Conversation
Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>
Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>
Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>
Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>
|
/cc @binbin-li for comments |
shizhMSFT
left a comment
shizhMSFT
left a comment
There was a problem hiding this comment.
LGTM with suggestions.
specs/notation-cli.md
Outdated
| --username value, -u value Username for registry operations | ||
| --password value, -p value Password for registry operations |
There was a problem hiding this comment.
How about environment variables associated with -u and -p like NOTATION_USERNAME and NOTATION_PASSWORD?
There was a problem hiding this comment.
| --username value, -u value Username for registry operations | |
| --password value, -p value Password for registry operations | |
| --username value, -u value Username for registry authentication | |
| --password value, -p value Password for registry authentication |
There was a problem hiding this comment.
Should we also support --password-stdin like docker cli does?
There was a problem hiding this comment.
For operations vs. authentication, I was thinking saying authentication was too obvious, and used the more generic, the -u/-p was used for multiple registry operations. If others feel different, I can change to either way.
| <server> The registry URL for authentication | ||
|
|
||
| GLOBAL ARGUMENTS | ||
| --plain-http Registry access via plain HTTP (default: false) |
There was a problem hiding this comment.
It seems we only support basic configurations. Will we support more parameters like --insecure and --ca-file as oras?
There was a problem hiding this comment.
@shizhMSFT, what is --insecure used for, and how common is the usage for --ca-file (I assume provides custom TLS trust store).
There was a problem hiding this comment.
--insecure is to skip the TLS cert check. Since notation is security oriented, we should not provide this functionality.
--ca-file is to specify the root CA cert to registry access. See oras-project/oras#217
There was a problem hiding this comment.
@shizhMSFT, I was thinking this would be done with the insecure registries option in config.
Does that still exist?
Seems calling --insecure is too tedious. For the scenarios/instances where https isn't supported, such as IOT environments, I just assumed the config would solve the problem and not something that's done ad-hoc requiring the cli to support it.
| ```console | ||
| notation login --help | ||
| NAME: | ||
| notation login - Provides credentials for authenticated registry operations |
There was a problem hiding this comment.
| notation login - Provides credentials for authenticated registry operations | |
| notation login - Login to a registry with credentials for authenticated registry operations |
| certificate, cert Manage certificates used for verification | ||
| key Manage keys used for signing | ||
| list, ls List signatures from remote | ||
| login Provide credentials for authenticated registry operations |
There was a problem hiding this comment.
| login Provide credentials for authenticated registry operations | |
| login Login to a registry with credentials for authenticated registry operations |
There was a problem hiding this comment.
Saying login, where the parameter says login feels redundant. I was just trying to find a synonym verb.
specs/notation-cli.md
Outdated
| --username value, -u value Username for registry operations | ||
| --password value, -p value Password for registry operations |
There was a problem hiding this comment.
| --username value, -u value Username for registry operations | |
| --password value, -p value Password for registry operations | |
| --username value, -u value Username for registry authentication | |
| --password value, -p value Password for registry authentication |
specs/notation-cli.md
Outdated
| --username value, -u value Username for registry operations | ||
| --password value, -p value Password for registry operations |
There was a problem hiding this comment.
Should we also support --password-stdin like docker cli does?
| <server> The registry URL for authentication | ||
|
|
||
| GLOBAL ARGUMENTS | ||
| --plain-http Registry access via plain HTTP (default: false) |
There was a problem hiding this comment.
@shizhMSFT, what is --insecure used for, and how common is the usage for --ca-file (I assume provides custom TLS trust store).
…mands Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>
|
I've updated the PR to:
|
* notation login CLI * Update to use environment variables and remove -u/-p on all other commands Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>
3 participants
Updates for #119
Signed-off-by: Steve Lasker stevenlasker@hotmail.com