Utilize k8schain from ggcr

- Allow auth for images to be fetched via kubernetes/credentialprovider
- Allow images/builds to be built with unauthenticated registries
- Resolves #143
- Remove ImageRef interface
- Images are fetched with concrete SecretRef
- Builder auth can be fetched with default service account imagePullSecrets

cmd/build-init/main.go

@@ -7,8 +7,6 @@ import (
 	"os/user"
 	"path/filepath"
 
-	"github.com/google/go-containerregistry/pkg/authn"
-
 	"github.com/pivotal/kpack/pkg/cnb"
 	"github.com/pivotal/kpack/pkg/dockercreds"
 	"github.com/pivotal/kpack/pkg/registry"
@@ -54,9 +52,7 @@ func main() {
 		log.Fatal(err)
 	}
 
-	remoteImageFactory := &registry.ImageFactory{
-		KeychainFactory: keychainFactory{builderCreds},
-	}
+	remoteImageFactory := &registry.ImageFactory{}
 
 	filePermissionSetup := &cnb.FilePermissionSetup{
 		RemoteImageFactory: remoteImageFactory,
@@ -76,14 +72,6 @@ func main() {
 	}
 }
 
-type keychainFactory struct {
-	keychain authn.Keychain
-}
-
-func (k keychainFactory) KeychainForImageRef(registry.ImageRef) authn.Keychain {
-	return k.keychain
-}
-
 type realOs struct {
 }
 

go.mod

@@ -6,6 +6,7 @@ require (
 	cloud.google.com/go v0.46.3 // indirect
 	contrib.go.opencensus.io/exporter/prometheus v0.1.0 // indirect
 	contrib.go.opencensus.io/exporter/stackdriver v0.12.2 // indirect
+	github.com/Azure/azure-sdk-for-go v11.3.0-beta+incompatible // indirect
 	github.com/aws/aws-sdk-go v1.25.1 // indirect
 	github.com/buildpack/imgutil v0.0.0-20190827204914-36282d0caea7 // indirect
 	github.com/buildpack/lifecycle v0.4.0
@@ -53,6 +54,7 @@ require (
 	k8s.io/gengo v0.0.0-20190822140433-26a664648505 // indirect
 	k8s.io/klog v1.0.0 // indirect
 	k8s.io/kube-openapi v0.0.0-20190816220812-743ec37842bf // indirect
+	k8s.io/kubernetes v1.10.2 // indirect
 	k8s.io/utils v0.0.0-20190923111123-69764acb6e8e // indirect
 	knative.dev/pkg v0.0.0-20190927181044-f6eb4a55ec68
 )

go.sum

@@ -14,6 +14,9 @@ contrib.go.opencensus.io/exporter/prometheus v0.1.0/go.mod h1:cGFniUXGZlKRjzOyuZ
 contrib.go.opencensus.io/exporter/stackdriver v0.12.2 h1:jU1p9F07ASK11wYgSTPKtFlTvTtCDj6R1d3nRt0ZHDE=
 contrib.go.opencensus.io/exporter/stackdriver v0.12.2/go.mod h1:iwB6wGarfphGGe/e5CWqyUk/cLzKnWsOKPVW3no6OTw=
 contrib.go.opencensus.io/resource v0.1.1/go.mod h1:F361eGI91LCmW1I/Saf+rX0+OFcigGlFvXwEGEnkRLA=
+github.com/Azure/azure-sdk-for-go v11.3.0-beta+incompatible h1:F+Xs1GMaEJnaBa8gY+ogJSCeK34w4PXPYspY0huefbM=
+github.com/Azure/azure-sdk-for-go v11.3.0-beta+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
+github.com/Azure/azure-sdk-for-go v34.0.0+incompatible h1:4uQN/1HmJCkxYOnK3MUBUhHW7dxWUABOOr/LgxkkYKM=
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
 github.com/Azure/go-autorest v11.1.2+incompatible h1:viZ3tV5l4gE2Sw0xrasFHytCGtzYCrT+um/rrSQ1BfA=
 github.com/Azure/go-autorest v11.1.2+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
@@ -58,9 +61,12 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/dgrijalva/jwt-go v0.0.0-20160705203006-01aeca54ebda h1:NyywMz59neOoVRFDz+ccfKWxn784fiHMDnZSy6T+JXY=
 github.com/dgrijalva/jwt-go v0.0.0-20160705203006-01aeca54ebda/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
+github.com/docker/docker v0.7.3-0.20190307005417-54dddadc7d5d h1:nIS6IF5oAIkXtSTHeRgFDtNKHpTjvZe1q3RCA0cm1rQ=
 github.com/docker/docker v0.7.3-0.20190307005417-54dddadc7d5d/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
 github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
 github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
+github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw=
 github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
@@ -76,6 +82,7 @@ github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjr
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680 h1:ZktWZesgun21uEDrwW7iEV1zPCGQldM2atlJZ3TdvVM=
 github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0=
 github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
@@ -205,7 +212,9 @@ github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGV
 github.com/onsi/gomega v0.0.0-20190113212917-5533ce8a0da3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.5.0 h1:izbySO9zDPmjJ8rDjLvkA2zJHIo+HkYXHnf7eN7SSyo=
 github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
+github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ=
 github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
+github.com/opencontainers/image-spec v1.0.1 h1:JMemWkRwHx4Zj+fVxWoMCFm/8sYGGrUVojFA6h/TRcI=
 github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
 github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtbSNq5BcowyYOWdKo=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
@@ -475,6 +484,8 @@ k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
 k8s.io/kube-openapi v0.0.0-20190228160746-b3a7cee44a30/go.mod h1:BXM9ceUBTj2QnfH2MK1odQs778ajze1RxcmP6S8RVVc=
 k8s.io/kube-openapi v0.0.0-20190816220812-743ec37842bf h1:EYm5AW/UUDbnmnI+gK0TJDVK9qPLhM+sRHYanNKw0EQ=
 k8s.io/kube-openapi v0.0.0-20190816220812-743ec37842bf/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E=
+k8s.io/kubernetes v1.10.2 h1:ad/NtArD2zm//BVvQpiWHHpSxryJrSd73B68Z18WFzM=
+k8s.io/kubernetes v1.10.2/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
 k8s.io/utils v0.0.0-20190221042446-c2654d5206da/go.mod h1:8k8uAuAQ0rXslZKaEWd0c3oVhZz7sSzSiPnVZayjIX0=
 k8s.io/utils v0.0.0-20190923111123-69764acb6e8e h1:BXSmdH6S3YGLlhC89DZp+sNdYSmwNeDU6Xu5ZpzGOlM=
 k8s.io/utils v0.0.0-20190923111123-69764acb6e8e/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=

pkg/apis/build/v1alpha1/build.go

@@ -7,7 +7,7 @@ import (
 	"knative.dev/pkg/kmeta"
 )
 
-func (bi *BuilderImage) getBuilderSecretVolume() corev1.Volume {
+func (bi *BuildBuilderSpec) getBuilderSecretVolume() corev1.Volume {
 	if len(bi.ImagePullSecrets) > 0 {
 		return corev1.Volume{
 			Name: builderPullSecretsDirName,
@@ -31,30 +31,10 @@ func (*Build) GetGroupVersionKind() schema.GroupVersionKind {
 	return SchemeGroupVersion.WithKind("Build")
 }
 
-func (b *Build) ServiceAccount() string {
-	return b.Spec.ServiceAccount
-}
-
-func (b *Build) Image() string {
-	return b.Tag()
-}
-
 func (b *Build) Tag() string {
 	return b.Spec.Tags[0]
 }
 
-func (b *Build) HasSecret() bool {
-	return true
-}
-
-func (b *Build) Namespace() string {
-	return b.ObjectMeta.Namespace
-}
-
-func (b *Build) SecretName() string {
-	return "" // Needed only for ImagePullSecrets Keychain
-}
-
 func (b *Build) IsRunning() bool {
 	if b == nil {
 		return false

pkg/apis/build/v1alpha1/build_pod.go

@@ -70,7 +70,7 @@ var (
 	}
 )
 
-func (b *Build) BuildPod(config BuildPodConfig, secrets []corev1.Secret, builder BuilderImage) (*corev1.Pod, error) {
+func (b *Build) BuildPod(config BuildPodConfig, secrets []corev1.Secret, builder BuildBuilderSpec) (*corev1.Pod, error) {
 	var root int64 = 0
 
 	buf, err := json.Marshal(b.Spec.Env)
@@ -97,7 +97,7 @@ func (b *Build) BuildPod(config BuildPodConfig, secrets []corev1.Secret, builder
 	return &corev1.Pod{
 		ObjectMeta: v1.ObjectMeta{
 			Name:      b.PodName(),
-			Namespace: b.Namespace(),
+			Namespace: b.Namespace,
 			Labels: b.labels(map[string]string{
 				BuildLabel: b.Name,
 			}),

pkg/apis/build/v1alpha1/build_pod_test.go

@@ -37,7 +37,7 @@ func testBuildPod(t *testing.T, when spec.G, it spec.S) {
 		},
 	}
 
-	imageRef := v1alpha1.BuilderImage{
+	imageRef := v1alpha1.BuildBuilderSpec{
 		Image: builderImage,
 		ImagePullSecrets: []corev1.LocalObjectReference{
 			{Name: "some-image-secret"},

pkg/apis/build/v1alpha1/build_types.go

@@ -41,14 +41,14 @@ var (
 	_ kmeta.OwnerRefable = (*Build)(nil)
 )
 
-type BuilderImage struct {
+type BuildBuilderSpec struct {
 	Image            string                        `json:"image"`
 	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,15,rep,name=imagePullSecrets"`
 }
 
 type BuildSpec struct {
 	Tags           []string                    `json:"tags"`
-	Builder        BuilderImage                `json:"builder"`
+	Builder        BuildBuilderSpec            `json:"builder"`
 	ServiceAccount string                      `json:"serviceAccount"`
 	Source         SourceConfig                `json:"source"`
 	CacheName      string                      `json:"cacheName"`

pkg/apis/build/v1alpha1/builder.go

@@ -9,40 +9,25 @@ func (b *Builder) Ready() bool {
 		(b.Generation == b.Status.ObservedGeneration)
 }
 
-func (b *Builder) ImageRef() BuilderImage {
-	return BuilderImage{
+func (b *Builder) BuildBuilderSpec() BuildBuilderSpec {
+	return BuildBuilderSpec{
 		Image:            b.Status.LatestImage,
 		ImagePullSecrets: b.Spec.ImagePullSecrets,
 	}
 }
 
-func (b *Builder) SecretName() string {
-	if b.HasSecret() {
-		return b.Spec.ImagePullSecrets[0].Name
+func (b *Builder) ImagePullSecrets() []string {
+	var secrets []string
+	for _, s := range b.Spec.ImagePullSecrets {
+		secrets = append(secrets, s.Name)
 	}
-	return ""
-}
-
-func (b *Builder) ServiceAccount() string {
-	return ""
-}
-
-func (b *Builder) Namespace() string {
-	return b.ObjectMeta.Namespace
+	return secrets
 }
 
 func (b *Builder) Image() string {
 	return b.Spec.Image
 }
 
-func (b *Builder) HasSecret() bool {
-	return len(b.Spec.ImagePullSecrets) > 0
-}
-
 func (b *Builder) BuildpackMetadata() BuildpackMetadataList {
 	return b.Status.BuilderMetadata
 }
-
-func (b *Builder) GetName() string {
-	return b.ObjectMeta.Name
-}

pkg/apis/build/v1alpha1/builder_resource.go

@@ -0,0 +1,14 @@
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type BuilderResource interface {
+	metav1.ObjectMetaAccessor
+	BuildBuilderSpec() BuildBuilderSpec
+	Image() string
+	ImagePullSecrets() []string
+	Ready() bool
+	BuildpackMetadata() BuildpackMetadataList
+}

pkg/apis/build/v1alpha1/cluster_builder.go

@@ -4,42 +4,25 @@ import (
 	duckv1alpha1 "knative.dev/pkg/apis/duck/v1alpha1"
 )
 
-func (in *ClusterBuilder) ServiceAccount() string {
-	return ""
+func (c *ClusterBuilder) Image() string {
+	return c.Spec.Image
 }
 
-func (in *ClusterBuilder) Namespace() string {
-	return ""
-}
-
-func (in *ClusterBuilder) Image() string {
-	return in.Spec.Image
-}
-
-func (in *ClusterBuilder) HasSecret() bool {
-	return false
-}
-
-func (in *ClusterBuilder) SecretName() string {
-	return ""
-}
-
-func (in *ClusterBuilder) ImageRef() BuilderImage {
-	return BuilderImage{
-		Image:            in.Status.LatestImage,
-		ImagePullSecrets: nil,
+func (c *ClusterBuilder) BuildBuilderSpec() BuildBuilderSpec {
+	return BuildBuilderSpec{
+		Image: c.Status.LatestImage,
 	}
 }
 
-func (in *ClusterBuilder) BuildpackMetadata() BuildpackMetadataList {
-	return in.Status.BuilderMetadata
+func (c *ClusterBuilder) BuildpackMetadata() BuildpackMetadataList {
+	return c.Status.BuilderMetadata
 }
 
-func (in *ClusterBuilder) Ready() bool {
-	return in.Status.GetCondition(duckv1alpha1.ConditionReady).IsTrue() &&
-		(in.Generation == in.Status.ObservedGeneration)
+func (c *ClusterBuilder) Ready() bool {
+	return c.Status.GetCondition(duckv1alpha1.ConditionReady).IsTrue() &&
+		(c.Generation == c.Status.ObservedGeneration)
 }
 
-func (in *ClusterBuilder) GetName() string {
-	return in.ObjectMeta.Name
+func (c *ClusterBuilder) ImagePullSecrets() []string {
+	return nil
 }

pkg/apis/build/v1alpha1/image_builds.go

@@ -23,15 +23,7 @@ const (
 	BuildReasonBuildpack  = "BUILDPACK"
 )
 
-type AbstractBuilder interface {
-	metav1.ObjectMetaAccessor
-	ImageRef() BuilderImage
-	Ready() bool
-	BuildpackMetadata() BuildpackMetadataList
-	GetName() string
-}
-
-func (im *Image) buildNeeded(lastBuild *Build, sourceResolver *SourceResolver, builder AbstractBuilder) ([]string, bool) {
+func (im *Image) buildNeeded(lastBuild *Build, sourceResolver *SourceResolver, builder BuilderResource) ([]string, bool) {
 	if !sourceResolver.Ready() {
 		return []string{}, false
 	}
@@ -67,7 +59,7 @@ func (im *Image) buildNeeded(lastBuild *Build, sourceResolver *SourceResolver, b
 	return reasons, len(reasons) > 0
 }
 
-func lastBuildBuiltWithBuilderBuildpacks(builder AbstractBuilder, build *Build) bool {
+func lastBuildBuiltWithBuilderBuildpacks(builder BuilderResource, build *Build) bool {
 	for _, bp := range build.Status.BuildMetadata {
 		if !builder.BuildpackMetadata().Include(bp) {
 			return false
@@ -77,7 +69,7 @@ func lastBuildBuiltWithBuilderBuildpacks(builder AbstractBuilder, build *Build)
 	return true
 }
 
-func (im *Image) build(sourceResolver *SourceResolver, builder AbstractBuilder, reasons []string, nextBuildNumber int64) *Build {
+func (im *Image) build(sourceResolver *SourceResolver, builder BuilderResource, reasons []string, nextBuildNumber int64) *Build {
 	buildNumber := strconv.Itoa(int(nextBuildNumber))
 	return &Build{
 		ObjectMeta: metav1.ObjectMeta{
@@ -96,7 +88,7 @@ func (im *Image) build(sourceResolver *SourceResolver, builder AbstractBuilder,
 		},
 		Spec: BuildSpec{
 			Tags:           im.generateTags(buildNumber),
-			Builder:        builder.ImageRef(),
+			Builder:        builder.BuildBuilderSpec(),
 			Env:            im.Spec.Build.Env,
 			Resources:      im.Spec.Build.Resources,
 			ServiceAccount: im.Spec.ServiceAccount,

pkg/apis/build/v1alpha1/image_builds_test.go

@@ -87,7 +87,7 @@ func testImageBuilds(t *testing.T, when spec.G, it spec.S) {
 		},
 		Spec: BuildSpec{
 			Tags:           []string{"some/image"},
-			Builder:        builder.ImageRef(),
+			Builder:        builder.BuildBuilderSpec(),
 			ServiceAccount: "some/serviceaccount",
 			Env: []v1.EnvVar{
 				{

pkg/apis/build/v1alpha1/image_reconcile_build.go

@@ -8,7 +8,7 @@ import (
 	duckv1alpha1 "knative.dev/pkg/apis/duck/v1alpha1"
 )
 
-func (im *Image) ReconcileBuild(latestBuild *Build, resolver *SourceResolver, builder AbstractBuilder) (BuildApplier, error) {
+func (im *Image) ReconcileBuild(latestBuild *Build, resolver *SourceResolver, builder BuilderResource) (BuildApplier, error) {
 	currentBuildNumber, err := buildCounter(latestBuild)
 	if err != nil {
 		return nil, err
@@ -52,7 +52,7 @@ type upToDateBuild struct {
 	build        *Build
 	buildCounter int64
 	latestImage  string
-	builder      AbstractBuilder
+	builder      BuilderResource
 }
 
 func (r upToDateBuild) Apply(creator BuildCreator) (ReconciledBuild, error) {
@@ -90,7 +90,7 @@ func (r upToDateBuild) builderCondition() duckv1alpha1.Condition {
 			Type:    ConditionBuilderReady,
 			Status:  corev1.ConditionFalse,
 			Reason:  BuilderNotReady,
-			Message: fmt.Sprintf("Builder %s is not ready", r.builder.GetName()),
+			Message: fmt.Sprintf("Builder %s is not ready", r.builder.GetObjectMeta().GetName()),
 		}
 	}
 	return duckv1alpha1.Condition{