integrate revamped authentication support from docker-client

CHANGELOG.md

@@ -0,0 +1,36 @@
+# Changelog
+
+## 1.0.0
+
+### Revamped authentication support
+
+Integrates [revamped support for authentication from
+docker-client][RegistryAuthSupplier] into the plugin, making it possible for
+the plugin to be more flexible in regards to authentication credentials used
+when pushing/pulling/building images.
+
+Previous versions of the plugin had the limitation of using the same
+RegistryAuth header for all images, regardless of what registries they came
+from.
+
+In this version, the docker-maven-plugin will automatically use any
+authentication present in the docker-cli configuration file at `~/.dockercfg`
+or `~/.docker/config.json`.
+
+Additionally the plugin will enable support for Google Container Registry if it
+is able to successfully load [Google's "Application Default Credentials"][ADC].
+The plugin will also load Google credentials from the file pointed to by the
+environment variable `DOCKER_GOOGLE_CREDENTIALS` if it is defined. Since GCR
+authentication requires retrieving short-lived access codes for the given
+credentials, support for this registry is baked into the underlying
+docker-client rather than having to first populate the docker config file
+before running the plugin.
+
+Lastly, authentication credentials can be explicitly configured in your pom.xml
+and in your Maven installation's `settings.xml` file as part of the
+`<servers></servers>` block.
+
+[339](https://github.com/spotify/docker-maven-plugin/pull/339)
+
+[RegistryAuthSupplier]: https://github.com/spotify/docker-client/blob/dba55b17d09d4a15aa9d26884b22b230d49fce64/docs/user_manual.md#authentication-to-private-registries
+[ADC]: https://developers.google.com/identity/protocols/application-default-credentials

README.md

@@ -14,7 +14,10 @@ A Maven plugin for building and pushing Docker images.
   * [Use a Dockerfile](#use-a-dockerfile)
 * [Usage](#usage)
   * [Bind Docker commands to Maven phases](#bind-docker-commands-to-maven-phases)
-  * [Authenticating with private registries](#authenticating-with-private-registries)
+  * [Using with Private Registries](#using-with-private-registries)
+  * [Authentication](#authentication)
+    * [Using encrypted passwords for authentication](#using-encrypted-passwords-for-authentication)
+* [Testing](#testing)
 * [Releasing](#releasing)
 * [Known Issues](#known-issues)
 
@@ -259,7 +262,9 @@ Then when pushing the image with either `docker:build -DpushImage` or
 `docker:push`, the docker daemon will push to `registry.example.com`.
 
 Alternatively, if you wish to use a short name in `docker:build` you can use
-`docker:tag -DpushImage` to tag the just-built image with the full registry hostname and push it. It's important to use the `pushImage` flag as using `docker:push` independently will attempt to push the original image. 
+`docker:tag -DpushImage` to tag the just-built image with the full registry
+hostname and push it. It's important to use the `pushImage` flag as using
+`docker:push` independently will attempt to push the original image.
 
 For example:
 
@@ -294,10 +299,28 @@ For example:
 </plugin>
 ```
 
-#### Authenticating with Private Registries
+### Authentication
 
-To push to a private Docker image registry that requires authentication, you can put your
-credentials in your Maven's global `settings.xml` file as part of the `<servers></servers>` block.
+Since version 1.0.0, the docker-maven-plugin will automatically use any
+authentication present in the docker-cli configuration file at `~/.dockercfg`
+or `~/.docker/config.json`, without the need to configure anything (in earlier
+versions of the plugin this behavior had to be enabled with
+`<useConfigFile>true</useConfigFile>`, but now it is always active).
+
+Additionally the plugin will enable support for Google Container Registry if it
+is able to successfully load [Google's "Application Default Credentials"][ADC].
+The plugin will also load Google credentials from the file pointed to by the
+environment variable `DOCKER_GOOGLE_CREDENTIALS` if it is defined. Since GCR
+authentication requires retrieving short-lived access codes for the given
+credentials, support for this registry is baked into the underlying
+docker-client rather than having to first populate the docker config file
+before running the plugin.
+
+[ADC]: https://developers.google.com/identity/protocols/application-default-credentials
+
+Lastly, authentication credentials can be explicitly configured in your pom.xml
+and in your Maven installation's `settings.xml` file as part of the
+`<servers></servers>` block.
 
     <servers>
       <server>
@@ -312,7 +335,6 @@ credentials in your Maven's global `settings.xml` file as part of the `<servers>
 
 Now use the server id in your project `pom.xml`.
 
-
     <plugin>
       <plugin>
         <groupId>com.spotify</groupId>
@@ -326,8 +348,8 @@ Now use the server id in your project `pom.xml`.
       </plugin>
     </plugins>
 
-`<registryUrl></registryUrl>` is optional and defaults to `https://index.docker.io/v1/` in the
-Spotify docker-client dependency.
+The plugin gives priority to any credentials in the docker-cli config file
+before explicitly configured credentials.
 
 #### Using encrypted passwords for authentication
 
@@ -342,26 +364,6 @@ Only passwords enclosed in curly braces will be considered as encrypted.
       </server>
     </servers>
 
-#### Using docker config file for authentication
-
-Another option to authenticate with private repositories is using dockers ~/.docker/config.json.
-This makes it also possible to use in cooperation with cloud providers like AWS or Google Cloud which store the user's
-credentials in this file, too.
-
-    <plugin>
-      <plugin>
-        <groupId>com.spotify</groupId>
-        <artifactId>docker-maven-plugin</artifactId>
-        <version>VERSION GOES HERE</version>
-        <configuration>
-          [...]
-          <useConfigFile>true</useConfigFile>
-        </configuration>
-      </plugin>
-    </plugins>
-
-**Hint:** The build will fail, if the config file doesn't exist.
-
 ## Testing
 
 Make sure Docker daemon is running and that you can do `docker ps`. Then run `mvn clean test`.

pom.xml

@@ -4,7 +4,7 @@
 
   <groupId>com.spotify</groupId>
   <artifactId>docker-maven-plugin</artifactId>
-  <version>0.4.15-SNAPSHOT</version>
+  <version>1.0.0-SNAPSHOT</version>
   <packaging>maven-plugin</packaging>
   <name>docker-maven-plugin</name>
   <description>A maven plugin for docker</description>
@@ -125,9 +125,14 @@
     <dependency>
       <groupId>com.spotify</groupId>
       <artifactId>docker-client</artifactId>
-      <version>8.5.0</version>
+      <version>8.7.1</version>
       <classifier>shaded</classifier>
     </dependency>
+    <dependency>
+      <groupId>com.google.auth</groupId>
+      <artifactId>google-auth-library-oauth2-http</artifactId>
+      <version>0.6.0</version>
+    </dependency>
     <dependency>
       <groupId>com.typesafe</groupId>
       <artifactId>config</artifactId>