From b4214fdcb3571f7e634f65ed559e64f782a69274 Mon Sep 17 00:00:00 2001
From: Tad Cordle <tcordle@google.com>
Date: Fri, 27 Jul 2018 11:27:27 -0400
Subject: [PATCH 1/3] Add auth to maven readme

---
 jib-maven-plugin/README.md | 46 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)

diff --git a/jib-maven-plugin/README.md b/jib-maven-plugin/README.md
index 3f77b7e9c0..2bae8e9f56 100644
--- a/jib-maven-plugin/README.md
+++ b/jib-maven-plugin/README.md
@@ -212,6 +212,7 @@ Property | Type | Default | Description
 --- | --- | --- | ---
 `image` | string | `gcr.io/distroless/java` | The image reference for the base image.
 `credHelper` | string | *None* | Suffix for the credential helper that can authenticate pulling the base image (following `docker-credential-`).
+`auth` | [`auth`](#auth-object) | *None* | Specify credentials directly (alternative to `credHelper`).
 
 <a name="to-object"></a>`to` is an object with the following properties:
 
@@ -219,6 +220,14 @@ Property | Type | Default | Description
 --- | --- | --- | ---
 `image` | string | *Required* | The image reference for the target image. This can also be specified via the `-Dimage` command line option.
 `credHelper` | string | *None* | Suffix for the credential helper that can authenticate pulling the base image (following `docker-credential-`).
+`auth` | [`auth`](#auth-object) | *None* | Specify credentials directly (alternative to `credHelper`).
+
+<a name="auth-object"></a>`auth` is an object with the following properties (see [Using Specific Credentials](#using-specific-credentials)):
+
+Property | Type
+--- | ---
+`username` | `String`
+`password` | `String`
 
 <a name="container-object"></a>`container` is an object with the following properties:
 
@@ -311,6 +320,43 @@ Configure credential helpers to use by specifying them as a `credHelper` for the
 </configuration>
 ```
 
+#### Using Specific Credentials
+
+You can specify credentials directly in the <auth> parameter for the `from` and/or `to` images. In the example below, `to` credentials are retrieved from the `REGISTRY_USERNAME` and `REGISTRY_PASSWORD` environment variables.
+
+```xml
+<configuration>
+  ...
+  <from>
+    <image>aws_account_id.dkr.ecr.region.amazonaws.com/my-base-image</image>
+    <auth>
+      <username>my_username</username>
+      <password>my_password</password>
+    </auth>
+  </from>
+  <to>
+    <image>gcr.io/my-gcp-project/my-app</image>
+    <auth>
+      <username>${env.REGISTRY_USERNAME}</username>
+      <password>${env.REGISTRY_PASSWORD}</password>
+    </auth>
+  </to>
+  ...
+</configuration>
+```
+
+Alternatively, you can specify credentials via commandline using the following system properties.
+
+Property | Description
+--- | ---
+`-Djib.from.auth.username` | Username for base image registry.
+`-Djib.from.auth.password` | Password for base image registry.
+`-Djib.to.auth.username` | Username for target image registry.
+`-Djib.to.auth.password` | Password for target image registry.
+
+e.g. `mvn package jib:build -Djib.to.auth.username=user -Djib.to.auth.password=pass`
+
+
 #### Using Maven Settings
 
 Registry credentials can be added to your [Maven settings](https://maven.apache.org/settings.html). These credentials will be used if credentials could not be found in any specified Docker credential helpers.

From 8b581c8ae1cc7310c366ea7d7a59ba390c6e0078 Mon Sep 17 00:00:00 2001
From: Tad Cordle <tcordle@google.com>
Date: Fri, 27 Jul 2018 11:50:09 -0400
Subject: [PATCH 2/3] Add warnings and fix invisible auth

---
 jib-maven-plugin/README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/jib-maven-plugin/README.md b/jib-maven-plugin/README.md
index 2bae8e9f56..08cc94fc5f 100644
--- a/jib-maven-plugin/README.md
+++ b/jib-maven-plugin/README.md
@@ -322,7 +322,7 @@ Configure credential helpers to use by specifying them as a `credHelper` for the
 
 #### Using Specific Credentials
 
-You can specify credentials directly in the <auth> parameter for the `from` and/or `to` images. In the example below, `to` credentials are retrieved from the `REGISTRY_USERNAME` and `REGISTRY_PASSWORD` environment variables.
+You can specify credentials directly in the `<auth>` parameter for the `from` and/or `to` images. In the example below, `to` credentials are retrieved from the `REGISTRY_USERNAME` and `REGISTRY_PASSWORD` environment variables.
 
 ```xml
 <configuration>
@@ -356,6 +356,7 @@ Property | Description
 
 e.g. `mvn package jib:build -Djib.to.auth.username=user -Djib.to.auth.password=pass`
 
+**Note** This method of authentication should be used only as a last resort, as it is insecure to make your password visible in plain text.
 
 #### Using Maven Settings
 

From 3072a65268ccbb729b346ff640bea8b0ec1c988f Mon Sep 17 00:00:00 2001
From: Tad Cordle <tcordle@google.com>
Date: Fri, 27 Jul 2018 15:46:40 -0400
Subject: [PATCH 3/3] Fixes

---
 jib-maven-plugin/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/jib-maven-plugin/README.md b/jib-maven-plugin/README.md
index 08cc94fc5f..4ddafb4388 100644
--- a/jib-maven-plugin/README.md
+++ b/jib-maven-plugin/README.md
@@ -354,9 +354,9 @@ Property | Description
 `-Djib.to.auth.username` | Username for target image registry.
 `-Djib.to.auth.password` | Password for target image registry.
 
-e.g. `mvn package jib:build -Djib.to.auth.username=user -Djib.to.auth.password=pass`
+e.g. `mvn compile jib:build -Djib.to.auth.username=user -Djib.to.auth.password=pass`
 
-**Note** This method of authentication should be used only as a last resort, as it is insecure to make your password visible in plain text.
+**Note:** This method of authentication should be used only as a last resort, as it is insecure to make your password visible in plain text.
 
 #### Using Maven Settings