.com/GoogleCloudPlatform/docker-credential-gcr/config.Version={{.Version}}" + - "-s -w -X github.com/GoogleCloudPlatform/docker-credential-gcr/v2/config.Version={{.Version}}" goarch: - amd64 - arm64 @@ -23,7 +24,7 @@ archives: checksum: name_template: "checksums.txt" snapshot: - name_template: "{{ .Version }}" + version_template: "{{ .Version }}" changelog: sort: asc filters: diff --git a/vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/README.md b/vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/README.md index a9c644de4..6560f8026 100644 --- a/vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/README.md +++ b/vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/README.md @@ -12,67 +12,14 @@ The helper implements the [Docker Credential Store](https://docs.docker.com/engi For even more authentication options, see GCR's documentation on [advanced authentication methods](https://cloud.google.com/container-registry/docs/advanced-authentication). -## GCR Credentials - -_By default_, the helper searches for GCR credentials in the following order: - -1. In the helper's private credential store (i.e. those stored via `docker-credential-gcr gcr-login`) -1. In a JSON file whose path is specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. -1. In a JSON file in a location known to the helper: - * On Windows, this is `%APPDATA%/gcloud/application_default_credentials.json`. - * On other systems, `$HOME/.config/gcloud/application_default_credentials.json`. -1. On Google App Engine, it uses the `appengine.AccessToken` function. -1. On Google Compute Engine, Kubernetes Engine, and App Engine Managed VMs, it fetches the credentials of the _service account_ associated with the VM from the metadata server (if available). +## Installation -Users may limit, re-order how the helper searches for GCR credentials using `docker-credential-gcr config --token-source`. Number 1 above is designated by `store` and 2-5 by `env` (which cannot be individually restricted or re-ordered). Multiple sources are separated by commas, and the default is `"store, env"`. - -While it is recommended to use [`gcloud auth configure-docker`](https://cloud.google.com/sdk/gcloud/reference/auth/configure-docker) in `gcloud`-based work flows, you may optionally configure `docker-credential-gcr` to use `gcloud` as a token source (see example below). +Download [latest release](https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/latest). -**Examples:** +Install manually: -To use _only_ the gcloud SDK's access token: -```shell -docker-credential-gcr config --token-source="gcloud" ``` - -To search the environment, followed by the private store: -```shell -docker-credential-gcr config --token-source="env, store" -``` - -To verify that credentials are being returned for a given registry, e.g. for `https://gcr.io`: - -```shell -echo "https://gcr.io" | docker-credential-gcr get -``` - -## Other Credentials - -As of the 2.0 release, `docker-credential-gcr` no longer supports generalized [`credsStore`](https://docs.docker.com/engine/reference/commandline/login/#/credentials-store) functionality. - -### Building from Source - -The program in this repository is written with the Go programming language and can be built with `go build`. These instructions assume you are using [**Go 1.13+**](https://golang.org/) or higher. - -You can download the source code, compile the binary, and put it in your `$GOPATH` with `go get`. - -```shell -go get -u github.com/GoogleCloudPlatform/docker-credential-gcr/v2 -``` - -If `$GOPATH/bin` is in your system `$PATH`, this will also automatically install the compiled binary. You can confirm using `which docker-credential-gcr` and continue to the [section on Configuration and Usage](#configuration-and-usage). - -Alternatively, you can use `go build` to build the program. This creates a `docker-credential-gcr` executable. - -```shell -cd $GOPATH/src/github.com/GoogleCloudPlatform/docker-credential-gcr -go build -``` - -Then, you can put that binary in your `$PATH` to make it visible to `docker`. For example, if `/usr/bin` is present in your system path: - -```shell -sudo mv ./docker-credential-gcr /usr/bin/docker-credential-gcr +go install github.com/GoogleCloudPlatform/docker-credential-gcr/v2@latest ``` ## Configuration and Usage @@ -86,7 +33,7 @@ sudo mv ./docker-credential-gcr /usr/bin/docker-credential-gcr To speed up `docker build`s, you can instead configure a minimal set of registries: ```shell - docker-credential-gcr configure-docker --registries="eu.gcr.io, marketplace.gcr.io" + docker-credential-gcr configure-docker --registries="gcr.io,us-west1-docker.pkg.dev,docker.europe-west3.rep.pkg.dev" ``` * Alternatively, use the [manual configuration instructions](#manual-docker-client-configuration) below to configure your version of the Docker client. @@ -109,6 +56,44 @@ sudo mv ./docker-credential-gcr /usr/bin/docker-credential-gcr docker-credential-gcr gcr-logout ``` +## GCR Credentials + +_By default_, the helper searches for GCR credentials in the following order: + +1. In the helper's private credential store (i.e. those stored via `docker-credential-gcr gcr-login`) +1. In a JSON file whose path is specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. +1. In a JSON file in a location known to the helper: + * On Windows, this is `%APPDATA%/gcloud/application_default_credentials.json`. + * On other systems, `$HOME/.config/gcloud/application_default_credentials.json`. +1. On Google App Engine, it uses the `appengine.AccessToken` function. +1. On Google Compute Engine, Kubernetes Engine, and App Engine Managed VMs, it fetches the credentials of the _service account_ associated with the VM from the metadata server (if available). + +Users may limit, re-order how the helper searches for GCR credentials using `docker-credential-gcr config --token-source`. Number 1 above is designated by `store` and 2-5 by `env` (which cannot be individually restricted or re-ordered). Multiple sources are separated by commas, and the default is `"store, env"`. + +While it is recommended to use [`gcloud auth configure-docker`](https://cloud.google.com/sdk/gcloud/reference/auth/configure-docker) in `gcloud`-based work flows, you may optionally configure `docker-credential-gcr` to use `gcloud` as a token source (see example below). + +**Examples:** + +To use _only_ the gcloud SDK's access token: +```shell +docker-credential-gcr config --token-source="gcloud" +``` + +To search the environment, followed by the private store: +```shell +docker-credential-gcr config --token-source="env, store" +``` + +To verify that credentials are being returned for a given registry, e.g. for `https://gcr.io`: + +```shell +echo "https://gcr.io" | docker-credential-gcr get +``` + +## Other Credentials + +As of the 2.0 release, `docker-credential-gcr` no longer supports generalized [`credsStore`](https://docs.docker.com/engine/reference/commandline/login/#/credentials-store) functionality. + ### Manual Docker Client Configuration Add a `credHelpers` entry in the Docker config file (usually `~/.docker/config.json` on OSX and Linux, `%USERPROFILE%\.docker\config.json` on Windows) for each GCR registry that you care about. The key should be the domain of the registry (**without** the "https://") and the value should be the suffix of the credential helper binary (everything after "docker-credential-"). diff --git a/vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/config/const.go b/vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/config/const.go index f5c9ea984..34dd4175d 100644 --- a/vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/config/const.go +++ b/vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/config/const.go @@ -70,49 +70,90 @@ var DefaultGCRRegistries = [...]string{ // are added in addition to the GCR Registries. var DefaultARRegistries = [...]string{ "africa-south1-docker.pkg.dev", + "docker.africa-south1.rep.pkg.dev", "asia-docker.pkg.dev", "asia-east1-docker.pkg.dev", + "docker.asia-east1.rep.pkg.dev", "asia-east2-docker.pkg.dev", + "docker.asia-east2.rep.pkg.dev", "asia-northeast1-docker.pkg.dev", + "docker.asia-northeast1.rep.pkg.dev", "asia-northeast2-docker.pkg.dev", + "docker.asia-northeast2.rep.pkg.dev", "asia-northeast3-docker.pkg.dev", + "docker.asia-northeast3.rep.pkg.dev", "asia-south1-docker.pkg.dev", + "docker.asia-south1.rep.pkg.dev", "asia-south2-docker.pkg.dev", + "docker.asia-south2.rep.pkg.dev", "asia-southeast1-docker.pkg.dev", + "docker.asia-southeast1.rep.pkg.dev", "asia-southeast2-docker.pkg.dev", + "docker.asia-southeast2.rep.pkg.dev", "australia-southeast1-docker.pkg.dev", + "docker.australia-southeast1.rep.pkg.dev", "australia-southeast2-docker.pkg.dev", + "docker.australia-southeast2.rep.pkg.dev", "europe-docker.pkg.dev", "europe-central2-docker.pkg.dev", + "docker.europe-central2.rep.pkg.dev", "europe-north1-docker.pkg.dev", + "docker.europe-north1.rep.pkg.dev", + "europe-north2-docker.pkg.dev", "europe-southwest1-docker.pkg.dev", + "docker.europe-southwest1.rep.pkg.dev", "europe-west1-docker.pkg.dev", + "docker.europe-west1.rep.pkg.dev", + "europe-west10-docker.pkg.dev", + "docker.europe-west10.rep.pkg.dev", + "europe-west12-docker.pkg.dev", + "docker.europe-west12.rep.pkg.dev", "europe-west2-docker.pkg.dev", + "docker.europe-west2.rep.pkg.dev", "europe-west3-docker.pkg.dev", + "docker.europe-west3.rep.pkg.dev", "europe-west4-docker.pkg.dev", + "docker.europe-west4.rep.pkg.dev", "europe-west6-docker.pkg.dev", + "docker.europe-west6.rep.pkg.dev", "europe-west8-docker.pkg.dev", + "docker.europe-west8.rep.pkg.dev", "europe-west9-docker.pkg.dev", - "europe-west10-docker.pkg.dev", - "europe-west12-docker.pkg.dev", + "docker.europe-west9.rep.pkg.dev", "me-central1-docker.pkg.dev", + "docker.me-central1.rep.pkg.dev", "me-central2-docker.pkg.dev", "docker.me-central2.rep.pkg.dev", "me-west1-docker.pkg.dev", + "docker.me-west1.rep.pkg.dev", "northamerica-northeast1-docker.pkg.dev", + "docker.northamerica-northeast1.rep.pkg.dev", "northamerica-northeast2-docker.pkg.dev", + "docker.northamerica-northeast2.rep.pkg.dev", + "northamerica-south1-docker.pkg.dev", "southamerica-east1-docker.pkg.dev", + "docker.southamerica-east1.rep.pkg.dev", "southamerica-west1-docker.pkg.dev", + "docker.southamerica-west1.rep.pkg.dev", "us-docker.pkg.dev", "us-central1-docker.pkg.dev", + "docker.us-central1.rep.pkg.dev", "us-east1-docker.pkg.dev", + "docker.us-east1.rep.pkg.dev", "us-east4-docker.pkg.dev", + "docker.us-east4.rep.pkg.dev", "us-east5-docker.pkg.dev", + "docker.us-east5.rep.pkg.dev", "us-south1-docker.pkg.dev", + "docker.us-south1.rep.pkg.dev", "us-west1-docker.pkg.dev", + "docker.us-west1.rep.pkg.dev", "us-west2-docker.pkg.dev", + "docker.us-west2.rep.pkg.dev", "us-west3-docker.pkg.dev", + "docker.us-west3.rep.pkg.dev", "us-west4-docker.pkg.dev", + "docker.us-west4.rep.pkg.dev", "us-west8-docker.pkg.dev", } diff --git a/vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/credhelper/helper.go b/vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/credhelper/helper.go index 255adf4aa..2954ade6e 100644 --- a/vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/credhelper/helper.go +++ b/vendor/github.com/GoogleCloudPlatform/docker-credential-gcr/v2/credhelper/helper.go @@ -19,20 +19,20 @@ for GCR authentication. package credhelper import ( + "context" "encoding/json" "errors" "fmt" "os" "strings" + cloudcreds "cloud.google.com/go/auth/credentials" "github.com/GoogleCloudPlatform/docker-credential-gcr/v2/auth" "github.com/GoogleCloudPlatform/docker-credential-gcr/v2/config" "github.com/GoogleCloudPlatform/docker-credential-gcr/v2/store" "github.com/GoogleCloudPlatform/docker-credential-gcr/v2/util/cmd" "github.com/docker/docker-credential-helpers/credentials" - "golang.org/x/oauth2" - "golang.org/x/oauth2/google" ) // gcrCredHelper implements a credentials.Helper interface backed by a GCR @@ -146,11 +146,7 @@ func (ch *gcrCredHelper) getGCRAccessToken() (string, error) { } /* -tokenFromEnv retrieves a gcloud access_token from the environment. - -From https://godoc.org/golang.org/x/oauth2/google: - -DefaultTokenSource is a token source that uses "Application Default Credentials". +tokenFromEnv retrieves a JWT access_token from the environment. It looks for credentials in the following places, preferring the first location found: @@ -165,25 +161,28 @@ It looks for credentials in the following places, preferring the first location (In this final case any provided scopes are ignored.) */ func tokenFromEnv() (string, error) { - ts, err := google.DefaultTokenSource(config.OAuthHTTPContext, config.GCRScopes...) + creds, err := cloudcreds.DetectDefault(&cloudcreds.DetectOptions{ + Scopes: config.GCRScopes, + UseSelfSignedJWT: true, + }) if err != nil { - return "", err + return "", helperErr("failed to detect default credentials", err) } - token, err := ts.Token() + token, err := creds.Token(context.Background()) if err != nil { return "", err } - if !token.Valid() { + if !token.IsValid() { return "", helperErr("token was invalid", nil) } - if token.Type() != "Bearer" { - return "", helperErr(fmt.Sprintf("expected token type \"Bearer\" but got \"%s\"", token.Type()), nil) + if token.Type != "Bearer" { + return "", helperErr(fmt.Sprintf("expected token type \"Bearer\" but got \"%s\"", token.Type), nil) } - return token.AccessToken, nil + return token.Value, nil } // tokenFromGcloudSDK attempts to generate an access_token using the gcloud SDK. diff --git a/vendor/modules.txt b/vendor/modules.txt index 0bde2ce77..fa79d3131 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -125,7 +125,7 @@ github.com/Azure/go-autorest/logger # github.com/Azure/go-autorest/tracing v0.6.1 ## explicit; go 1.15 github.com/Azure/go-autorest/tracing -# github.com/GoogleCloudPlatform/docker-credential-gcr/v2 v2.1.22 +# github.com/GoogleCloudPlatform/docker-credential-gcr/v2 v2.1.29 ## explicit; go 1.21 github.com/GoogleCloudPlatform/docker-credential-gcr/v2 github.com/GoogleCloudPlatform/docker-credential-gcr/v2/auth