-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
imgpkg copy from/into the same registry with different creds fails authentication #226
Comments
@xtreme-conor-nosal thanks for creating this issue This is a great improvement for the tool, since auth between the same registry with different creds has security benefits. I'm curious to hear your thoughts on how to incorporate allowing multiple creds for the same registry. Here's a couple of ideas:
I'm going to carvel accept this issue, meaning we plan on working on it :-) |
In the simple case (where the bundle and all referenced images are in one project / accessible with one set of creds) it would be nice to specify Renaming HOSTNAME so it can include a repo path would be simpler I think (fewer env vars to set), but adding REPOSITORY would be more backwards-compatible I assume. |
We expect that #245 will address this issue. We'll keep this open until the other work lands and this workflow is validated. |
Closing this as it was implemented and released in https://github.com/vmware-tanzu/carvel-imgpkg/releases/tag/v0.18.0 |
What steps did you take:
Create two projects in a harbor registry.
imgpkg push
to the first projectCreate a read-only robot in the first project
Create a read-write robot in the second project
Try to
imgpkg copy
from one project to the other, providing both sets of robot credentials (following https://carvel.dev/imgpkg/docs/latest/auth/#via-environment-variables)What happened:
imgpkg fails to pull with an authentication failure
What did you expect:
imgpkg copy
to determine which credentials go with which project (or allow me to specify)Anything else you would like to add:
When multiple creds are passed to
imgpkg copy
the hostnames (IMGPKG_REGISTRY_HOSTNAME_0 and IMGPKG_REGISTRY_HOSTNAME_1) are used to determine when to use each credential.In this example, the hostname is the same.
Harbor robots are project-scoped, so copying between projects in CI requires two robots.
Workaround:
imgpkg copy -b --to-tar && imgpkg copy --tar --to-repo
Environment:
imgpkg --version
): 0.17.0Docker HUB
): Harbor v2.1.3-b6de84c5/etc/os-release
): Debian 11 (container based on golang:latest)Vote on this request
This is an invitation to the community to vote on issues, to help us prioritize our backlog. Use the "smiley face" up to the right of this comment to vote.
👍 "I would like to see this addressed as soon as possible"
👎 "There are other more important things to focus on right now"
We are also happy to receive and review Pull Requests if you want to help working on this issue.
The text was updated successfully, but these errors were encountered: