Project

Profile

Help

Story #6315

closed

As a user I can mirror from a registry with a pull secret

Added by ipanova@redhat.com almost 5 years ago. Updated over 4 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Sprint/Milestone:
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
Yes
Sprint Candidate:
No
Tags:
Backlog, Documentation
Sprint:
Quarter:

Description

Motivation

Pulp registry can accept basic auth credentials only in plain text. Nowadays these credentials very often are based64 encoded and stored in the auth.json file. Pulp Registry is not able to use already encoded credentials, as a result it produces bad user experience where users are forced to decode the credentials manually and provide them to Pulp Registry.

Solution

Pull secret is a base64 encoded username+password. It can contain credentials to multiple registries. Add an option called pull-secret which will accept the absolute path to the pull secret file info in the json format. Pulp will parse it and extract the auth part which will be used in the Basic auth headers and sent to the external registry.

Example of a pull secret can be obtained here https://cloud.redhat.com/openshift/install/pre-release or perform 'podman login' and look for the created auth file http://docs.podman.io/en/latest/markdown/podman-login.1.html

Note

Make sure that 'pull-secret' and 'username and password' are mutually exclusive options.


Related issues

Copied from Docker Support - Story #6311: As a user I can mirror from a registry with a secret pullCLOSED - WONTFIXipanova@redhat.com

Actions
Actions #1

Updated by ipanova@redhat.com almost 5 years ago

  • Copied from Story #6311: As a user I can mirror from a registry with a secret pull added
Actions #2

Updated by ipanova@redhat.com almost 5 years ago

  • Tags Backlog added
Actions #3

Updated by ipanova@redhat.com almost 5 years ago

  • Groomed changed from No to Yes
  • Sprint set to Sprint 69
Actions #4

Updated by rchan over 4 years ago

  • Sprint changed from Sprint 69 to Sprint 70
Actions #5

Updated by rchan over 4 years ago

  • Sprint changed from Sprint 70 to Sprint 71
Actions #6

Updated by ipanova@redhat.com over 4 years ago

  • Sprint deleted (Sprint 71)
Actions #7

Updated by ipanova@redhat.com over 4 years ago

  • Description updated (diff)
Actions #8

Updated by ipanova@redhat.com over 4 years ago

  • Description updated (diff)
Actions #9

Updated by ipanova@redhat.com over 4 years ago

  • Subject changed from As a user I can mirror from a registry with a secret pull to As a user I can mirror from a registry with a pull secret
  • Description updated (diff)
Actions #10

Updated by ipanova@redhat.com over 4 years ago

  • Description updated (diff)
Actions #11

Updated by lmjachky over 4 years ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to lmjachky
Actions #12

Updated by ipanova@redhat.com over 4 years ago

  • Tags Documentation added
  • Tags deleted (Backlog)

After today's meeting we have decided to add documentation on how to handle situation when credentials are stored in the auth file.

The original proposal would not work in the case when the user would not have access to the filesystem. Also it would not make sense to provide in the Remote access to the credentials of all the registries stored in that file.

Actions #13

Updated by ipanova@redhat.com over 4 years ago

  • Tags Backlog added

Added by Lubos Mjachky over 4 years ago

Revision 17ad6be9 | View on GitHub

Add a new section about using pull secrets

closes #6315

Added by Lubos Mjachky over 4 years ago

Revision 17ad6be9 | View on GitHub

Add a new section about using pull secrets

closes #6315

Actions #14

Updated by pulpbot over 4 years ago

  • Status changed from ASSIGNED to POST
Actions #15

Updated by Anonymous over 4 years ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100
Actions #16

Updated by ipanova@redhat.com over 4 years ago

  • Sprint/Milestone set to 1.4.0
Actions #17

Updated by ipanova@redhat.com over 4 years ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Also available in: Atom PDF