krnowak
commented
8 years ago 1) quayctl uses the github.com/coreos/rkt/rkt/config package
This might be easiest and fastest to do, but there are two problems:
- the API of this package is not frozen, we can break it anytime (not that I plan to, but you never know)
- the API of this package does not know where to search for the configuration, you have to tell it. Basically, quayctl would need to keep its default system, local and user configuration directories in sync with rkt. Probably not a big problem either, we don't change them all that often.
2) quayctl shells out to rkt to get the credentials over stdout
I had an idea of writing the rkt config helper command that would print a big JSON with the effective configuration rkt would use, but currently there is nothing like that.
3) quayctl talks to the rkt API to get the credentials
I'm uneasy about exposing whole configuration over API service, but I think that exposing some parts of it would be OK. Of course, the question then would be about the general safety of it (like "can anyone ask the API service about the credentials?").
philips
jonboulle
s-urbaniak
josephschorr
quayctl should be able to pull from private registries configured for rkt. It already knows how to find and read .dockercfg files. The configuration for rkt also comes from files on disk. And there is a Go library that does this: https://godoc.org/github.com/coreos/rkt/rkt/config#GetConfig
There are two paths:
1) quayctl uses the github.com/coreos/rkt/rkt/config package 2) quayctl shells out to rkt to get the credentials over stdout 3) quayctl talks to the rkt API to get the credentials
For expediency I feel like quayctl should do number 1 and perhaps file an issue to do number 3. What do you think @alban and @jonboulle.