always use a fresh docker config for each step

yob · yob · commit 3927d72c7d43 · 2020-10-26T16:39:37.000+11:00
This improves job isolation, preventing jobs from relying on authentication configured in other jobs. This is based on PR #678, but we've removed the stack parameter because the v5.0.0 release is pending and we're comfortable making a small breaking change.
diff --git a/packer/linux/conf/bin/bk-install-elastic-stack.sh b/packer/linux/conf/bin/bk-install-elastic-stack.sh
@@ -49,8 +49,6 @@ PLUGINS_ENABLED=()
 [[ $ECR_PLUGIN_ENABLED == "true" ]] && PLUGINS_ENABLED+=("ecr")
 [[ $DOCKER_LOGIN_PLUGIN_ENABLED == "true" ]] && PLUGINS_ENABLED+=("docker-login")
 
-[[ $ISOLATE_DOCKER_CONFIG == "true" ]] && DOCKER_CONFIG="export DOCKER_CONFIG=\$(mktemp -d)"
-
 # cfn-env is sourced by the environment hook in builds
 cat << EOF > /var/lib/buildkite-agent/cfn-env
 export DOCKER_VERSION=$DOCKER_VERSION
@@ -62,7 +60,7 @@ export AWS_DEFAULT_REGION=$AWS_REGION
 export AWS_REGION=$AWS_REGION
 export PLUGINS_ENABLED="${PLUGINS_ENABLED[*]-}"
 export BUILDKITE_ECR_POLICY=${BUILDKITE_ECR_POLICY:-none}
-${DOCKER_CONFIG:-""}
+export DOCKER_CONFIG=\$(mktemp -d)
 EOF
 
 if [[ "${BUILDKITE_AGENT_RELEASE}" == "edge" ]] ; then
diff --git a/templates/aws-stack.yml b/templates/aws-stack.yml
@@ -74,7 +74,6 @@ Metadata:
         Parameters:
         - EnableDockerUserNamespaceRemap
         - EnableDockerExperimental
-        - IsolateDockerConfig
 
       - Label:
           default: Docker Registry Configuration
@@ -356,14 +355,6 @@ Parameters:
       - "false"
     Default: "false"
 
-  IsolateDockerConfig:
-    Type: String
-    Description: Isolates Docker Configuration per step
-    AllowedValues:
-      - "true"
-      - "false"
-    Default: "false"
-
   EnableCostAllocationTags:
     Type: String
     Description: Enables AWS Cost Allocation tags for all resources in the stack. See https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html
@@ -873,7 +864,6 @@ Resources:
                   $Env:ECR_PLUGIN_ENABLED="${EnableECRPlugin}"
                   $Env:DOCKER_LOGIN_PLUGIN_ENABLED="${EnableDockerLoginPlugin}"
                   $Env:AWS_REGION="${AWS::Region}"
-                  $Env:ISOLATE_DOCKER_CONFIG="${IsolateDockerConfig}"
                   powershell -file C:\buildkite-agent\bin\bk-install-elastic-stack.ps1 >> C:\buildkite-agent\elastic-stack.log
                   </powershell>
                 - {
