-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mutateDockerCreds (dockerconfigjson secret) doesn't support _json_key / Expects auth to contain separator of secrets. #81
mutateDockerCreds (dockerconfigjson secret) doesn't support _json_key / Expects auth to contain separator of secrets. #81
Comments
Thank you for your contribution! This issue has been automatically marked as |
This issue has been marked |
Please reopen. |
We need to revisit the container code in general. will add it to the roadmap as a high-level item. |
Describe the bug:
The mutating webhook for secrets has a specific function to manage dockerconfigjson type secrets:
https://github.com/banzaicloud/bank-vaults/blob/main/pkg/webhook/secret.go#L128
This function assumes that the content of your
auth
part of your config will consist of a formatusername:password
and will fail to split the credentials if you try to pass in a_json_key
which a number of cloud based private registries (GCP in my case) use for authenticating.The content looks a little something like this:
Expected behaviour:
I think this might turn into a feature as the function in question looks to be built on the pretense that
username:password
is user in theauth
section of the .dockerconfigjson file.The expected behaviour would be to NOT split and instead just fetch the secret as is.
Steps to reproduce the bug:
Create a secret like this:
and you'll see in the injection part the following error:
error="mutate dockerconfig json failed: splitting auth credentials failed"
Environment details:
/kind bug
The text was updated successfully, but these errors were encountered: