Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add DockerCompatAuthFilePath to allow login/logout to interoperate #2173

Merged
merged 4 commits into from
Nov 13, 2023

Conversation

mtrmac
Copy link
Collaborator

@mtrmac mtrmac commented Nov 3, 2023

Allow the existing pkg/docker/config credential API to be used with Docker-compatible config.json files, using a new types.SystemContext.DockerCompatAuthFilePath option. This should help with containers/podman#18617 ; I plan to expose this option in c/common/pkg/auth, and users would say something like podman login --docker-file=~/.docker/config.json docker.io (end-user design doc TBD).

It must be an option primarily because we want to refuse to write namespaced credentials when writing to .docker/config.json.

Also add interoperability testing between c/image and docker/cli, to the extent cheaply possible (e.g.docker/cli, understandably, is not structured to trigger the “write credentials” code of login without trying to actually login — so the tests use a somewhat lower-level API and need to duplicate some of the logic.

I was considering introducing this option with a new functional-option API instead of continuing with problematic SystemContext, but pkg/docker/config depends on sysregistriesv2 for the credential helpers list, so that would be a rather invasive change.


WIP, filed for early review on the API. Cc: @vrothberg

@mtrmac mtrmac marked this pull request as draft November 3, 2023 19:33
Copy link
Member

@vrothberg vrothberg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code LGTM

The plumbing into podman needs very careful consideration. What (I think) needs to work "out of the box" on Mac is a podman login ... docker-compose ... without having to specify any new flags on the CLI.

@mtrmac
Copy link
Collaborator Author

mtrmac commented Nov 6, 2023

At a first glance, that seems impossible - in Docker mode we must reject podman login docker.io/company, in Podman mode we must support that.

And either way it’s not necessary for containers/podman#18617, that one starts with an explicit podman login --authfile ~/.docker/config.json …

@mtrmac mtrmac force-pushed the docker-compat-login branch 2 times, most recently from 8dddf38 to b8f8916 Compare November 8, 2023 17:40
@mtrmac mtrmac added the kind/feature A request for, or a PR adding, new functionality label Nov 9, 2023
... so that the Set/Remove functions are together.

Only moves unchanged code, should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
For now, this is not really helpful, but we will conditionalize
the returned values.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
... using a new types.SystemContext.DockerCompatAuthFilePath.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
@mtrmac mtrmac force-pushed the docker-compat-login branch from b8f8916 to 7b94d26 Compare November 10, 2023 00:45
@mtrmac
Copy link
Collaborator Author

mtrmac commented Nov 10, 2023

Manual tests show that

  • basic login/logout operation vs. docker pull works
  • The special-case of docker.io seems to work as well.

And there are the unit tests in this PR. So I think this is ready for review/merging.

@mtrmac mtrmac marked this pull request as ready for review November 10, 2023 00:47
@mtrmac mtrmac merged commit 9fe5410 into containers:main Nov 13, 2023
9 checks passed
@mtrmac mtrmac deleted the docker-compat-login branch November 13, 2023 18:50
mtrmac added a commit to mtrmac/common that referenced this pull request Nov 13, 2023
> go get github.com/containers/image/v5@main
> go mod tidy && go mod vendor

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
mtrmac added a commit to mtrmac/buildah that referenced this pull request Nov 16, 2023
... to include containers/image#2173
and containers/common#1731 .

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
mtrmac added a commit to mtrmac/skopeo that referenced this pull request Nov 16, 2023
... to include containers/image#2173
and containers/common#1731 .

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
mtrmac added a commit to mtrmac/buildah that referenced this pull request Nov 16, 2023
... to include containers/image#2173
and containers/common#1731 .

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
mtrmac added a commit to mtrmac/libpod that referenced this pull request Nov 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/feature A request for, or a PR adding, new functionality
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants