-
Notifications
You must be signed in to change notification settings - Fork 758
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add dry-run mode to skopeo-sync #1459
Conversation
Signed-off-by: Ted Wexler <twexler@bloomberg.net>
@mtrmac @vrothberg PTAL |
@twexler thanks for bringing this forward. I think this is indeed useful, but I think I'd prefer it if the code went a bit further and touched the registry and perhaps the destination to see if it was available and if the auths were OK. A bigger effort for sure. |
@TomSweeneyRedHat Gotcha. I'll take a look at this again tomorrow, see if I can fit that into this PR with minimal headache... |
I am not sure that will work. Let's assume we want to sync an image to
So I don't think that such checks should be performed in a dry run. |
@vrothberg You could hit the API Version Check endpoint on the registry to confirm it's a registry and potentially authn/z would play into that, but you're right: If that API isn't authenticated on the specific registry implementation, then we're only verifying that the defined repository is probably a registry which is a worthwhile check, I think. |
Co-authored-by: Tom Sweeney <tsweeney@redhat.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the current form I find the logs too redundant:
INFO[0001] Would have copied image, but `--dry` is specified from="docker://busybox:ubuntu" to="dir:/tmp/test/busybox:ubuntu"
INFO[0001] Copying image ref 173/179 from="docker://busybox:ubuntu-12.04" to="dir:/tmp/test/busybox:ubuntu-12.04"
INFO[0001] Would have copied image, but `--dry` is specified from="docker://busybox:ubuntu-12.04" to="dir:/tmp/test/busybox:ubuntu-12.04"
INFO[0001] Copying image ref 174/179 from="docker://busybox:ubuntu-14.04" to="dir:/tmp/test/busybox:ubuntu-14.04"
INFO[0001] Would have copied image, but `--dry` is specified from="docker://busybox:ubuntu-14.04" to="dir:/tmp/test/busybox:ubuntu-14.04"
INFO[0001] Copying image ref 175/179 from="docker://busybox:uclibc" to="dir:/tmp/test/busybox:uclibc"
INFO[0001] Would have copied image, but `--dry` is specified from="docker://busybox:uclibc" to="dir:/tmp/test/busybox:uclibc"
INFO[0001] Copying image ref 176/179 from="docker://busybox:unstable" to="dir:/tmp/test/busybox:unstable"
INFO[0001] Would have copied image, but `--dry` is specified from="docker://busybox:unstable" to="dir:/tmp/test/busybox:unstable"
INFO[0001] Copying image ref 177/179 from="docker://busybox:unstable-glibc" to="dir:/tmp/test/busybox:unstable-glibc"
INFO[0001] Would have copied image, but `--dry` is specified from="docker://busybox:unstable-glibc" to="dir:/tmp/test/busybox:unstable-glibc"
INFO[0001] Copying image ref 178/179 from="docker://busybox:unstable-musl" to="dir:/tmp/test/busybox:unstable-musl"
INFO[0001] Would have copied image, but `--dry` is specified from="docker://busybox:unstable-musl" to="dir:/tmp/test/busybox:unstable-musl"
INFO[0001] Copying image ref 179/179 from="docker://busybox:unstable-uclibc" to="dir:/tmp/test/busybox:unstable-uclibc"
I think that the Copying image ref 173/179 ...
logs shouldn't be printed for --dry
.
@rhatdan PTAL
Other than that, LGTM. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the current form I find the logs too redundant:
INFO[0001] Would have copied image, but `--dry` is specified from="docker://busybox:unstable-musl" to="dir:/tmp/test/busybox:unstable-musl" INFO[0001] Copying image ref 179/179 from="docker://busybox:unstable-uclibc" to="dir:/tmp/test/busybox:unstable-uclibc"
I think that the
Copying image ref 173/179 ...
logs shouldn't be printed for--dry
.
Also I don’t think every line needs to repeat that “--dry is specified”. Maybe just replace the Copying image ref
message with Would try copying image ref
in the dry-run mode?
Yeah, I don’t think we currently know how to do this. IIRC on some registries, the “get token for $username+$password accessing $scope” endpoint actually does fail if the credentials are valid but not allowed to use $scope (e.g. write to a specific repo), but on others this succeeds (and accessing the “version check” would work just fine) and only fails when actually trying to do an operation (i.e. actually trying write something to that repo). So we don’t know whether credentials for writing are valid until we actually try to write something, which is very incompatible with a “dry-run” concept. Having a mode that tests the source enumeration / allows validation of a YAML with regexes and the like, is still quite valuable without testing credentials. |
This mode does test this, as it compiles the images to copy before any of the new code comes into play. |
Yup, I just wanted to say that I don’t think not testing credentials is a reason to reject or delay accepting this PR. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK overall, but I’ll let others to try this out and review in detail, for this week.
I'll squash these commits once code review is complete. |
@vrothberg @rhatdan opinions on a (Feel free to tell me it’s not worth worrying about.) |
I would expect Skopeo to tell me how many images "would" have been synced. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, some last nits. Also, please rebase the PR.
logMsg := fmt.Sprintf("Synced %d images from %d sources", imagesNumber, len(srcRepoList)) | ||
if opts.dryRun { | ||
logMsg = fmt.Sprintf("Would have %s", logMsg) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Something like
logMsg := fmt.Sprintf("Synced %d images from %d sources", imagesNumber, len(srcRepoList)) | |
if opts.dryRun { | |
logMsg = fmt.Sprintf("Would have %s", logMsg) | |
} | |
if !opts.dryRun { | |
logrus.Infof("Synced %d images from %d sources", imagesNumber, len(srcRepoList)) | |
} else { | |
logrus.Infof("Would have synced %d images from %d sources", imagesNumber, len(srcRepoList)) | |
} |
so that the capitalization is correct, please.
@@ -50,6 +50,10 @@ Path of the authentication file for the source registry. Uses path given by `--a | |||
|
|||
Path of the authentication file for the destination registry. Uses path given by `--authfile`, if not provided. | |||
|
|||
**--dry-run** |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add the flag to completions/bash/skopeo
as well.
A friendly reminder that this PR had no activity for 30 days. |
Any progress on this? |
Hi @twexler, it would be nice if you could rebase and integrate the remarks :-) |
A friendly reminder that this PR had no activity for 30 days. |
Taking over containers#1459 to drive it to completion. Signed-off-by: Ted Wexler <twexler@bloomberg.net> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Taking over containers#1459 to drive it to completion. Signed-off-by: Ted Wexler <twexler@bloomberg.net> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Being continued in #1608, for the record. |
Taking over containers#1459 to drive it to completion. Signed-off-by: Ted Wexler <twexler@bloomberg.net> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
I found this useful when testing
skopeo-sync
, instead of actually copying to the destination,skopeo-sync
will output a message likeFixes #1175.