New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for extending the .dockercfg file #11759
Conversation
/cc @dmcgowan |
5da1953
to
4dec3af
Compare
This PR does a couple of things: - makes loading of the .dockercfg file part of the DockerCli creation so that we only need have load it once and not at lots of spots throughout the code - moves the current auth stuff in the config down one level so that new fields can be added w/o breaking the existing auth config logic - add testcases to verify that we can read .dockercfg files in the old and new format - but always save in the new format Next steps if this is accepted: - move the config file processing out from under 'registry' since it not registry specific any more - see what additional fields might be needed - yes I have some in mind :-) Signed-off-by: Doug Davis <dug@us.ibm.com>
The code looks good, but will focus on getting the design review approved. I am also +1 for getting it out of the registry directory, but is likely to happen soon. I am curious what other use cases you see for using the |
@dmcgowan we have an immediate need to add new HTTP headers to the Docker CLI->daemon flows - mainly to carry auth tokens that were setup by 3rd party tooling. So, I have a PR ready to go that will look for a "header" field in the .dockercfg file and have the cli blindly add those headers to all outgoing http messages. I can also see including things like a "DockerHost" field so that other tooling, like Machine, can modify the user's DOCKER_HOST w/o resorting to tricks/hacks to get the env var modified. I can move it out from under 'registry' very soon - I just didn't want to do too much within one PR as that tends to slow down the review process. :-) As for separate files... I'd prefer not to unless we run across a pretty big reason to split it. I think having all of the cli config fields in one spot will make it much easier for people to deal with - especially 3rd party tooling. |
sounds good, +1 to design also @icecrime @jfrazelle for design review |
ping @jfrazelle |
ping @icecrime |
As I've mentioned previously, I'd love to see |
Adding more stuff to a mis-named file to make it less mis-named feels like stepping backwards, IMO. 😉 |
@tianon couple of comments
|
Yes, even if we expand it, I still think the name is a mistake because it's so uncommon. Looking at all the other "dot" files in my |
@dmcgowan you ok with the migration code I have moving it from ~/.dockercfg to ~/.docker/config ? |
As I first mentioned, I am in favor of a |
Based on the recent comments, I think what I'm hearing is that there are a set of PRs that might be of interest:
Does this sound right? If so, a few comments:
@dmcgowan @tianon @crosbymichael thoughts? |
IMO More generally, if there are things that are obviously completely separate (like auth credentials), then splitting them into a separate file makes sense, especially since you can then |
Considering the controversy around what is stored in .dockercfg today, I would advocate for keeping it in a separate file |
If my previous comment was not clear, that is a 👍 to @duglin's last comment |
Thanks for the comments: pushing this to code review. |
@icecrime sorry - I should have gone back to update this one. With #12009 we'll be doing the first 2 bullets from #11759 (comment) - meaning migration and support extending the docker file. I'd then like to follow it up with tooling to make it easier to modify that config file - either in this PR or a new one. I can close this one if you'd prefer until then. |
I guess this one could be closed then (sorry, there's really too many information and cross references for me to follow here). |
Closing this one until #12009 is done and we decide if we want to add tooling to modify the config file. |
This PR does a couple of things:
that we only need to load it once and not at lots of spots throughout
the code
fields can be added w/o breaking the existing auth config logic
and new format - but always save in the new format
Next steps if this is accepted:
not registry specific any more
Signed-off-by: Doug Davis dug@us.ibm.com
/cc @crosbymichael @nathanleclaire