Bug 1858760: allow Authorization Service URL to differ from Registry URL when retrieving tokens #924
Conversation
|
@atiratree: An error was encountered searching for bug 1858760 on the Bugzilla server at https://bugzilla.redhat.com. No known errors were detected, please see the full error message for details. Full error message.
code 102: You are not authorized to access bug #1858760. Most likely the bug has been restricted for internal development processes and we cannot grant access. If you are a Red Hat customer with an active subscription, please visit the Red Hat Customer Portal for assistance with your issue If you are a Fedora Project user and require assistance, please consider using one of the mailing lists we host for the Fedora Project.
Please contact an administrator to resolve this issue, then request a bug refresh with In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/assign @soltysh |
|
@atiratree: An error was encountered searching for bug 1858760 on the Bugzilla server at https://bugzilla.redhat.com. No known errors were detected, please see the full error message for details. Full error message.
code 102: You are not authorized to access bug #1858760. Most likely the bug has been restricted for internal development processes and we cannot grant access. If you are a Red Hat customer with an active subscription, please visit the Red Hat Customer Portal for assistance with your issue If you are a Fedora Project user and require assistance, please consider using one of the mailing lists we host for the Fedora Project.
Please contact an administrator to resolve this issue, then request a bug refresh with In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@atiratree: An error was encountered searching for bug 1858760 on the Bugzilla server at https://bugzilla.redhat.com. No known errors were detected, please see the full error message for details. Full error message.
code 102: You are not authorized to access bug #1858760. Most likely the bug has been restricted for internal development processes and we cannot grant access. If you are a Red Hat customer with an active subscription, please visit the Red Hat Customer Portal for assistance with your issue If you are a Fedora Project user and require assistance, please consider using one of the mailing lists we host for the Fedora Project.
Please contact an administrator to resolve this issue, then request a bug refresh with In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
2 similar comments
|
@atiratree: An error was encountered searching for bug 1858760 on the Bugzilla server at https://bugzilla.redhat.com. No known errors were detected, please see the full error message for details. Full error message.
code 102: You are not authorized to access bug #1858760. Most likely the bug has been restricted for internal development processes and we cannot grant access. If you are a Red Hat customer with an active subscription, please visit the Red Hat Customer Portal for assistance with your issue If you are a Fedora Project user and require assistance, please consider using one of the mailing lists we host for the Fedora Project.
Please contact an administrator to resolve this issue, then request a bug refresh with In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@atiratree: An error was encountered searching for bug 1858760 on the Bugzilla server at https://bugzilla.redhat.com. No known errors were detected, please see the full error message for details. Full error message.
code 102: You are not authorized to access bug #1858760. Most likely the bug has been restricted for internal development processes and we cannot grant access. If you are a Red Hat customer with an active subscription, please visit the Red Hat Customer Portal for assistance with your issue If you are a Fedora Project user and require assistance, please consider using one of the mailing lists we host for the Fedora Project.
Please contact an administrator to resolve this issue, then request a bug refresh with In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/hold |
openshift-ci
bot
added
the
do-not-merge/hold
|
@atiratree: An error was encountered searching for bug 1858760 on the Bugzilla server at https://bugzilla.redhat.com. No known errors were detected, please see the full error message for details. Full error message.
code 102: You are not authorized to access bug #1858760. Most likely the bug has been restricted for internal development processes and we cannot grant access. If you are a Red Hat customer with an active subscription, please visit the Red Hat Customer Portal for assistance with your issue If you are a Fedora Project user and require assistance, please consider using one of the mailing lists we host for the Fedora Project.
Please contact an administrator to resolve this issue, then request a bug refresh with In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@atiratree: An error was encountered searching for bug 1858760 on the Bugzilla server at https://bugzilla.redhat.com. No known errors were detected, please see the full error message for details. Full error message.
code 102: You are not authorized to access bug #1858760. Most likely the bug has been restricted for internal development processes and we cannot grant access. If you are a Red Hat customer with an active subscription, please visit the Red Hat Customer Portal for assistance with your issue If you are a Fedora Project user and require assistance, please consider using one of the mailing lists we host for the Fedora Project.
Please contact an administrator to resolve this issue, then request a bug refresh with In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
1 similar comment
|
@atiratree: An error was encountered searching for bug 1858760 on the Bugzilla server at https://bugzilla.redhat.com. No known errors were detected, please see the full error message for details. Full error message.
code 102: You are not authorized to access bug #1858760. Most likely the bug has been restricted for internal development processes and we cannot grant access. If you are a Red Hat customer with an active subscription, please visit the Red Hat Customer Portal for assistance with your issue If you are a Fedora Project user and require assistance, please consider using one of the mailing lists we host for the Fedora Project.
Please contact an administrator to resolve this issue, then request a bug refresh with In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
atiratree
force-pushed
the
bz1858760
branch
2 times, most recently
from
b085b9e
to
92d755f
Compare
|
@dmage I have updated the description and implementation. Can you please review? |
pkg/cli/image/manifest/dockercredentials/credential_store_factory_test.go
Outdated
Show resolved
Hide resolved
| // findAuthentication looks for auth of registry in path. If ref is | ||
| // not nil, then it will be taken into account when looking up the | ||
| // authentication credentials. | ||
| func (r *AuthResolver) findAuthentication(ref reference.Named, registry string) (credentialprovider.DockerConfigEntry, error) { |
There was a problem hiding this comment.
It seems this function is always called with ref, reference.Domain(ref), can registry string be removed?
There was a problem hiding this comment.
@dmage yes, that would be simpler but I wanted it to preserve the original function as much as possible to not diverge much.
But I can simplify that if you prefer.
| password string | ||
| }{ | ||
| {name: "docker/docker,", input: testInput{authResolver: fn("index.docker.io", def), image: "docker/docker"}, user: def.Username, password: def.Password}, | ||
| {name: "library/debian", input: testInput{authResolver: fn("docker.io", def), image: "library/debian"}, user: def.Username, password: def.Password}, |
There was a problem hiding this comment.
should it be fn("index.docker.io", def)?
There was a problem hiding this comment.
this one is testing the old docker format
|
/lgtm |
|
@atiratree: An error was encountered searching for bug 1858760 on the Bugzilla server at https://bugzilla.redhat.com. No known errors were detected, please see the full error message for details. Full error message.
code 102: You are not authorized to access bug #1858760. Most likely the bug has been restricted for internal development processes and we cannot grant access. If you are a Red Hat customer with an active subscription, please visit the Red Hat Customer Portal for assistance with your issue If you are a Fedora Project user and require assistance, please consider using one of the mailing lists we host for the Fedora Project.
Please contact an administrator to resolve this issue, then request a bug refresh with In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/hold cancel |
openshift-ci
bot
removed
the
do-not-merge/hold
|
@atiratree: An error was encountered searching for bug 1858760 on the Bugzilla server at https://bugzilla.redhat.com. No known errors were detected, please see the full error message for details. Full error message.
code 102: You are not authorized to access bug #1858760. Most likely the bug has been restricted for internal development processes and we cannot grant access. If you are a Red Hat customer with an active subscription, please visit the Red Hat Customer Portal for assistance with your issue If you are a Fedora Project user and require assistance, please consider using one of the mailing lists we host for the Fedora Project.
Please contact an administrator to resolve this issue, then request a bug refresh with In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
all prerequisites resolved - updated to the newest openshift/library-go |
|
/retest |
- update findAuthentication logic and align with podman
|
rebased |
|
/lgtm |
There was a problem hiding this comment.
/bugzilla refresh
/lgtm
/approve
@atiratree let's land this first and then you'll most likely need to rebase #893 but with the changes from here it should simpler, I think
|
@soltysh: An error was encountered searching for bug 1858760 on the Bugzilla server at https://bugzilla.redhat.com. No known errors were detected, please see the full error message for details. Full error message.
code 102: You are not authorized to access bug #1858760. Most likely the bug has been restricted for internal development processes and we cannot grant access. If you are a Red Hat customer with an active subscription, please visit the Red Hat Customer Portal for assistance with your issue If you are a Fedora Project user and require assistance, please consider using one of the mailing lists we host for the Fedora Project.
Please contact an administrator to resolve this issue, then request a bug refresh with In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: atiratree, dmage, soltysh The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
/retest-required |
|
@atiratree: An error was encountered searching for bug 1858760 on the Bugzilla server at https://bugzilla.redhat.com. No known errors were detected, please see the full error message for details. Full error message.
code 102: You are not authorized to access bug #1858760. Most likely the bug has been restricted for internal development processes and we cannot grant access. If you are a Red Hat customer with an active subscription, please visit the Red Hat Customer Portal for assistance with your issue If you are a Fedora Project user and require assistance, please consider using one of the mailing lists we host for the Fedora Project.
Please contact an administrator to resolve this issue, then request a bug refresh with In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Since we are trying to switch to podman backend (#893) it makes sense to start using similar logic here (please see https://github.com/containers/image/blob/main/pkg/docker/config/config.go for reference). This fixes most of our auth issues.
We cannot fully switch to a podman backend yet, since this comes up with some incomptability issues: eg wrong auth config path order.
The implementation is also leveraging new CredentialStoreFactory interface, but for that we need the following PRs.
TODO: