No way to specify image registry authentication credentials

Bug #1823579 reported by Steve Baker
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
High
Steve Baker

Bug Description

Many container image registries require authentication credentials to serve the images. At the very least the container image prepare needs to support setting authentication credentials for specific remote registries. This would allow authenticated images to be collected on the undercloud for serving to overcloud nodes.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (master)

Fix proposed to branch: master
Review: https://review.openstack.org/650598

Changed in tripleo:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (master)

Reviewed: https://review.openstack.org/650598
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=d4ea8e686463214a52b1d0004206fbeeb1cda258
Submitter: Zuul
Branch: master

commit d4ea8e686463214a52b1d0004206fbeeb1cda258
Author: Steve Baker <email address hidden>
Date: Mon Apr 8 12:44:54 2019 +1200

    Add parameter ContainerImageRegistryCredentials

    This defines the interface to specify the authentication credentials
    for container image registries which require them. It is separate from
    the ContainerImagePrepare parameter so that the credentials only need
    to be stated once, and so the secrets can be flagged as hidden
    parameters.

    Change-Id: I3b2743cd48b2083468acb83a4ddeb98a93d795a2
    Partial-Bug: #1823579

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-common (master)

Fix proposed to branch: master
Review: https://review.openstack.org/651005

Changed in tripleo:
milestone: stein-rc1 → train-1
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-common (master)

Reviewed: https://review.openstack.org/651005
Committed: https://git.openstack.org/cgit/openstack/tripleo-common/commit/?id=a47e0129e6c4a64d5d16e16e9ba82091957eb2a2
Submitter: Zuul
Branch: master

commit a47e0129e6c4a64d5d16e16e9ba82091957eb2a2
Author: Steve Baker <email address hidden>
Date: Tue Apr 9 09:59:24 2019 +1200

    Use ContainerImageRegistryCredentials for registry auth

    This change passes the value of parameter
    ContainerImageRegistryCredentials to the authenticate method in
    container prepare. The value is a dict of dicts, so it is validated to
    be in the expected format before being used. This allows prepare tasks
    to pull or push from any registry which requires a username/password,
    which is required by downstream.

    Change-Id: I71b767d16a22c732cc18378cedf6c6599ccc5ae1
    Closes-Bug: #1823579

Changed in tripleo:
status: In Progress → Fix Released
Changed in tripleo:
milestone: train-1 → stein-rc1
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-common 10.7.0

This issue was fixed in the openstack/tripleo-common 10.7.0 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers