Check docker config auths for repo and registry #1280
Conversation
This enables the case where a config's auth section can specify different auth per repository within the same registry.
Codecov Report
@@ Coverage Diff @@
## main #1280 +/- ##
==========================================
+ Coverage 74.01% 74.03% +0.01%
==========================================
Files 112 112
Lines 8374 8379 +5
==========================================
+ Hits 6198 6203 +5
Misses 1573 1573
Partials 603 603
Continue to review full report at Codecov.
|
|
I'm a bit reluctant to diverge from docker's behavior -- do they support anything like this? Does the red hat stuff? |
|
Related FR: docker/cli#2928 |
|
Oh, I incorrectly thought this was already how Docker worked 😢 I'll close this, and point folks up to that FR. Thanks! |
|
Sounds like Podman supports per-registry wdyt? |
I think ideally we could upstream this to docker/cli? |
I'm willing to try. I think we might have a better case if we can say Podman, and all tools using |
| return nil, err | ||
| cfg, err = cf.GetAuthConfig(key) | ||
| if err != nil { | ||
| return nil, err |
There was a problem hiding this comment.
I'm a little bit worried that we'll hit a new error here but it looks like it currently never returns an error so it's probably fine:
https://github.com/docker/cli/blob/25eee83d6b8c475548254b2decc9c8e0490d229c/cli/config/configfile/file.go#L321
https://github.com/docker/cli/blob/25eee83d6b8c475548254b2decc9c8e0490d229c/cli/config/configfile/file.go#L311
https://github.com/docker/cli/blob/25eee83d6b8c475548254b2decc9c8e0490d229c/cli/config/credentials/file_store.go#L32-L47
This enables the case where a config's auth section can specify different auth per repository within the same registry.
This seems to be the root cause of GoogleContainerTools/kaniko#687