Make cert updates optional based on param value (#2722)

2025-01-30 05:59:39 +02:00 · 2021-03-25 15:32:10 +01:00 · 2021-03-25 15:32:10 +01:00 · 95ebfb3b2f
commit 95ebfb3b2f
parent 9679d96e7b
2 changed files with 43 additions and 4 deletions
--- a/cmd/kanikoExecute.go
+++ b/cmd/kanikoExecute.go
@ -57,9 +57,13 @@ func runKanikoExecute(config *kanikoExecuteOptions, telemetryData *telemetry.Cus
 		return errors.Wrap(err, "failed to initialize Kaniko container")
 	}

-	err := certificateUpdate(config.CustomTLSCertificateLinks, httpClient, fileUtils)
-	if err != nil {
-		return errors.Wrap(err, "failed to update certificates")
+	if len(config.CustomTLSCertificateLinks) > 0 {
+		err := certificateUpdate(config.CustomTLSCertificateLinks, httpClient, fileUtils)
+		if err != nil {
+			return errors.Wrap(err, "failed to update certificates")
+		}
+	} else {
+		log.Entry().Info("skipping updation of certificates")
 	}

 	if !piperutils.ContainsString(config.BuildOptions, "--destination") {
@ -89,6 +93,7 @@ func runKanikoExecute(config *kanikoExecuteOptions, telemetryData *telemetry.Cus

 	dockerConfig := []byte(`{"auths":{}}`)
 	if len(config.DockerConfigJSON) > 0 {
+		var err error
 		dockerConfig, err = fileUtils.FileRead(config.DockerConfigJSON)
 		if err != nil {
 			return errors.Wrapf(err, "failed to read file '%v'", config.DockerConfigJSON)
--- a/cmd/kanikoExecute_test.go
+++ b/cmd/kanikoExecute_test.go
@ -160,6 +160,31 @@ func TestRunKanikoExecute(t *testing.T) {

 	})

+	t.Run("no error case - when cert update skipped", func(t *testing.T) {
+		config := &kanikoExecuteOptions{
+			BuildOptions:                []string{"--skip-tls-verify-pull"},
+			ContainerImageName:          "myImage",
+			ContainerImageTag:           "1.2.3-a+x",
+			ContainerRegistryURL:        "https://my.registry.com:50000",
+			ContainerPreparationCommand: "rm -f /kaniko/.docker/config.json",
+			CustomTLSCertificateLinks:   []string{},
+			DockerfilePath:              "Dockerfile",
+			DockerConfigJSON:            "path/to/docker/config.json",
+		}
+
+		runner := &mock.ExecMockRunner{}
+
+		certClient := &kanikoMockClient{}
+		fileUtils := &kanikoFileMock{
+			fileWriteContent: map[string]string{},
+			fileReadErr:      map[string]error{"/kaniko/ssl/certs/ca-certificates.crt": fmt.Errorf("read error")},
+		}
+
+		err := runKanikoExecute(config, &telemetry.CustomData{}, &commonPipelineEnvironment, runner, certClient, fileUtils)
+
+		assert.NoErrorf(t, err, "failed to update certificates: failed to load file '/kaniko/ssl/certs/ca-certificates.crt': read error")
+	})
+
 	t.Run("success case - no push, no docker config.json", func(t *testing.T) {
 		config := &kanikoExecuteOptions{
 			ContainerBuildOptions:       "--skip-tls-verify-pull",
@ -249,7 +274,16 @@ func TestRunKanikoExecute(t *testing.T) {
 	})

 	t.Run("error case - cert update failed", func(t *testing.T) {
-		config := &kanikoExecuteOptions{}
+		config := &kanikoExecuteOptions{
+			BuildOptions:                []string{"--skip-tls-verify-pull"},
+			ContainerImageName:          "myImage",
+			ContainerImageTag:           "1.2.3-a+x",
+			ContainerRegistryURL:        "https://my.registry.com:50000",
+			ContainerPreparationCommand: "rm -f /kaniko/.docker/config.json",
+			CustomTLSCertificateLinks:   []string{"https://test.url/cert.crt"},
+			DockerfilePath:              "Dockerfile",
+			DockerConfigJSON:            "path/to/docker/config.json",
+		}

 		runner := &mock.ExecMockRunner{}