oc client generates invalid docker-registry secrets

[toredash]

At some point, openshift client started to create invalid secrets of type docker-registry. Previous versions of the client (v3.6.0-c4dd4cf) produces correct output.

I'm not sure if this is a client issue, or an issue with OpenShift using the supplied dockercfg in imagePullSecret.

Relevant information:
https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

Newer Docker versions seems to create a configuration file with an outer auths object, which OpenShift doesn't seem to support.

Version

oc v3.7.0+7ed6862

Steps To Reproduce

1. Verify what is generated with current client:
   $ oc create secret docker-registry regsecret --docker-email="[email protected]" --docker-password="password" --docker-username="user" --docker-server="https://registry/" --dry-run -o yaml | grep docker | cut -d":" -f2- | head -n 1 | base64 -D | jq '.'
   {
   "auths": {
   "https://registry/": {
   "username": "user",
   "password": "password",
   "email": "[email protected]",
   "auth": "dXNlcjpwYXNzd29yZA=="
   }
   }
   }

2. Do the same with previous client:
   ./openshift-origin-client-tools-v3.6.0-c4dd4cf-mac/oc create secret docker-registry regsecret --docker-email="[email protected]" --docker-password="password" --docker-username="user" --docker-server="https://registry/" --dry-run -o yaml | grep docker | cut -d":" -f2- | head -n 1 | base64 -D | jq '.'
   {
   "https://registry/": {
   "username": "user",
   "password": "password",
   "email": "[email protected]",
   "auth": "dXNlcjpwYXNzd29yZA=="
   }
   }

Current Result

docker-registry secrets generated with client oc v3.7.0+7ed6862 produces a secret that is not usable with OpenShift, I've tested on two different servers:
$ oc version
oc v3.7.0+7ed6862
kubernetes v1.7.6+a08f5eeb62
features: Basic-Auth

Server X
openshift v3.7.0+7ed6862
kubernetes v1.7.6+a08f5eeb62

$ oc version
oc v3.7.0+7ed6862
kubernetes v1.7.6+a08f5eeb62
features: Basic-Auth

Server X
openshift v3.6.0+c4dd4cf
kubernetes v1.6.1+5115d708d7

Expected Result

oc client generating valid docker-registry secrets that the remote server is able to use

Additional Information

not relevant

[0xmichalis]

@openshift/sig-developer-experience

[mfojtik]

@Kargakis this is

/sig master

actually and @soltysh is looking into this

[soltysh]

This should be fixed for 3.7 in #18062.
3.8 is not affected.
master picked a fix in #18003

[simo5]

@soltysh is this resolved? or is there a reason the issue is still open ?

[toredash]

This issue is still present in oc v3.7.1+ab0f056

[soltysh]

The fixed I linked was merged after that release, so this is fixed.