-
Notifications
You must be signed in to change notification settings - Fork 511
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
authn.kubernetes.Resolve now behaves exactly like Kubernetes #1349
Conversation
I think I need to pull the first commit into a separate PR since I need to bump the ggcr version in the kubernetes/go.mod Otherwise the kubernetes pkg won't pull the right ggcr min version containing the new json marshalling helpers. |
Step 1: #1350 Will rebase this PR with go.mod updates |
Should we promote this extra fuzzy URL matching to match k8s' behavior up to Thanks so much for doing this investigation and work @dprotaso, you're a rockstar 👨🎤 ❤️ |
I was wondering if the fuzzy matching is only a k8s behaviour or is that a docker config convention? I would do it in a separate PR if it's not K8s convention. |
Prior we weren't matching host names and partial paths properly This was breaking Gitlab and Azure tag to digest resolution in Knative
Codecov Report
@@ Coverage Diff @@
## main #1349 +/- ##
=======================================
Coverage 74.19% 74.19%
=======================================
Files 113 113
Lines 8439 8439
=======================================
Hits 6261 6261
Misses 1574 1574
Partials 604 604 Continue to review full report at Codecov.
|
Also note - unit/build tests don't work in nested modules since
Realized this here (gopher slack): https://gophers.slack.com/archives/C9BMAAFFB/p1649939462805589 |
Unit test failure seems unrelated
https://github.com/google/go-containerregistry/runs/6024983982?check_suite_focus=true#step:4:715 |
presubmit looks legit - looking into that |
After this I need to bump the k8schain/go.mod with the |
Sounds like it's just K8s' version, but it seems useful to apply Postel's law here and everywhere. Maybe this means we can drop (some of?) our dep from pkg/authn -> docker/cli, and things like this: go-containerregistry/pkg/authn/keychain.go Line 126 in f1b7291
(not for this PR, just something to consider in the future) |
👍 |
Prior we weren't matching host names and partial paths properly
This was breaking Gitlab and Azure tag to digest resolution in Knative (knative/serving#12761)