Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use configured GitlabToken for Docker datasource authorization #8987

Closed
secustor opened this issue Mar 4, 2021 · 4 comments
Closed

Use configured GitlabToken for Docker datasource authorization #8987

secustor opened this issue Mar 4, 2021 · 4 comments
Labels
priority-4-low Low priority, unlikely to be done unless it becomes important to more people status:requirements Full requirements are not yet known, so implementation should not be started type:feature Feature (new functionality)

Comments

@secustor
Copy link
Collaborator

secustor commented Mar 4, 2021

What would you like Renovate to be able to do?
We are using a self hosted instance of Gitlab and Renovate.
The docker registry provided by Gitlab is served under another domain ( e.g. gitlab.example.com vs registry.example.com )
Because the registry is served by Gitlab, the Gitlab token configured by gitlab_api_token should be reused for authentication.

Did you already have any implementation ideas?
self hosted configuration:

{
  "endpoint": "https://gitlab.example.com/api/v4/",
  "platform": "gitlab",
  "token": "xxxxxxxxx"
}

I see to implementation variants:

  1. Implement a separate function in the docker data source which tries to authorize against the registry URL with the API token. This could be optional maybe.
  2. add variable expansion in the host rules to insert the gitlab_api_token in the password field with:
    a. From environment variables e.g.:
{
  "hostRules": [
    {
      "domainName": "registry.example.com",
      "username": "renovate",
      "password": "${GITLAB_API_TOKEN}"
    }
  ]
}

b. From other configurations e.g.

{
  "hostRules": [
    {
      "domainName": "registry.example.com",
      "username": "renovate",
      "password": "{{config.token}}"
    }
  ]
}
@secustor secustor added priority-5-triage status:requirements Full requirements are not yet known, so implementation should not be started type:feature Feature (new functionality) labels Mar 4, 2021
@rarkins
Copy link
Collaborator

rarkins commented Mar 4, 2021

Can you add hostRules using the bot config (e.g. config.js) which allows variable substitution? e.g.

module.exports = {
  hostRules: [
    {
      domainName: "registry.example.com",
      username: "renovate",
      password: process.env.GITLAB_API_TOKEN}
    }
  ]
}

@secustor
Copy link
Collaborator Author

secustor commented Mar 8, 2021

Thx that works!

But maybe a reuse of other configuration values could be helpful feature. WDYT?

@HonkingGoose HonkingGoose added priority-4-low Low priority, unlikely to be done unless it becomes important to more people and removed priority-5-triage labels Mar 8, 2021
@viceice
Copy link
Member

viceice commented Mar 8, 2021

@secustor checkout #8070

@secustor
Copy link
Collaborator Author

secustor commented Mar 8, 2021

@viceice yeah that would fit my use case

@rarkins rarkins closed this as completed Mar 8, 2021
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 8, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
priority-4-low Low priority, unlikely to be done unless it becomes important to more people status:requirements Full requirements are not yet known, so implementation should not be started type:feature Feature (new functionality)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@viceice @rarkins @secustor @HonkingGoose