Add config for docker auth #767
Conversation
The dockerAuth config files can be placed in both "auth.d" and
"docker.d" directory and their format is:
```
{
"rktKind": "dockerAuth",
"rktVersion": "v1",
"indices": [
"index.docker.io",
"quay.io"
],
"credentials": {
"user": "foo",
"password": "bar"
}
}
```
Will be used by docker auth unit tests.
|
Could you add some docs to this? Essentially we just need to tell the user how to use this like you did in the commit message. Thanks! |
|
Argh, I knew I forgot something. Yeah, will do. |
|
Adding a functional test for it might be tricky. I'll probably need some docker version of test-aci-auth-server. |
|
LGTM |
| { | ||
| "rktKind": "dockerAuth", | ||
| "rktVersion": "v1", | ||
| "indices": ["index.docker.io", "quay.io"], |
There was a problem hiding this comment.
How did you end up on "index/indices" instead of "registry/registries"?
There was a problem hiding this comment.
Actually I guess this question should be directed upstream in docker2aci at @iaguis :D
There was a problem hiding this comment.
(seems like docker/docker source code is mixed, clearest doc reference I can find is https://github.com/docker/docker/tree/master/docs/sources/terms)
There was a problem hiding this comment.
My impression was that index was the first "point of contact" in docker hub API - getting metadata and whatnot. Another impression I had was that the basic HTTP authentication is done against that index and later we just receive a docker token for authentication.
But maybe I'm spouting nonsense or go too much into technicalities. Other names I was thinking about were "repositories" or "repos".
There was a problem hiding this comment.
My impression was that index was the first "point of contact" in docker hub API - getting metadata and whatnot. Another impression I had was that the basic HTTP authentication is done against that index and later we just receive a docker token for authentication.
That's correct.
This is confusing. Docker Hub has index.docker.io and registry.hub.docker.com. According to this, something like quay.io or gcr would be a private registry. They don't mention anything about an index there and, in the rest of the documentation, when they talk about an index they refer only to the Docker Hub.
They don't expect people running their own indexes except for this private registry category and that's why they describe a registry as the part that just serves images, without authentication. But things like quay.io or gcr are full registries (in the broad sense of the term) with authentication included so I think registry is the correct term here.
TL;DR
Use registry 😜
There was a problem hiding this comment.
thanks for the write up!
|
Change LGTM , but a couple of questions to address |
Initially docker.d was meant for configuration related to docker. But currently we only have dockerAuth kind that is related to it. If some other configuration kind relevant to docker appears in future then we can think about bringing docker.d directory back.
Looks like registry more correct term than index, despite what index.docker.io might hint. This is all confusing, so let's stick with more popular term.
Please see commit messages to see config format.