As a user I can mirror from a registry with a pull secret
Pulp registry can accept basic auth credentials only in plain text. Nowadays these credentials very often are based64 encoded and stored in the auth.json file. Pulp Registry is not able to use already encoded credentials, as a result it produces bad user experience where users are forced to decode the credentials manually and provide them to Pulp Registry.
Pull secret is a base64 encoded username+password. It can contain credentials to multiple registries.
Add an option called
pull-secret which will accept the absolute path to the pull secret file info in the json format. Pulp will parse it and extract the
auth part which will be used in the Basic auth headers and sent to the external registry.
Example of a pull secret can be obtained here https://cloud.redhat.com/openshift/install/pre-release or perform 'podman login' and look for the created auth file http://docs.podman.io/en/latest/markdown/podman-login.1.html
Make sure that 'pull-secret' and 'username and password' are mutually exclusive options.
#12 Updated by email@example.com 3 months ago
- Tags Documentation added
- Tags deleted (
After today's meeting we have decided to add documentation on how to handle situation when credentials are stored in the auth file.
The original proposal would not work in the case when the user would not have access to the filesystem. Also it would not make sense to provide in the Remote access to the credentials of all the registries stored in that file.
Please register to edit this issue