Use credentials from authfile for skopeo commands #453
Conversation
|
@mtrmac would you prefer the authfile flag be |
docs/skopeo.1.md
Outdated
|
|
||
| **docker://**_docker-reference_ | ||
| An image in a registry implementing the "Docker Registry HTTP API V2". By default, uses the authorization state in `$HOME/.docker/config.json`, which is set e.g. using `(docker login)`. | ||
| An image in a registry implementing the "Docker Registry HTTP API V2". By default, uses the authorization state in `$XDG_RUNTIME_DIR/containers/auth.json`, which is set e.g. using `(kpod login)`. |
There was a problem hiding this comment.
I think we should leave in that this works with either kpod login or docker login. Since skopeo is used by the larger docker community.
docs/skopeo.1.md
Outdated
| ``` | ||
|
|
||
| # SEE ALSO | ||
| kpod-login(1) |
There was a problem hiding this comment.
Should we not this in the Buildah/kpod commands too? I'm torn, we do use docker-login for those too, just don't want people to think we didn't think about that if we don't document it. Then again I'd rather not add a docker dependency to them. i.e. if docker changes auth at some point, then we'd have to adjust those for that rather than just dropping it.
There was a problem hiding this comment.
fixed.
@rhatdan should this be mentioned in buildah and kpod as well?
There was a problem hiding this comment.
We can mention in buildah and kpod that docker login works, but don't need to specify it directly. Since those tools are not as tied into the Docker infrastructure as skopeo is.
|
|
||
| Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json | ||
| which is set using `kpod login` | ||
|
|
There was a problem hiding this comment.
Just double checking as I've not tried. If you use the $HOME/.docker/config.json file as the auth file, is docker happy afterwards? I.e. if you do 'kpod login --auth ~/.docker/config.json', can you then run a docker command that requires auth without it spitting up? Really is not related to this review though.
There was a problem hiding this comment.
I actually haven't tried that yet. It might not work because there is a slight difference in the way kpod and docker store the registry name in auth.json and config.json.
mtrmac
left a comment
mtrmac
left a comment
There was a problem hiding this comment.
ACK overall, just one nit.
docs/skopeo.1.md
Outdated
| **--authfile** _path_ | ||
|
|
||
| Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json | ||
| which is set using `kpod login` or `docker login` |
There was a problem hiding this comment.
This seems to say docker login writes to auth.json, which is not true. (Also in two other instances.)
There was a problem hiding this comment.
If we have this in kpod and/or Buildah, can we touch it up there too please?
There was a problem hiding this comment.
fixed.
@TomSweeneyRedHat there is no mention of docker login in buildah or kpod. Is it something we want to add?
No, a single flag as you have implemented is better. The |
|
LGTM |
1 similar comment
|
LGTM |
|
@umohnani8 Lets add something to kpod and buildah that mentions docker login. |
docs/skopeo.1.md
Outdated
|
|
||
| **docker://**_docker-reference_ | ||
| An image in a registry implementing the "Docker Registry HTTP API V2". By default, uses the authorization state in `$HOME/.docker/config.json`, which is set e.g. using `(docker login)`. | ||
| An image in a registry implementing the "Docker Registry HTTP API V2". By default, uses the authorization state in either `$XDG_RUNTIME_DIR/containers/auth.json`, which is set using `(kpod login)` or in `$HOME/.docker/config.json`, which is set using `(docker login)` |
There was a problem hiding this comment.
👍
@umohnani8 I do think this should probably be added to kpod/buildah somewhere. We're currently searching thorough containers/auth.json and then .docker/config.json in both of those now right? If not, then this should be added when we are.
There was a problem hiding this comment.
I think we probably ought to note precedence here too. Perhaps: "By default, uses the authorization state in $XDG_RUNTIME_DIR/containers/auth.json, which is set using (kpod login). If the authorization state is not found there, then $HOME/.docker/config.jsonis checked which is set using(docker login)`."
FWIW, missing a period at the end of your current line here.
docs/skopeo.1.md
Outdated
|
|
||
| **--authfile** _path_ | ||
|
|
||
| Path of the authentication file. Default is ${XDG_RUNTIME\_DIR}/containers/auth.json, which is set using `kpod login` |
There was a problem hiding this comment.
Missing period after kpod login. A mention of precedence would probably be good here too. Perhaps: "Default is ${XDG_RUNTIME_DIR}/containers/auth.json, which is set using kpod login. If the authorization state is not found there, then $HOME/.docker/config.json is checked, which is set using docker login."
skopeo copy, delete, and inspect can now use credentials stored in the auth file by the kpod login command e.g kpod login docker.io -> skopeo copy dir:mydir docker://username/image Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
Tests passed |
5 participants
skopeo copy, delete, and inspect can now use credentials stored in the auth file
by the kpod login command
e.g kpod login docker.io -> skopeo copy dir:mydir docker://username/image
Signed-off-by: Urvashi Mohnani umohnani@redhat.com