* Before this change, even on non-AWS platforms, the Enabled() check attempts
to make calls to the metadata endpoint when the session and credentials
are initialized (in order to determine if the provider should be
initialized at all).
* This can cause latency because the SDK times out and retries -- up to
20 seconds of latency has been observed on non-AWS platforms when the
metadata IP was blocked with an iptables rule.
* Instead, check once if we are running on an EC2 platform, first trying
to find the EC2 UUID in system files, and second attempting to get
credentials.
* Add a benchmark test that includes intialization and the credential
check.
There are a lot of scenarios where an invalid .dockercfg file
will still contain secrets. This commit removes logging of the
contents to avoid any potential leaking and manages the actual error
by printing to the user the actual location of the invalid file.
Signed-off-by: Nikolaos Moraitis <nmoraiti@redhat.com>
base64 allows usage of new line characters and some tools use them.
As a result, the length of the encoded string cannot be used to
determine whether it's padded or not.
This patch fixes the regression after #82148.
docker-credential-desk does not pad anymore the auth field.
it is then possible to have unpadded auth field.
field might be encoded either with RawStdEncoding or StdEncoding
we now determine if it is correctly padded in order to handle
both cases.
Currently, the credential provider will look in the path set in
the $HOME env variable, but that environment does not exist on
Windows, but $HOMEPATH does. Because of this, if credentials are
set in ~/.docker on Windows, they will not be used by kubelet
when pulling images.
The function os.UserHomeDir can solve this problem [1].
[1] https://golang.org/pkg/os/#UserHomeDir
This is useful only in rancher environment, they are using this in a
very old branch (1.6), they are currently at 2.2.x. There is just no
point in us carrying this code as this is not useful to anyone else
outside of the rancher environment. Let us please remove this code from
upstream.
Change-Id: I5196d0edd79a7809c3a04e6028ddbd01063f224b
