Bug 2057101
| Summary: | oc commands working with images print an incorrect and inappropriate warning | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Clayton Coleman <ccoleman> |
| Component: | oc | Assignee: | Filip Krepinsky <fkrepins> |
| oc sub component: | oc | QA Contact: | zhou ying <yinzhou> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | high | ||
| Priority: | medium | CC: | aos-bugs, fkrepins, mfojtik, wking |
| Version: | 4.11 | ||
| Target Milestone: | --- | ||
| Target Release: | 4.11.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-08-10 10:50:45 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2106158 | ||
> 1. We cannot deprecate config.json format from oc - this is part of our CLI contract and we would break automation around the CLI. That's why this is a high severity bug (in case a future vendor update from container/image breaks us), and we should stop using any code that could potentially break here We are not deprecating the config. We are just deprecating the order of resolution. Currently if the credentials are not found in the docker config we will start looking in podman config. Only the order will change in future version. So we will first lookup the credentials in podman config and then if not found in docker config. So in order to break the consumer the consumer would have to have two different credentials for the same registry in both docker config and podman config. This probably should not be that common (and much less in automation), but for these cases we are given the users time to adapt with this warning. > 2. This isn't podman - we shouldn't be printing this message, which probably means the library we're using is incorrectly scoped to a different CLI (Podman) vs oc (which is very definitely not podman) It could be also argued that oc is not a docker, but we are reusing their configs/credentials either way > 3. We shouldn't be printing the warning in glog format, no matter what (library code should never print glog warnings to end users in CLIs, that's the CLI's job). Yup, that would look better, we can change that. release notes for this: https://github.com/openshift/openshift-docs/pull/41535/files not a blocker since the original behaviour was not changed yet I have posted a PR with updated format and messages Checked with latest oc ,:
oc adm release extract registry.ci.openshift.org/ocp/release:4.11.0-0.nightly-2022-04-06-000911 --to=/tmp/rel2 --command=oc
Warning: the default reading order of registry auth file will be changed from "${HOME}/.docker/config.json" to podman registry config locations in the future version. "${HOME}/.docker/config.json" is deprecated, but can still be used for storing credentials as a fallback. See https://github.com/containers/image/blob/main/docs/containers-auth.json.5.md for the order of podman registry config locations.
oc version --client
Client Version: 4.11.0-202204020828.p0.gf1f09a3.assembly.stream-f1f09a3
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:5069 |
The most recent CLI (4.11 master branch on Feb 22) is sending a very ugly info message to the command line in oc adm: $ oc adm release extract registry.ci.openshift.org/ocp/release:4.11.0-0.ci-2022-02-22-131752 --to=/tmp/rel2 --command=oc W0222 13:04:44.534596 171206 helpers.go:151] Defaulting of registry auth file to "${HOME}/.docker/config.json" is deprecated. The default will be switched to podman config locations in the future version. There are several bugs here: 1. We cannot deprecate config.json format from oc - this is part of our CLI contract and we would break automation around the CLI. That's why this is a high severity bug (in case a future vendor update from container/image breaks us), and we should stop using any code that could potentially break here 2. This isn't podman - we shouldn't be printing this message, which probably means the library we're using is incorrectly scoped to a different CLI (Podman) vs oc (which is very definitely not podman) 3. We shouldn't be printing the warning in glog format, no matter what (library code should never print glog warnings to end users in CLIs, that's the CLI's job).