engineering: Enable password-access to ORAS behind flag#91
Conversation
ayaegashi
changed the title
|
/AzurePipelines run |
|
/AzurePipelines run [GITHUB]-trident-pr-e2e |
|
Azure Pipelines successfully started running 2 pipeline(s). |
|
Azure Pipelines successfully started running 1 pipeline(s). |
| use tokio::runtime::Runtime; | ||
| use url::Url; | ||
|
|
||
| #[cfg(feature = "grpc-dangerous")] |
There was a problem hiding this comment.
sounds like this should get its own flag, this is not related to grpc
There was a problem hiding this comment.
Oh... I might be a little confused is there more than one "dangerous" flag?
There was a problem hiding this comment.
Using #[cfg(feature = "dangerous-options")] since this seems to be related to password security...
There was a problem hiding this comment.
dangerous-options is the one that gets used for local builds:
Line 79 in 98a0d3d
There was a problem hiding this comment.
I see. Just to clarify, should this ORAS functionality be separated under another feature flag then? Or is it okay since it will not go into pipelines and release RPMs?
There was a problem hiding this comment.
dangerous-options is ok, the comment was mostly about not using the grps one :)
| impl ReadSeek for Cursor<Vec<u8>> {} | ||
|
|
||
| #[cfg(feature = "dangerous-options")] | ||
| const DOCKER_CONFIG_FILE_PATH: &str = "/root/.docker/config.json"; |
There was a problem hiding this comment.
We could use $HOME or the home_dir method instead of hard-coding /root
There was a problem hiding this comment.
Fixed, env::home_dir() and joining with this constant below
3 participants
🔍 Description
This PR adds the code to pull from container registries which require username:password credentials to access. This is not officially supported by Trident, so it is hidden behind a flag.
🤔 Rationale
Adding this code so that if in the future we want to support password-protected container registries, we have the logic readily available.
📝 Testing
Since this is hidden behind a flag, this code is not tested in our pipelines. To manually test this code, do the following:
~/.docker/config.jsonin the MOS. One way to do this is to runecho <password> | docker login <container registry>.azurecr.io -u <username> --password-stdinin the post-install script.#[cfg(feature = "grpc-dangerous")]tags inreader.rs.