fix: oras-go client should fallback to docker config if no credentials specified #18133
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I'm using #17279 to authenticate to Google Artifact Registry as a helm registry using workload identity. Unlike #10218, the other solution does not require installing ESO. This works in general since
helm template
can get creds via the$HOME/.docker/config.json
. However, if you need to usetargetRevision: *
with your application, this ends up using the oras-go client here which is only configured for static credentials.This change adds a backwards compatible change where if both the username and password is not configured, it will use the oras-go credentials package to get the docker config from the environment and use that to get credentials.
Checklist: