Skip to content

[RFC-0010] Validate artifact repository for all auth providers#919

Merged
matheuscscp merged 1 commit intomainfrom
auth-valid-registry
May 7, 2025
Merged

[RFC-0010] Validate artifact repository for all auth providers#919
matheuscscp merged 1 commit intomainfrom
auth-valid-registry

Conversation

@matheuscscp
Copy link
Copy Markdown
Member

@matheuscscp matheuscscp commented May 4, 2025

Part of: fluxcd/flux2#5022

Copying a few missing things from the old code at oci/auth. Also renamed a few things and improved tests.

After this change oci/auth becomes completely obsolete, so I'm also removing it and moving oci/client into oci.

@matheuscscp matheuscscp requested review from a team, aryan9600, hiddeco and stefanprodan as code owners May 4, 2025 19:12
This was referenced May 4, 2025
Closed
Merged
Merged
@stefanprodan
Copy link
Copy Markdown
Member

stefanprodan commented May 4, 2025

We need to run the OCI e2e tests for AWS and GCP, to unblock them please fix: Error: ./azure_test.go:156:23: non-constant format string in call to fmt.Errorf. You can trigger both tests manually:

@matheuscscp matheuscscp force-pushed the auth-valid-registry branch from 9bfbb62 to 3c3c3ca Compare May 4, 2025 21:23
@matheuscscp
Copy link
Copy Markdown
Member Author

matheuscscp commented May 4, 2025

Looks like GCP is still blocked by another issue:

2025/05/04 21:39:17 panic: Failed to create and push images:
GET https://gcr.io/v2/token?scope=repository%3Acncf-flux%2Ft6r2d%3Apush%2Cpull&service=gcr.io:
unexpected status code 412 Precondition Failed: Container Registry is deprecated and shutting down,
please use the auto migration tool to migrate to Artifact Registry (gcloud artifacts docker upgrade migrate
--projects='cncf-flux').
For more details see: https://cloud.google.com/artifact-registry/docs/transition/auto-migrate-gcr-ar

AWS seems legit:

https://github.com/fluxcd/pkg/actions/runs/14825330641/job/41617697072

How can I get access to the AWS infra to troubleshoot?

@matheuscscp matheuscscp force-pushed the auth-valid-registry branch 3 times, most recently from ce69875 to 7ffeb53 Compare May 4, 2025 22:31
@matheuscscp matheuscscp mentioned this pull request May 4, 2025
Merged
@matheuscscp matheuscscp force-pushed the auth-valid-registry branch 2 times, most recently from ab194a7 to 82d3cbd Compare May 5, 2025 17:59
@matheuscscp matheuscscp mentioned this pull request May 5, 2025
Merged
@matheuscscp matheuscscp force-pushed the auth-valid-registry branch from 82d3cbd to 174d3a3 Compare May 5, 2025 18:54
@matheuscscp matheuscscp mentioned this pull request May 5, 2025
Merged
@matheuscscp
Copy link
Copy Markdown
Member Author

matheuscscp commented May 5, 2025

I really need to look into why the AWS integration tests are failing, since fixing the linter problem fixes the tests. I created a branch only for checking this: https://github.com/fluxcd/pkg/actions/runs/14843735405/job/41672551135

However, I manually tested these changes across all the Flux APIs for container registries, all three cloud providers, both at controller and object-level:

fluxcd/image-reflector-controller#760

fluxcd/source-controller#1790

Everything is working.

@matheuscscp matheuscscp force-pushed the auth-valid-registry branch 3 times, most recently from c056667 to 7b2f2bd Compare May 7, 2025 15:01
@matheuscscp
[RFC-0010] Validate artifact repository for all auth providers
d89e633 
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
@matheuscscp matheuscscp force-pushed the auth-valid-registry branch from 7b2f2bd to d89e633 Compare May 7, 2025 15:33
@matheuscscp
Copy link
Copy Markdown
Member Author

matheuscscp commented May 7, 2025

Both AWS and GCP integration tests are now passing!

https://github.com/fluxcd/pkg/actions/runs/14887443881/job/41810713895

https://github.com/fluxcd/pkg/actions/runs/14887396557/job/41810550558

@stefanprodan stefanprodan added area/oci OCI related issues and pull requests area/security Security related issues and pull requests labels May 7, 2025
stefanprodan
stefanprodan approved these changes May 7, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@stefanprodan stefanprodan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Thanks @matheuscscp 🥇

@matheuscscp matheuscscp merged commit 3ba849f into main May 7, 2025
15 checks passed
@matheuscscp matheuscscp deleted the auth-valid-registry branch May 7, 2025 16:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stefanprodan stefanprodan stefanprodan approved these changes

@aryan9600 aryan9600 Awaiting requested review from aryan9600

@hiddeco hiddeco Awaiting requested review from hiddeco

Assignees

No one assigned

Labels

area/oci OCI related issues and pull requests area/security Security related issues and pull requests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@matheuscscp @stefanprodan