search

oras-project / oras-go

ORAS Go library
https://oras.land
Apache License 2.0
181 stars 98 forks source link

Support reading credential store from Buildah #836

Open FeynmanZhou opened 1 month ago

FeynmanZhou commented 1 month ago

The user would like to authenticate with a container registry after buildah login. Buildah generates an authentication file in ${XDG_RUNTIME_DIR}/containers/auth.json. ORAS doesn't support reading credential store from Buildah authentication file.

Buildah config file is similar to docker but it supports repo/namespace level auth.

Expected behavior:

If the user has Buildah installed on the system and used buildah login to authenticate with an OCI-compliant registry, the user's credentials are already stored and available to ORAS. In this case, the user doesn't need to run oras login again to authenticate with an OCI-compliant registry.

Related issue: https://github.com/notaryproject/notation/issues/1058

shizhMSFT commented 1 month ago

This requires a redesign of the auth module, which further requires a design revisit.