additional authentication files #595
Conversation
vrothberg
force-pushed
the
additional-auth-file
branch
from
9fdf270 to
6daedce
Compare
|
Small nit, but LGTM |
Allow specifying additional authentication files passed through `types.SystemContext`. Those additional files are only used for reading credentials. The `AuthFilePath` remains the center of auth management and is the only authentication file used for storing new and removing old credentials. Having the ability to specify additional authentication files can come in handy to unify multiple entities that have dedicated auth files, for instance, the K8s kubelet. See the below bug for additional details. Also add debug logs to `findAuthentication()` to ease debugging potential future regressions. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1686556 Signed-off-by: Valentin Rothberg <[email protected]>
vrothberg
force-pushed
the
additional-auth-file
branch
from
6daedce to
9295a90
Compare
mtrmac
left a comment
mtrmac
left a comment
There was a problem hiding this comment.
The code is plausible, but the purpose of the code is a bit surprising to me.
The config file already supports multiple entries in one file; it’s counterintuitive that a single caller (with a single privilege level) would ever really need to / want to maintain two distinct config files.
More importantly, my initial impression of https://bugzilla.redhat.com/show_bug.cgi?id=1686556 (just skimming the discussions, without having read all the relevant code or reproduced it) is that in that case we are not passing any credentials, or that we are passing one incorrect set; not that there genuinely are two sets that need merging. Is that incorrect?
| }) | ||
| } | ||
|
|
||
| func additionalAuthFiles(sys *types.SystemContext) []string { |
There was a problem hiding this comment.
I don’t quite think there four lines are with a function… it’s three lines in the caller, which already has a paths variable, and we have ~5 lines of overhead with defining the function.
Rather, the full computation of all candidate paths should probably be unified between GetAuthentication and GetUserLoggedIn; it seems a bit unlikely that the existing divergence was intentional (OTOH I haven’t checked the past discussions.)
There was a problem hiding this comment.
I don’t quite think there four lines are with a function
“are worth a function”… macOS autocorrection is infuriating sometimes.
|
Travis report: |
Thanks! That comes from containers/storage and containers/image not liking each other over at Skopeo. We need to fix this as well. |
This is the fallout from containers/storage#299 . |
|
Closing as we found another solution for CRI-O :) |
|
I think #588 would give an API that makes this sort of thing convenient, even if we may be going with openshift/machine-config-operator#535 in this particular case ;). |
5 participants
Allow specifying additional authentication files passed through
types.SystemContext. Those additional files are only used for readingcredentials. The
AuthFilePathremains the center of auth managementand is the only authentication file used for storing new and removing
old credentials.
Having the ability to specify additional authentication files can come
in handy to unify multiple entities that have dedicated auth files, for
instance, the K8s kubelet. See the below bug for additional details.
Also add debug logs to
findAuthentication()to ease debuggingpotential future regressions.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1686556
Signed-off-by: Valentin Rothberg [email protected]