From 9712aecda6fa3fdf3c75eed405e012e32cd1ab21 Mon Sep 17 00:00:00 2001
From: Daniel Mikusa <dmikusa@vmware.com>
Date: Thu, 14 Apr 2022 16:22:33 -0400
Subject: [PATCH] Adds auth for connecting to non-public gcr.io registries

Signed-off-by: Daniel Mikusa <dmikusa@vmware.com>
---
 drafts/drafts.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/drafts/drafts.go b/drafts/drafts.go
index 617564d1..fbb0a8ce 100644
--- a/drafts/drafts.go
+++ b/drafts/drafts.go
@@ -31,6 +31,7 @@ import (
 	"github.com/buildpacks/libcnb"
 	"github.com/google/go-containerregistry/pkg/authn"
 	"github.com/google/go-containerregistry/pkg/name"
+	"github.com/google/go-containerregistry/pkg/v1/google"
 	"github.com/google/go-containerregistry/pkg/v1/mutate"
 	"github.com/google/go-containerregistry/pkg/v1/remote"
 	"github.com/paketo-buildpacks/libpak"
@@ -352,7 +353,12 @@ func loadBuildpackImage(ref string, to io.Writer) error {
 		return fmt.Errorf("unable to parse reference for existing buildpack tag\n%w", err)
 	}
 
-	img, err := remote.Image(reference, remote.WithAuthFromKeychain(authn.DefaultKeychain))
+	authn := authn.Anonymous
+	if gcrKey, found := os.LookupEnv("JAVA_GCLOUD_SERVICE_ACCOUNT_KEY"); found {
+		authn = google.NewJSONKeyAuthenticator(gcrKey)
+	}
+
+	img, err := remote.Image(reference, remote.WithAuth(authn))
 	if err != nil {
 		return fmt.Errorf("unable to fetch remote image\n%w", err)
 	}