Bug 1982498 - Default registry credential path should be adjusted to use containers/auth.json for oc commands
Summary: Default registry credential path should be adjusted to use containers/auth.js...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: oc
Version: 4.9
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.10.0
Assignee: Filip Krepinsky
QA Contact: zhou ying
URL:
Whiteboard:
: 1972775 1992467 1992468 1992474 2006656 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-07-15 03:45 UTC by Wenjing Zheng
Modified: 2022-04-25 08:40 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Feature: added support for podman config credentials in oc oc commands that use registry config (oc login, oc image, etc.) now obtain credentials from podman config locations if a registry entry cannot be found in the default docker config location. The order can be changed via REGISTRY_AUTH_PREFERENCE env variable to docker (current default - deprecated) or podman
Clone Of:
Environment:
Last Closed: 2022-03-11 18:15:11 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift oc pull 893 0 None Merged Bug 1982498: default to podman credential configs 2021-12-01 13:46:48 UTC
Github openshift oc pull 983 0 None Merged fix registry-config messages and imports 2021-12-01 13:46:29 UTC

Description Wenjing Zheng 2021-07-15 03:45:16 UTC
Description of problem:
Since podman login is using ${XDG_RUNTIME_DIR}/containers/auth.json as a default registry credential path,but oc commands which needs any registry credential are using ~/.docker/config.json. 

For example,command oc image append :
  -a, --registry-config='': Path to your registry credentials (defaults to ~/.docker/config.json) 

Version-Release number of selected component (if applicable):
4.9.0-0.nightly-2021-07-14-204159

How reproducible:
Always

Steps to Reproduce:
1.Check the help page of oc image append, the option of registry-config
2.
3.

Actual results:
It is using ~/.docker/config.json as default registry credential path.

Expected results:
It should be updated to use ${XDG_RUNTIME_DIR}/containers/auth.json.

Additional info:

Comment 1 Maciej Szulik 2021-07-21 11:49:51 UTC
Filip check how hard would it be to support podman config path.

Comment 2 XiuJuan Wang 2021-08-11 07:54:21 UTC
Per comment in https://github.com/openshift/oc/pull/893#issuecomment-896583420, assign this bug back.

Comment 3 Filip Krepinsky 2021-08-11 18:16:00 UTC
I have acknowledged the issues and updated the PR

Comment 4 Maciej Szulik 2021-08-16 14:53:06 UTC
*** Bug 1992468 has been marked as a duplicate of this bug. ***

Comment 5 Maciej Szulik 2021-08-16 14:53:13 UTC
*** Bug 1992474 has been marked as a duplicate of this bug. ***

Comment 6 Maciej Szulik 2021-08-17 14:13:32 UTC
Replying to https://bugzilla.redhat.com/show_bug.cgi?id=1992474#c1:

> This does not have the same impact as using the additional registries as in (https://bugzilla.redhat.com/show_bug.cgi?id=1992468 and https://bugzilla.redhat.com/show_bug.cgi?id=1982498).
> 
> This is writing an auth config to just one location. By changing this location we would break backwards compatibility. For example scripts that login with oc registry and run docker on that new registry.
> 
> We could implement this by copying the same logic podman uses - ie  picking the most appropriate location. Not always ~/.docker/config.json like we do now even when that location doesn't exist. 
> This would work for most of the cases, but would break the backwards compatibility.
> 
> @maszulik what are you thoughts on this?

You're right we can't break backwards compatibility. We'll add support for new locations but the order will be still old.

Comment 7 Maciej Szulik 2021-08-19 11:35:56 UTC
*** Bug 1992467 has been marked as a duplicate of this bug. ***

Comment 8 Maciej Szulik 2021-09-01 10:33:42 UTC
*** Bug 1972775 has been marked as a duplicate of this bug. ***

Comment 9 Filip Krepinsky 2021-09-02 14:00:41 UTC
retargeting to 4.10, too risky for closing in 4.9. Can be reconsidered for backporting once verified

Comment 10 Filip Krepinsky 2021-09-22 11:22:31 UTC
*** Bug 2006656 has been marked as a duplicate of this bug. ***

Comment 14 XiuJuan Wang 2021-12-06 10:18:44 UTC
Verified with client version
Client Version: 4.10.0-0.nightly-2021-12-03-213835
Server Version: 4.10.0-0.nightly-2021-12-03-213835


Note You need to log in before you can comment on or make changes to this bug.