diff --git a/pkg/addons/addons_gcpauth.go b/pkg/addons/addons_gcpauth.go index 5132bb4039..a846534ab8 100644 --- a/pkg/addons/addons_gcpauth.go +++ b/pkg/addons/addons_gcpauth.go @@ -60,7 +60,7 @@ func enableOrDisableGCPAuth(cfg *config.ClusterConfig, name string, val string) func enableAddonGCPAuth(cfg *config.ClusterConfig) error { if !Force && detect.IsOnGCE() { - exit.Message(reason.InternalCredsNotFound, "It seems that you are running in GCE, which means authentication should work without the GCP Auth addon. If you would still like to authenticate using a credentials file, use the --force flag.") + exit.Message(reason.InternalCredsNotNeeded, "It seems that you are running in GCE, which means authentication should work without the GCP Auth addon. If you would still like to authenticate using a credentials file, use the --force flag.") } // Grab command runner from running cluster @@ -88,51 +88,56 @@ func enableAddonGCPAuth(cfg *config.ClusterConfig) error { return err } + // Force here will allow tests to pass with false credentials token, err := creds.TokenSource.Token() - if err != nil { - return err - } - data := map[string][]byte{ - ".dockercfg": []byte(fmt.Sprintf(`{"https://gcr.io":{"username":"oauth2accesstoken","password":"%s","email":"none"}}`, token.AccessToken)), - } - - namespaces, err := client.Namespaces().List(metav1.ListOptions{}) - if err != nil { + if err != nil && !Force { return err } - for _, n := range namespaces.Items { - secrets := client.Secrets(n.Name) - - secretObj := &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Name: secretName, - }, - Data: data, - Type: "kubernetes.io/dockercfg", + // Only try to add secret if Token was found + if err == nil { + data := map[string][]byte{ + ".dockercfg": []byte(fmt.Sprintf(`{"https://gcr.io":{"username":"oauth2accesstoken","password":"%s","email":"none"}}`, token.AccessToken)), } - _, err = secrets.Create(secretObj) + namespaces, err := client.Namespaces().List(metav1.ListOptions{}) if err != nil { return err } - // Now patch the secret into all the service accounts we can find - serviceaccounts := client.ServiceAccounts(n.Name) - salist, err := serviceaccounts.List(metav1.ListOptions{}) - if err != nil { - return err - } + for _, n := range namespaces.Items { + secrets := client.Secrets(n.Name) - ips := corev1.LocalObjectReference{Name: "gcp-auth"} - for _, sa := range salist.Items { - sa.ImagePullSecrets = append(sa.ImagePullSecrets, ips) - _, err := serviceaccounts.Update(&sa) + secretObj := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: secretName, + }, + Data: data, + Type: "kubernetes.io/dockercfg", + } + + _, err = secrets.Create(secretObj) if err != nil { return err } - } + // Now patch the secret into all the service accounts we can find + serviceaccounts := client.ServiceAccounts(n.Name) + salist, err := serviceaccounts.List(metav1.ListOptions{}) + if err != nil { + return err + } + + ips := corev1.LocalObjectReference{Name: "gcp-auth"} + for _, sa := range salist.Items { + sa.ImagePullSecrets = append(sa.ImagePullSecrets, ips) + _, err := serviceaccounts.Update(&sa) + if err != nil { + return err + } + } + + } } // First check if the project env var is explicitly set diff --git a/pkg/minikube/reason/reason.go b/pkg/minikube/reason/reason.go index c4e9d80fc0..5b3dcbd3ab 100644 --- a/pkg/minikube/reason/reason.go +++ b/pkg/minikube/reason/reason.go @@ -120,6 +120,7 @@ var ( InternalViewTmpl = Kind{ID: "MK_VIEW_TMPL", ExitCode: ExProgramError} InternalYamlMarshal = Kind{ID: "MK_YAML_MARSHAL", ExitCode: ExProgramError} InternalCredsNotFound = Kind{ID: "MK_CREDENTIALS_NOT_FOUND", ExitCode: ExProgramNotFound, Style: style.Shrug} + InternalCredsNotNeeded = Kind{ID: "MK_CREDENTIALS_NOT_NEEDED", ExitCode: ExProgramNotFound, Style: style.Shrug} InternalSemverParse = Kind{ID: "MK_SEMVER_PARSE", ExitCode: ExProgramError} DaemonizeError = Kind{ID: "MK_DAEMONIZE", ExitCode: ExProgramError}