Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature Request: authentication when using oci-sync with third-party registry #1442

Open
mishanti opened this issue Sep 27, 2024 · 1 comment

Comments

@mishanti
Copy link

Hi guys,

thanks for all your work. I'm actively using ConfigSync, but due to company policy am bound to use Artifactory with traditional credentials.

It took me some time to understand that oci mode is the only one where there is no way to pass any kind of token. I assume oci-sync was envisioned with Google-native services in mind, but are there any other potential hurdles in implementing auth or picking up environmental credentials in the usual locations?

I was exploring creating a PR myself but atm my Go skills are not there yet :-( Please give me your view on this or an obvious alternative I may not be aware of. Thank you.

@nan-yu
Copy link
Contributor

nan-yu commented Sep 30, 2024

Thanks for raising this feature request! We appreciate you bringing this to our attention. We're tracking this internally and will keep you updated on our progress and ETA.

In the meantime, we'd welcome a contribution from you if you're interested in tackling this. Config Sync uses go-containerregistry to interact with OCI registries, and you could introduce the token auth type and create a specific authn.Authenticator around https://github.com/GoogleContainerTools/kpt-config-sync/blob/v1.19.0/pkg/oci/fetcher.go#L44.

Please include e2e tests along with your implementation. Feel free to reach out if you have any questions or need further guidance.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants