mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-04-15 08:46:36 +00:00
Code Activity

feat: update default keychain in registry to be empty (#7906)

Browse source 
* feat: update default keychain to be empty

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* feat: update registryCredentialHelpers description

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

---------

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
This commit is contained in:
Vishal Choudhary 2023-07-28 06:38:22 +05:30 committed by GitHub
parent 34a6119cc3
commit 0e2cbf8a01
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
cmd/internal/flag.go
View file

@ -99,7 +99,7 @@ func initCosignFlags() {
func initRegistryClientFlags() {
flag.BoolVar(&allowInsecureRegistry, "allowInsecureRegistry", false, "Whether to allow insecure connections to registries. Don't use this for anything but testing.")
flag.StringVar(&imagePullSecrets, "imagePullSecrets", "", "Secret resource names for image registry access credentials.")
flag.StringVar(&registryCredentialHelpers, "registryCredentialHelpers", "", "Credential helpers to enable (default,google,amazon,azure,github), all will be enabled if empty.")
flag.StringVar(&registryCredentialHelpers, "registryCredentialHelpers", "", "Credential helpers to enable (default,google,amazon,azure,github). No helpers are added when this flag is empty.")
}
func initLeaderElectionFlags() {

8
pkg/registryclient/authn.go
View file

@ -24,3 +24,11 @@ func (kc *autoRefreshSecrets) Resolve(resource authn.Resource) (authn.Authentica
}
return inner.Resolve(resource)
}
type anonymuskc struct{}
var AnonymousKeychain authn.Keychain = anonymuskc{}
func (anonymuskc) Resolve(_ authn.Resource) (authn.Authenticator, error) {
return authn.Anonymous, nil
}

8
pkg/registryclient/client.go
View file

@ -24,13 +24,7 @@ import (
)
var (
defaultKeychain = authn.NewMultiKeychain(
authn.DefaultKeychain,
google.Keychain,
authn.NewKeychainFromHelper(ecr.NewECRHelper(ecr.WithLogger(io.Discard))),
authn.NewKeychainFromHelper(credhelper.NewACRCredentialsHelper()),
github.Keychain,
)
defaultKeychain = AnonymousKeychain
defaultTransport = &http.Transport{
Proxy: http.ProxyFromEnvironment,
DialContext: (&net.Dialer{