feat(cnbBuild): warn users when dockerConfigJSON is missing necessary…

… credentials (#5007)

* feat(cnbBuild): warn users when dockerConfigJSON is missing necessary credentials

* Update cmd/cnbBuild.go

Co-authored-by: Ralf Pannemans <[email protected]>

* Update pkg/cnbutils/auth.go

Co-authored-by: Ralf Pannemans <[email protected]>

* fix linting

---------

Co-authored-by: Ralf Pannemans <[email protected]>

cmd/ansSendEvent.go

@@ -2,10 +2,11 @@ package cmd
 
 import (
 	"encoding/json"
+	"time"
+
 	"github.com/SAP/jenkins-library/pkg/ans"
 	"github.com/SAP/jenkins-library/pkg/log"
 	"github.com/SAP/jenkins-library/pkg/telemetry"
-	"time"
 )
 
 func ansSendEvent(config ansSendEventOptions, telemetryData *telemetry.CustomData) {

cmd/cloudFoundryDeploy.go

@@ -148,7 +148,7 @@ func validateAppName(appName string) error {
 	}
 	message = append(message, fmt.Sprintf("Please change the name to fit this requirement(s). For more details please visit %s.", docuLink))
 	if fail {
-		return fmt.Errorf(strings.Join(message, " "))
+		return errors.New(strings.Join(message, " "))
 	}
 	return nil
 }

cmd/cnbBuild.go

@@ -168,18 +168,17 @@ func cleanDir(dir string, utils cnbutils.BuildUtils) error {
 }
 
 func extractZip(source, target string) error {
-	if isZip(source) {
-		log.Entry().Infof("Extracting archive '%s' to '%s'", source, target)
-		_, err := piperutils.Unzip(source, target)
-		if err != nil {
-			log.SetErrorCategory(log.ErrorBuild)
-			return errors.Wrapf(err, "Extracting archive '%s' to '%s' failed", source, target)
-		}
-	} else {
+	if !isZip(source) {
 		log.SetErrorCategory(log.ErrorBuild)
 		return errors.New("application path must be a directory or zip")
 	}
 
+	log.Entry().Infof("Extracting archive '%s' to '%s'", source, target)
+	_, err := piperutils.Unzip(source, target)
+	if err != nil {
+		log.SetErrorCategory(log.ErrorBuild)
+		return errors.Wrapf(err, "Extracting archive '%s' to '%s' failed", source, target)
+	}
 	return nil
 }
 
@@ -537,12 +536,6 @@ func runCnbBuild(config *cnbBuildOptions, telemetry *buildpacks.Telemetry, image
 		}
 	}
 
-	cnbRegistryAuth, err := cnbutils.GenerateCnbAuth(config.DockerConfigJSON, utils)
-	if err != nil {
-		log.SetErrorCategory(log.ErrorConfiguration)
-		return errors.Wrap(err, "failed to generate CNB_REGISTRY_AUTH")
-	}
-
 	if len(config.CustomTLSCertificateLinks) > 0 {
 		caCertificates := "/tmp/ca-certificates.crt"
 		_, err := utils.Copy("/etc/ssl/certs/ca-certificates.crt", caCertificates)
@@ -558,7 +551,17 @@ func runCnbBuild(config *cnbBuildOptions, telemetry *buildpacks.Telemetry, image
 		log.Entry().Info("skipping certificates update")
 	}
 
-	utils.AppendEnv([]string{fmt.Sprintf("CNB_REGISTRY_AUTH=%s", cnbRegistryAuth)})
+	dockerKeychain, err := cnbutils.ParseDockerConfig(config.DockerConfigJSON, utils)
+	if err != nil {
+		log.SetErrorCategory(log.ErrorConfiguration)
+		return errors.Wrap(err, "failed to parse dockerConfigJSON")
+	}
+	cnbAuthString, err := dockerKeychain.ToCNBString()
+	if err != nil {
+		log.SetErrorCategory(log.ErrorConfiguration)
+		return errors.Wrap(err, "failed to generate CNB_REGISTRY_AUTH")
+	}
+	utils.AppendEnv([]string{fmt.Sprintf("CNB_REGISTRY_AUTH=%s", cnbAuthString)})
 	utils.AppendEnv([]string{fmt.Sprintf("CNB_PLATFORM_API=%s", platformAPIVersion)})
 
 	creatorArgs := []string{
@@ -574,6 +577,10 @@ func runCnbBuild(config *cnbBuildOptions, telemetry *buildpacks.Telemetry, image
 	}
 
 	if config.RunImage != "" {
+		if !dockerKeychain.AuthExistsForImage(config.RunImage) {
+			log.Entry().Warnf("provided dockerConfigJSON does not contain credentials for the run-image %q, anonymous auth will be used", config.RunImage)
+		}
+
 		creatorArgs = append(creatorArgs, "-run-image", config.RunImage)
 	}
 
@@ -582,6 +589,9 @@ func runCnbBuild(config *cnbBuildOptions, telemetry *buildpacks.Telemetry, image
 	}
 
 	containerImage := path.Join(targetImage.ContainerRegistry.Host, targetImage.ContainerImageName)
+	if !dockerKeychain.AuthExistsForImage(containerImage) {
+		log.Entry().Warnf("provided dockerConfigJSON does not contain credentials for the target image %q, anonymous auth will be used", containerImage)
+	}
 	for _, tag := range config.AdditionalTags {
 		target := fmt.Sprintf("%s:%s", containerImage, tag)
 		if !piperutils.ContainsString(creatorArgs, target) {

cmd/cnbBuild_test.go

@@ -504,7 +504,7 @@ func TestRunCnbBuild(t *testing.T) {
 		addBuilderFiles(&utils)
 
 		err := callCnbBuild(&config, &telemetry.CustomData{}, &utils, &cnbBuildCommonPipelineEnvironment{}, &piperhttp.Client{})
-		assert.EqualError(t, err, "failed to generate CNB_REGISTRY_AUTH: json: cannot unmarshal string into Go struct field ConfigFile.auths of type types.AuthConfig")
+		assert.EqualError(t, err, "failed to parse dockerConfigJSON: json: cannot unmarshal string into Go struct field ConfigFile.auths of type types.AuthConfig")
 	})
 
 	t.Run("error case: DockerConfigJSON file not there (config.json)", func(t *testing.T) {

cmd/contrastExecuteScan.go

@@ -10,6 +10,7 @@ import (
 	"github.com/SAP/jenkins-library/pkg/log"
 	"github.com/SAP/jenkins-library/pkg/piperutils"
 	"github.com/SAP/jenkins-library/pkg/telemetry"
+	"github.com/pkg/errors"
 )
 
 type contrastExecuteScanUtils interface {
@@ -107,7 +108,7 @@ func runContrastExecuteScan(config *contrastExecuteScanOptions, telemetryData *t
 				if unaudited > config.VulnerabilityThresholdTotal {
 					msg := fmt.Sprintf("Your application %v in organization %v is not compliant. Total unaudited issues are %v which is greater than the VulnerabilityThresholdTotal count %v",
 						config.ApplicationID, config.OrganizationID, unaudited, config.VulnerabilityThresholdTotal)
-					return reports, fmt.Errorf(msg)
+					return reports, errors.New(msg)
 				}
 			}
 		}

cmd/detectExecuteScan.go

@@ -845,7 +845,7 @@ func postScanChecksAndReporting(ctx context.Context, config detectExecuteScanOpt
 	}
 
 	if len(errorsOccured) > 0 {
-		return fmt.Errorf(strings.Join(errorsOccured, ": "))
+		return errors.New(strings.Join(errorsOccured, ": "))
 	}
 
 	return nil

cmd/jsonApplyPatch.go

@@ -3,10 +3,11 @@ package cmd
 import (
 	"bytes"
 	"encoding/json"
+
 	"github.com/SAP/jenkins-library/pkg/log"
 	"github.com/SAP/jenkins-library/pkg/piperutils"
 	"github.com/SAP/jenkins-library/pkg/telemetry"
-	"github.com/evanphx/json-patch"
+	jsonpatch "github.com/evanphx/json-patch"
 )
 
 func jsonApplyPatch(config jsonApplyPatchOptions, telemetryData *telemetry.CustomData) {

cmd/malwareExecuteScan.go

@@ -3,6 +3,11 @@ package cmd
 import (
 	"encoding/json"
 	"fmt"
+	"io"
+	"os"
+	"strings"
+	"time"
+
 	piperDocker "github.com/SAP/jenkins-library/pkg/docker"
 	piperhttp "github.com/SAP/jenkins-library/pkg/http"
 	"github.com/SAP/jenkins-library/pkg/log"
@@ -11,10 +16,6 @@ import (
 	"github.com/SAP/jenkins-library/pkg/telemetry"
 	"github.com/SAP/jenkins-library/pkg/toolrecord"
 	"github.com/pkg/errors"
-	"io"
-	"os"
-	"strings"
-	"time"
 )
 
 type malwareScanUtils interface {

cmd/mavenExecute.go

@@ -1,12 +1,13 @@
 package cmd
 
 import (
+	"os"
+
 	"github.com/SAP/jenkins-library/pkg/command"
 	piperhttp "github.com/SAP/jenkins-library/pkg/http"
 	"github.com/SAP/jenkins-library/pkg/log"
 	"github.com/SAP/jenkins-library/pkg/maven"
 	"github.com/SAP/jenkins-library/pkg/piperutils"
-	"os"
 
 	"github.com/SAP/jenkins-library/pkg/telemetry"
 )

cmd/mavenExecuteIntegration.go

@@ -2,13 +2,14 @@ package cmd
 
 import (
 	"fmt"
-	"github.com/SAP/jenkins-library/pkg/log"
-	"github.com/SAP/jenkins-library/pkg/maven"
-	"github.com/SAP/jenkins-library/pkg/telemetry"
 	"path/filepath"
 	"strconv"
 	"strings"
 	"unicode"
+
+	"github.com/SAP/jenkins-library/pkg/log"
+	"github.com/SAP/jenkins-library/pkg/maven"
+	"github.com/SAP/jenkins-library/pkg/telemetry"
 )
 
 func mavenExecuteIntegration(config mavenExecuteIntegrationOptions, _ *telemetry.CustomData) {

cmd/mavenExecuteStaticCodeChecks.go

@@ -1,10 +1,11 @@
 package cmd
 
 import (
+	"strconv"
+
 	"github.com/SAP/jenkins-library/pkg/log"
 	"github.com/SAP/jenkins-library/pkg/maven"
 	"github.com/SAP/jenkins-library/pkg/telemetry"
-	"strconv"
 )
 
 func mavenExecuteStaticCodeChecks(config mavenExecuteStaticCodeChecksOptions, telemetryData *telemetry.CustomData) {

cmd/nexusUpload.go

@@ -2,14 +2,15 @@ package cmd
 
 import (
 	"fmt"
-	piperhttp "github.com/SAP/jenkins-library/pkg/http"
-	"github.com/pkg/errors"
 	"io"
 	"net/http"
 	"os"
 	"path/filepath"
 	"strings"
 
+	piperhttp "github.com/SAP/jenkins-library/pkg/http"
+	"github.com/pkg/errors"
+
 	b64 "encoding/base64"
 
 	"github.com/SAP/jenkins-library/pkg/command"

cmd/readPipelineEnv.go

@@ -8,13 +8,14 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
+	"io"
+	"os"
+	"path"
+
 	"github.com/SAP/jenkins-library/pkg/config"
 	"github.com/SAP/jenkins-library/pkg/log"
 	"github.com/SAP/jenkins-library/pkg/piperenv"
 	"github.com/spf13/cobra"
-	"io"
-	"os"
-	"path"
 )
 
 // ReadPipelineEnv reads the commonPipelineEnvironment from disk and outputs it as JSON

cmd/readPipelineEnv_test.go

@@ -1,9 +1,10 @@
 package cmd
 
 import (
-	"github.com/stretchr/testify/assert"
 	"strings"
 	"testing"
+
+	"github.com/stretchr/testify/assert"
 )
 
 func TestCpeEncryption(t *testing.T) {

cmd/terraformExecute.go

@@ -3,6 +3,7 @@ package cmd
 import (
 	"bytes"
 	"fmt"
+
 	"github.com/SAP/jenkins-library/pkg/command"
 	"github.com/SAP/jenkins-library/pkg/log"
 	"github.com/SAP/jenkins-library/pkg/piperutils"

cmd/version.go

@@ -2,9 +2,10 @@ package cmd
 
 import (
 	"fmt"
+	"os"
+
 	"github.com/SAP/jenkins-library/pkg/log"
 	"github.com/spf13/cobra"
-	"os"
 )
 
 // GitCommit ...

cmd/whitesourceExecuteScan.go

@@ -308,7 +308,7 @@ func checkAndReportScanResults(ctx context.Context, config *ScanOptions, scan *w
 	}
 
 	if len(checkErrors) > 0 {
-		return reportPaths, fmt.Errorf(strings.Join(checkErrors, ": "))
+		return reportPaths, errors.New(strings.Join(checkErrors, ": "))
 	}
 	return reportPaths, nil
 }
@@ -674,7 +674,7 @@ func checkSecurityViolations(ctx context.Context, config *ScanOptions, scan *ws.
 		log.Entry().Debugf("Aggregated %v alerts for scanned projects", len(allAlerts))
 	}
 
-	reportPaths, errors := reportGitHubIssuesAndCreateReports(
+	reportPaths, e := reportGitHubIssuesAndCreateReports(
 		ctx,
 		config,
 		utils,
@@ -686,13 +686,13 @@ func checkSecurityViolations(ctx context.Context, config *ScanOptions, scan *ws.
 		vulnerabilitiesCount,
 	)
 
-	allOccurredErrors = append(allOccurredErrors, errors...)
+	allOccurredErrors = append(allOccurredErrors, e...)
 
 	if len(allOccurredErrors) > 0 {
 		if vulnerabilitiesCount > 0 {
 			log.SetErrorCategory(log.ErrorCompliance)
 		}
-		return reportPaths, fmt.Errorf(strings.Join(allOccurredErrors, ": "))
+		return reportPaths, errors.New(strings.Join(allOccurredErrors, ": "))
 	}
 
 	return reportPaths, nil

cmd/writePipelineEnv.go

@@ -8,11 +8,12 @@ import (
 	b64 "encoding/base64"
 	"encoding/json"
 	"fmt"
-	"github.com/SAP/jenkins-library/pkg/config"
 	"io"
 	"os"
 	"path/filepath"
 
+	"github.com/SAP/jenkins-library/pkg/config"
+
 	"github.com/SAP/jenkins-library/pkg/log"
 	"github.com/SAP/jenkins-library/pkg/piperenv"
 	"github.com/spf13/cobra"

go.mod

@@ -22,6 +22,7 @@ require (
 	github.com/buildpacks/lifecycle v0.18.4
 	github.com/cloudevents/sdk-go/v2 v2.10.1
 	github.com/docker/cli v24.0.6+incompatible
+	github.com/docker/docker v24.0.7+incompatible
 	github.com/evanphx/json-patch v5.7.0+incompatible
 	github.com/getsentry/sentry-go v0.26.0
 	github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32
@@ -159,7 +160,6 @@ require (
 	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/docker/distribution v2.8.3+incompatible // indirect
-	github.com/docker/docker v24.0.7+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.8.0 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect