-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58778/
-----------------------------------------------------------
(Updated May 13, 2017, 12:45 a.m.)
Review request for mesos, Gilbert Song, Jie Yu, and Vinod Kone.
Changes
-------
Updated the logic so it is easier to support image secrets. In the future, we
would like to do the following things:
1. Support image secrets: `fetch()` would receive one more `data` argument for
secret credentials, and it would merge the default docker config and the secret
credentials and pass the combined `auths` into `getAuthHeaderBasic()`.
2. Currently the `Basic` credential is constructed in `fetch()` and thus if the
token is expired when downloading the blobs there's no way to get the `Basic`
cerdential again. I'd like to refactor this part so the `Basic` credential
could be integrated into the `userinfo` field in the new `URI` standard to
avoid this problem, and the whole docker config should be processed in the
docker registry puller instead of the fetcher plugin.
Bugs: MESOS-7431
https://issues.apache.org/jira/browse/MESOS-7431
Repository: mesos
Description
-------
Certain registries, such as GCE registry, reply 403 instead of 401 for
unauthorized requests. When fetching image manifests and blobs, instead
of sending out unauthorized requests first and waiting for a possible
401, we should always look up the docker config and send requests with
basic authorization when possible.
Diffs (updated)
-----
src/uri/fetchers/docker.cpp dbfc1b2f2918ccaf90fa31496a0792f585489397
Diff: https://reviews.apache.org/r/58778/diff/2/
Changes: https://reviews.apache.org/r/58778/diff/1-2/
Testing
-------
sudo make check (covers all supported public registries)
Manually tested on the following private registries:
1. Local registry (2.0.1, 2.1.1, 2.2.1, ..., 2.6.1)
2. Amazon ECR
3. Google GCR
4. JFrog SaaS
5. Local Nexus registry 3.3.1
Thanks,
Chun-Hung Hsiao
