Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Specify registry scopes separately per package publish and package pull #1821

Closed
Racer159 opened this issue Jun 14, 2023 · 0 comments · Fixed by #1893
Closed

Specify registry scopes separately per package publish and package pull #1821

Racer159 opened this issue Jun 14, 2023 · 0 comments · Fixed by #1893
Labels
enhancement ✨ New feature or request
Milestone

Comments

@Racer159
Copy link
Contributor

Racer159 commented Jun 14, 2023

Is your feature request related to a problem? Please describe.

We should specify registry scopes separately per commands that need push scope or pull scope rather than requesting both in every transaction.

Describe the solution you'd like

pull

  • Given I have a Zarf package published to a private OCI registry
  • And I only have pull scopes on my login token
  • When I run a Zarf command that only needs to pull a package
  • Then the command only requests pull scopes and runs successfully

push

  • Given I have a Zarf package I would like to publish to a private OCI registry
  • And I only have push scopes on my login token
  • When I run a Zarf command that only needs to push the package
  • Then the command only requests push scopes and runs successfully

Additional context

This is a follow on after the initial OCI work and was spun off from #1764

@Racer159 Racer159 added the enhancement ✨ New feature or request label Jun 14, 2023
@Racer159 Racer159 added this to the The Bucket milestone Jun 14, 2023
@Racer159 Racer159 mentioned this issue Jun 14, 2023
9 tasks
cmwylie19 pushed a commit that referenced this issue Jul 10, 2023
## Description

Fixes what I broke.

This does re-architect some portions of OrasRemote and locks it down
more. Everything in `*remote.Registry` is no longer exposed to outside
usage and users of this remote client are restricted to the public
receiver methods written in `pkg/oci`.

The context is now private as it really should not be edited outside of
private receivers within OrasRemote.

During the writing of this PR I found out that ORAs already handles
scopes at the request level and there is zero need to handle scopes
yourself. I have not checked if I never had to do this, or if ORAs
updated.

## Related Issue

Fixes #1881 
Fixes #1795 
Fixes #1821 

## Type of change

- [x] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Other (security config, docs update, etc)

## Checklist before merging

- [x] Test, docs, adr added or updated as needed
- [x] [Contributor Guide
Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow)
followed

---------

Signed-off-by: razzle <harry@razzle.cloud>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement ✨ New feature or request
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant