Replies: 9 comments 29 replies
-
Overall LGTM. A few suggestions:
|
Beta Was this translation helpful? Give feedback.
-
Got a question regarding:
Shall we make DisablePlainTextSave default to
|
Beta Was this translation helpful? Give feedback.
-
Is it a goal or non-goal of this design to support Podman's auth config as well, which uses a file of the same structure, but at a different location ( We've found some Podman users do I think it's fine to say this is not something you want to support, I just wonder whether the design should take it into account and explicitly state it as out-of-scope. |
Beta Was this translation helpful? Give feedback.
-
Yeh, the path to the file needs to be flexible. Helm was using a different path for the config.json file at least at some point, not sure if they still are. It would be nice if certs (for auth and validation) were handled in the credentials files as well, but maybe future scope. PR to review would be easier IMO |
Beta Was this translation helpful? Give feedback.
-
I think the verbs could have more agreement. I think this set would be harder to remember then basics like Write/Read/Delete |
Beta Was this translation helpful? Give feedback.
-
@shizhMSFT @imjasonh @TerryHowe @patrickzheng200 Thanks everyone for your helpful inputs! I've just updated the doc and will submit corresponding PRs later. |
Beta Was this translation helpful? Give feedback.
-
oras has Dockerhub-specific domain redirection rules:
Will 1 and 2 be included in |
Beta Was this translation helpful? Give feedback.
-
It seems func NewStore(configPath, serverAddress string, opts StoreOptions) Store Also, instead of func NewNStore(configPaths []string, opts StoreOptions) Store you may want to have something like func MultiStore(store ...Store) Store Again, you may want func NewDockerStore(opts StoreOptions) Store to cover NewClientWithDockerFallback from |
Beta Was this translation helpful? Give feedback.
-
Updated per comments. |
Beta Was this translation helpful? Give feedback.
-
Design of
oras-credential-go
Goals
oras-go v2
.oras
: https://github.com/oras-project/oras/tree/main/internal/credentialoras-go
v1: https://github.com/oras-project/oras-go/tree/v1/pkg/auth/dockernotation
: https://github.com/notaryproject/notation/tree/main/pkg/authNotes: The following is an example of Docker configuration file.
Non-Goals
Challenges
Proposal
Solution to challenges
auths
field of the json object, and marshal the updated json object back to the file. That way we can keep all the unknown fields in the configuration file.Interfaces
We can define a basic interface for reading, saving and removing credentials as follows.
The
auth.Credentials
refers toCredential
defined in theauth
package oforas-go v2
.File Store
Based on the interface, we can further implement a
FileStore
for managing credentials stored in the Docker configuration file.Native Store
Besides, we can also implement a
NativeStore
for managing credentials using a native credential store or credential helpers.The
client.ProgramFunc
refers to theProgramFunc
defined in the packageclient
ofdocker-credential-helper
.Utility Methods
We can provide some common utility methods for convenience. The method names can be determined later.
NewStore()
This method is to return a new credential store based on the settings in the configuration file.
The method should look for the credential store for a given server address in the order of credential helper, credential store and configuration file.
The method should provide an option
AllowPlainText
to allow users to specify whether to save credentials in plain-text. If the native store is not available, when the option is set to false (default value),NewStore().Save()
will return an error; when the option is set to true,NewStore().Save()
will save the credential in plain-text in the configuration file.NewStoreFromDocker()
This method is to return a store from the default docker config file.
NewStoreWithFallbacks()
This method is to return a new store based on the given stores. The second and the subsequent stores will be used as fallbacks for the first store.
Login()
This method is to log a registry in.
Logout()
This method is to log a registry out.
Credential()
This method is to return a
Credential
function that can be used byauth.Client
oforas-go v2
.Additional Requirements
docker.io
toregistry-1.docker.io
registry-1.docker.io
tohttps://index.docker.io/v1/
References
docker/cli/config
Beta Was this translation helpful? Give feedback.
All reactions