-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add /auth for docker compatibility #9589
add /auth for docker compatibility #9589
Conversation
c93ed4c
to
0228bc7
Compare
The core element of this is working now (tested and verified with AWS ECR). I'm not sure how to proceed with a unit test for it. If I understand correctly, it would mean setting up a docker registry. Would appreciate a second set of eyes on the testing for an idea of how to go forward. |
@edsantiago might have an answer on testing |
Ugh. This is a solved problem for our system tests in CI, but not for apiv2 tests. It's probably about a 2- to 3-hour effort to set it up for apiv2 tests; unfortunately I won't have that time until mid-March. |
LGTM |
Quick comment: I'm working on a testing framework for this. It's not ready, but one thing I've found is that this might not be compatible with docker. The docker API documentation implies that |
Also: the Also: on successful auth I get |
@troyready try this: $ make ! (in your source tree, with these changes)
$ git pr 9669 ! requires git-extras
$ ./test/apiv2/test-apiv2 auth
Generating a RSA private key
.......................................++++
......++++
writing new private key to '/dev/shm/test-apiv2.tmp.33vdZT/registry/auth/domain.key'
-----
ok 1 [60-auth] POST /v1.40/auth [-d {"username":"uRIU5jdv","password":"WrOnGPassWord","serveraddress":"localhost:5066/"}] : status=400
ok 2 [60-auth] POST /v1.40/auth [-d {"username":"uRIU5jdv","password":"WrOnGPassWord","serveraddress":"localhost:5066/"}] : .Status ('login attempt to localhost:5066/ failed with status: unable to retrieve auth token: invalid username/password: unauthorized') ~ .* invalid username/password
ok 3 [60-auth] POST /v1.40/auth [-d {"username":"uRIU5jdv","password":"pVhgy0Bi","serveraddress":"localhost:5066/"}] : status=200
ok 4 [60-auth] POST /v1.40/auth [-d {"username":"uRIU5jdv","password":"pVhgy0Bi","serveraddress":"localhost:5066/"}] : .Status=Login Succeeded
not ok 5 [60-auth] POST /v1.40/auth [-d {"username":"uRIU5jdv","password":"pVhgy0Bi","serveraddress":"localhost:5066/"}] : .IdentityToken
# expected: ~ [a-zA-Z0-9]
# actual:
1..5 That will run my tests against your PR, with a local registry. It will fail, because See Above. To iterate: $ git co your-working-branch
edit-edit-edit
$ make
$ git co pr/9669 HTH. (Postscript: the results above partly-succeed only because I hardcoded |
Thanks for looking into it @edsantiago !
I think I ran into the same issue, where getting the http (no To be clear, this seems to be specific to testing (which I think is the only scenario where TLS would be avoided -- this doesn't appear to be an issue when using it with a trusted
The IdentityToken appears to be optional; when testing the same API using Docker against AWS ECR, I get the same empty string. |
250395b
to
629bf36
Compare
Thanks again @edsantiago -- with the new test setup I was able to figure out what was going wrong. Latest commit fixes the issue: tests are working now, and I've confirmed it still works with a normal live (trusted TLS) repo as well. (I'm pretty sure the zuul build failure is unrelated to changes here) |
/hold @troyready could you please rebase, then update your added |
This endpoint just validates credentials: https://github.com/moby/moby/blob/v20.10.4/api/swagger.yaml#L7936-L7977 Fixes: containers#9564 Signed-off-by: troyready <[email protected]>
Signed-off-by: troyready <[email protected]>
629bf36
to
955aacc
Compare
Sure thing, done @edsantiago |
LGTM |
Great work @troyready Thanks. |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: rhatdan, troyready The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
This endpoint just validates credentials:
https://github.com/moby/moby/blob/v20.10.4/api/swagger.yaml#L7936-L7977
Fixes: #9564