Skip to content

update use of auth.json credentials for import, add test of existing image import behavior #726

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Sep 22, 2025
Merged

update use of auth.json credentials for import, add test of existing image import behavior #726

merged 4 commits into from
Sep 22, 2025

Conversation

@mikemccracken
Copy link
Contributor

@mikemccracken mikemccracken commented Sep 12, 2025
edited
Loading

containers/image copy.Image() already uses GetCredentials() to look in auth.json for base image imports.

this adds a test to cover this case using a zot configured to require auth. also generates certs for the zot in the test.

It also updates the previous auth code for import section imports, so that we now pass the entire path of an import to GetCredentials(), which lets us use different creds for different subpaths on a host.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@mikemccracken

This comment was marked as outdated.

Sign in to view
@mikemccracken mikemccracken force-pushed the 2025.09.11/main/image-import-creds branch 3 times, most recently from b506692 to 2b69ac7 Compare September 12, 2025 22:05
@codecov

This comment was marked as outdated.

Sign in to view
@mikemccracken mikemccracken force-pushed the 2025.09.11/main/image-import-creds branch 4 times, most recently from c0954ec to 8b99c1f Compare September 18, 2025 17:51
@mikemccracken mikemccracken changed the title build: use auth.json credentials for image import update use of auth.json credentials for import, add test of existing image import behavior Sep 18, 2025
@mikemccracken
ci: ensure we have new skopeo
c854953 
ensure we get the new skopeo into hack/tools/bin and then put that at
the front of PATH

Signed-off-by: Michael McCracken <mikmccra@cisco.com>
@mikemccracken
test: auth.json creds works for image import
2008757 
This is a test to check existing behavior.

Internally, without stacker needing to pass creds in the opts,
containers/image uses GetCredentials() to look in auth.json for creds
for calls to copy.Image().

this adds a test to cover this case using a zot configured to require auth.
also generates certs for the zot in the test.

some other cleanup in tests

Signed-off-by: Michael McCracken <mikmccra@cisco.com>
@mikemccracken
fix: use host and path for credentials search
7b0c850 
To support different credentials for different paths on a host (e.g. an
artifactory server with multiple repositories), we need stacker to send
the full path to GetCredentials. GetCredentials searches for the full
path, then iterates over subpaths by removing one path component at a
time, so the creds from longest matching subpath are returned.

Updates the import-http-auth test to show this behavior.

Signed-off-by: Michael McCracken <mikmccra@cisco.com>
@mikemccracken mikemccracken force-pushed the 2025.09.11/main/image-import-creds branch from 8b99c1f to 7b0c850 Compare September 18, 2025 20:32
@mikemccracken
docs: update and consolidate credential info
e3c066a 
Signed-off-by: Michael McCracken <mikmccra@cisco.com>
@mikemccracken mikemccracken force-pushed the 2025.09.11/main/image-import-creds branch from d905c09 to e3c066a Compare September 18, 2025 20:57
@mikemccracken
Copy link
Contributor Author

This is ready to review now.

mikemccracken
mikemccracken commented Sep 19, 2025
View reviewed changes
rchincha
rchincha approved these changes Sep 19, 2025
View reviewed changes
Copy link
Contributor

@rchincha rchincha left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

hallyn
hallyn approved these changes Sep 22, 2025
View reviewed changes
Copy link
Contributor

@hallyn hallyn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm bugged by the fact that 'if [[ -n $undefined_var ]]' is not causing any issues in bash :) decades of "it"-level fears...

@hallyn hallyn merged commit d6d6478 into project-stacker:main Sep 22, 2025
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hallyn hallyn hallyn approved these changes

@rchincha rchincha rchincha approved these changes

@smoser smoser Awaiting requested review from smoser smoser is a code owner

@raharper raharper Awaiting requested review from raharper raharper is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mikemccracken @hallyn @rchincha