Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-53563

RegistryKeyMaterialFactory should support multiple credentials

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • docker-commons-plugin
    • None
    • master

      Hello,

      We have a process that fetches a file from one repo then push to different repository.

              dir('docker') {
            docker.withRegistry(BASE_IMAGE_REGISTRY_URL,  BASE_IMAGE_REGISTRY_JENKINS,) {
                docker.withRegistry(LOCAL_REGISTRY_URL, LOCAL_REGISTRY_JENKINS,) {
                     stage("package/docker") {
                          sh([script: 'make'])
                     }
                 }
             }
        }

      We have discovered that the docker.withRegistry create a new `DOCKER_CONFIG` for each docker.withRegistry and traced it to `org.jenkinsci.plugins.docker.commons.impl.RegistryKeyMaterialFactory`.

      Per each materialize() there is unconditional call to `createSecretsDirectory()` which loses loses the credentials in previous block.

      In this implementation only a single docker registry may be authenticated, while docker supports many.

      Suggested implementation:

      1. Do not create new secrets directory if already exist, it can be checked via the `DOCKER_CONFIG` variable. Maybe force first time creation within the entire instance to isolate jenkins from system.
      2. Use docker logout instead of removing `DOCKER_CONFIG` to clean up the credentials.

      If this is acceptable I may be able to provide a patch.

      Thanks!

            Unassigned Unassigned
            alonbl Alon Bar-Lev
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: