Open seboudry opened 6 years ago
So, not working the same way on different environments. On my MacOS workstation, Maven consider the given password great, but on Atlassian Bamboo (same Oracle JDK version, same Maven version but Ubuntu) given password is considered as an encrypted text and all Plexus decrypting runs ... and fails.
edit: working in local, but not un Bamboo: cat
command is not interpreted :(
Only working way: have to use an intermediate multiline JSON file !
printf "%s" "${bamboo.GCR_JSONKEY}" > gcr-keyfile.json
mvn fabric8:push \
-Ddocker.push.registry=eu.gcr.io/awesome \
-Ddocker.push.username=_json_key \
"-Ddocker.push.password=$(cat gcr-keyfile.json)"
Hope this will help anybody
DMP don't work with GCR auth keyfile, even with the PR https://github.com/fabric8io/docker-maven-plugin/pull/1036 that don't try to apply Maven decryption on JSON key.
I think that method io.fabric8.maven.docker.access.AuthConfig#createAuthEncoded
isn't adapted for this kind of GCR authentication.
So my workaround is to not use fmp for only pushing images. Use docker login
then docker push
with same image name calculated by fmp/dmp.
Sorry for being so unresponsive, lot of things are going on here. We should definitely fix this, so let me reopen this issue.
Hi, I'm on vacation until begining of jully. Will take a look at this at my return. Cleaner solution might be to use a specific mecanism as for Amazon registry. To not polute existing code.
@seboudry let me know when we can tackle this issue.
A workaround just in case someone else needs it:
mvn fabric8:push \
-Ddocker.push.registry=eu.gcr.io/awesome \
-Ddocker.username=oauth2accesstoken \
-Ddocker.password=$(gcloud auth print-access-token)
Was this resolved? I am also facing the same issue with version 0.39.1
[INFO] --- docker-maven-plugin:0.39.1:push (default) @ recon-kafka-retry-service ---
[ERROR] DOCKER> Cannot decrypt password: org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException: org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException: java.io.FileNotFoundException: /var/go/.m2/settings-security.xml (No such file or directory) [null]
@ankurga I don't think this is the same issue. It looks like that Maven can't find your settings.yml.
I am working with DMP but included in a pom.xml, as part of the build process. What comes as input to my maven build is a file path ('sa_credentials_file'), the one of the key.json. That file in my case comes as a oneliner so I did hit the problem described here. What I did is to insert a goal right before DMP to basically make the oneliner not to be a oneliner, by replacing the opening brace '{'by '{' + System.getProperty('line.separator'). I did that with a scriptlet in groovy using gmaven-plugin:
<plugin>
<groupId>org.codehaus.gmaven</groupId>
<artifactId>gmaven-plugin</artifactId>
<version>1.5</version>
<executions>
<execution>
<phase>process-resources</phase>
<goals>
<goal>execute</goal>
</goals>
<configuration>
<providerSelection>1.8</providerSelection>
<source>
def newline = System.getProperty('line.separator')
def file = new File(project.properties.sa_credentials_file) // gcp json credentials
project.properties.sa_credentials = file.getText().replaceFirst('\{', '\{'+newline)
</source>
</configuration>
</execution>
</executions>
</plugin>
Then I just use that 'sa_credentials' variable created there to configure DMP:
<authConfig>
<username>_json_key</username>
<password>${sa_credentials}</password>
</authConfig>
It doesn't have to be groovy, you can take your pick on how to add that extra newline sequence after the opening brace.
TL;DR: By introducing a single newline char|sequence after the opening brace you will make the credentials text 'fall-off' the regex pattern that makes DMP think that it needs to decrypt something. Other edits might work too.
Description
Hi! Trying to push to GCR with d-m-p using JSON key mechanism. The JSON key is passed to build using an environment variable, so must be a one-line string. DMP fails to decrypt password, it assumes that's a Maven encrypted password (
MavenPlexusCipher
matches the one-lined JSON with the Maven password regex).I filled this issue to record it, but don't know if you can handle a fix into d-m-p for this typical use case.
Info
0.25.2
mvn -v
) :18.03.1-ce, build 9ee9f40
Reproduce bug
Download a JSON key file from a Google service account. Have no issue with using JSON key file directly:
Make the JSON key file one-line and export it to an env variable:
Try using this env var: