Bug 1982498
| Summary: | Default registry credential path should be adjusted to use containers/auth.json for oc commands | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Wenjing Zheng <wzheng> |
| Component: | oc | Assignee: | Filip Krepinsky <fkrepins> |
| oc sub component: | oc | QA Contact: | zhou ying <yinzhou> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | medium | ||
| Priority: | medium | CC: | aos-bugs, gpei, jiazha, maszulik, mfojtik, xiuwang |
| Version: | 4.9 | ||
| Target Milestone: | --- | ||
| Target Release: | 4.10.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Enhancement | |
| Doc Text: |
Feature:
added support for podman config credentials in oc
oc commands that use registry config (oc login, oc image, etc.) now obtain credentials from podman config locations if a registry entry cannot be found in the default docker config location.
The order can be changed via REGISTRY_AUTH_PREFERENCE env variable to docker (current default - deprecated) or podman
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-03-11 18:15:11 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Filip check how hard would it be to support podman config path. Per comment in https://github.com/openshift/oc/pull/893#issuecomment-896583420, assign this bug back. I have acknowledged the issues and updated the PR *** Bug 1992468 has been marked as a duplicate of this bug. *** *** Bug 1992474 has been marked as a duplicate of this bug. *** Replying to https://bugzilla.redhat.com/show_bug.cgi?id=1992474#c1: > This does not have the same impact as using the additional registries as in (https://bugzilla.redhat.com/show_bug.cgi?id=1992468 and https://bugzilla.redhat.com/show_bug.cgi?id=1982498). > > This is writing an auth config to just one location. By changing this location we would break backwards compatibility. For example scripts that login with oc registry and run docker on that new registry. > > We could implement this by copying the same logic podman uses - ie picking the most appropriate location. Not always ~/.docker/config.json like we do now even when that location doesn't exist. > This would work for most of the cases, but would break the backwards compatibility. > > @maszulik what are you thoughts on this? You're right we can't break backwards compatibility. We'll add support for new locations but the order will be still old. *** Bug 1992467 has been marked as a duplicate of this bug. *** *** Bug 1972775 has been marked as a duplicate of this bug. *** retargeting to 4.10, too risky for closing in 4.9. Can be reconsidered for backporting once verified *** Bug 2006656 has been marked as a duplicate of this bug. *** Verified with client version Client Version: 4.10.0-0.nightly-2021-12-03-213835 Server Version: 4.10.0-0.nightly-2021-12-03-213835 |
Description of problem: Since podman login is using ${XDG_RUNTIME_DIR}/containers/auth.json as a default registry credential path,but oc commands which needs any registry credential are using ~/.docker/config.json. For example,command oc image append : -a, --registry-config='': Path to your registry credentials (defaults to ~/.docker/config.json) Version-Release number of selected component (if applicable): 4.9.0-0.nightly-2021-07-14-204159 How reproducible: Always Steps to Reproduce: 1.Check the help page of oc image append, the option of registry-config 2. 3. Actual results: It is using ~/.docker/config.json as default registry credential path. Expected results: It should be updated to use ${XDG_RUNTIME_DIR}/containers/auth.json. Additional info: