Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

anago mock mode should check for push access to gcr.io/kubernetes-release-test #164

Closed
ixdy opened this issue Oct 18, 2016 · 5 comments
Closed

anago mock mode should check for push access to gcr.io/kubernetes-release-test #164

ixdy opened this issue Oct 18, 2016 · 5 comments
Assignees
@david-mcmahon
Labels
area/release-eng Issues or PRs related to the Release Engineering subproject priority/P1 sig/release Categorizes an issue or PR as relevant to SIG Release.

Comments

@ixdy
Copy link
Member

ixdy commented Oct 18, 2016

I'm getting lots of failures late in the mock workflow:

Send docker containers to gcr.io/kubernetes-release-test...
Release kube-apiserver-amd64:v1.5.0-alpha.2:
- Pushing: .....FAILED
Release legacy kube-apiserver:v1.5.0-alpha.2:
- Tagging: OK
- Pushing: .....FAILED
Release kube-controller-manager-amd64:v1.5.0-alpha.2:
- Pushing: .....FAILED
Release legacy kube-controller-manager:v1.5.0-alpha.2:
- Tagging: OK
- Pushing: .....FAILED
Release kube-scheduler-amd64:v1.5.0-alpha.2:
- Pushing: .....FAILED

etc.
@david-mcmahon david-mcmahon self-assigned this Oct 18, 2016
@david-mcmahon
Copy link
Contributor

Any clever one-liners to check writable access to a gcr.io repo? @mikedanese @kubernetes/test-infra-maintainers

@mtaufen
Copy link
Contributor

mtaufen commented Oct 26, 2016

Maybe a bit messy but could you create a dummy image in there that is just for testing write access, and "push" to it to test?

@david-mcmahon
Copy link
Contributor

@mtaufen we might have to go that route. Hoping for some lighter way. Unfortunately I don't see any --dry-run options to docker. @jessfraz

@spxtr
Copy link

spxtr commented Oct 26, 2016

Can probably do a gsutil acl get call or defacl to check.

@zmerlynn
Copy link
Member

Parsing the ACL is obnoxious, in part because sometimes the IDs get munged. In addition, you'd then have to check for group access in many legit cases. It's not that hard to verify you can write to the appspot bucket, though, by just doing a 'gsutil cp' to somewhere in there - it's just kind of ugly. (You could even just name it /access-check and rewrite the object every time.)

@ixdy ixdy mentioned this issue Mar 7, 2017
Closed
@david-mcmahon david-mcmahon mentioned this issue Jul 27, 2017
Merged
marpaia pushed a commit to marpaia/release that referenced this issue Feb 21, 2019
@k8s-ci-robot
Merge pull request kubernetes#164 from jdumars/security
b0a0499 
Added security contacts per issue 158
@justaugustus justaugustus added sig/release Categorizes an issue or PR as relevant to SIG Release. area/release-eng Issues or PRs related to the Release Engineering subproject labels Dec 9, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@david-mcmahon david-mcmahon

Labels
area/release-eng Issues or PRs related to the Release Engineering subproject priority/P1 sig/release Categorizes an issue or PR as relevant to SIG Release.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@justaugustus @mtaufen @zmerlynn @spxtr @ixdy @david-mcmahon