-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add retrive-manifest
endpoint
#668
Conversation
@davidsiaw please review this |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Yuuki77 Thanks for the PR, I think we can have a closer look at how docker CLI does things to learn how to login to all docker registries universally.
if heritage.image_name.start_with?("quay.io/") | ||
response = RetrieveQuayManifest.new().process(user, password, heritage) | ||
else | ||
raise ExceptionHandler::InternalServerError.new("Unsupported Registry") | ||
end |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is strange because we should be able to login to quay using the docker API. Please see the docker CLI implementation https://github.com/docker/cli/blob/a32cd16160f1b41c1c4ae7bee4dac929d1484e59/cli/command/registry/login.go
It is possible for the docker CLI to login to quay without having to use the quay-specific CLI, which I think should be the case with barcelona as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@davidsiaw
Sure, we can use the docker api to log in
.
but to use manifest
endpint https://docs.docker.com/registry/spec/api/#manifest
we need bare token and it requires a basic auth
I do not think docker CLI support manifest
endpoint yet.
curl -X GET --user username:password "https://quay.io/v2/auth?service=quay.io&scope=repository:NAMESPACE/REPOSITORY:pull"
I think once https://docs.docker.com/engine/reference/commandline/manifest_inspect/ is not experimental,
we can start to look how they are doing it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm okay, I think lets put this change aside for now then until we can figure out how to connect to docker registries without having to implement third party apis.
part of #613
Add a
retrive-manifest
endpoint to Barcerola to resolve this issue.Initially, I tried to get the manifest using dockercfg, but after checking with quay's CS, he said that was not possible.
So we need a user and password for auth.
We can use this endpoint to check if the docker image is in the registry.