Skip to content

ROX-8401, ROX-8465: Store internal registries + credentials#416

Merged
RTann merged 50 commits intomasterfrom
ROX-8401-registry-store
Feb 9, 2022
Merged

ROX-8401, ROX-8465: Store internal registries + credentials#416
RTann merged 50 commits intomasterfrom
ROX-8401-registry-store

Conversation

@RTann
Copy link
Contributor

@RTann RTann commented Jan 24, 2022
edited
Loading

Description

First part in resolving ROX-8401. In this PR, Sensor stores the credentials for the internal registries by using each namespace's default service account's dockercfg.

This does not touch the Autogenerated Registries, but I can remove them here, if desired.

Checklist

  • Investigated and inspected CI test results
  • Unit test and regression tests added
  • [ ] Evaluated and added CHANGELOG entry if required
  • [ ] Determined and documented upgrade steps

Testing Performed

CI and manual tests in OpenShift 3.11 and OpenShift 4.7 environments.

The manual tests ensured we properly find and store the credentials for OpenShift internal registries.

To reproduce this:

  1. Start an OpenShift cluster.
  2. Deploy ACS
  3. Ensure ROX_LOCAL_IMAGE_SCANNING is enabled in Sensor. Also, set LOGLEVEL=debug in Sensor to see debug logs
  4. View Sensor's logs to ensure it says Upserted registry "something" into the store

@ghost
Copy link

ghost commented Jan 24, 2022
edited by ghost
Loading

Tag for build #192529 is 3.68.x-204-g2501cef536.

💻 For deploying this image using the dev scripts, run the following first:

export MAIN_IMAGE_TAG='3.68.x-204-g2501cef536'

📦 You can also generate an installation bundle with:

docker run -i --rm stackrox/main:3.68.x-204-g2501cef536 central generate interactive > bundle.zip

🕹️ A roxctl binary artifact can be downloaded from CircleCI.

RTann
RTann commented Feb 4, 2022
View reviewed changes
RTann
RTann commented Feb 4, 2022
View reviewed changes
connorgorman
connorgorman reviewed Feb 4, 2022
View reviewed changes
misberner
misberner suggested changes Feb 7, 2022
View reviewed changes
pkg/docker/types/config.go Outdated
@@ -0,0 +1,84 @@
package types
Copy link
Contributor

@misberner misberner Feb 7, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure if this is the right package. pkg/docker/types AFAIK only contains types copied over from the Docker client library, to allow us to remove irrelevant fields and add easyjson support. The DockerConfigJSON type however is homegrown and doesn't exist in the docker library.

@RTann RTann requested a review from misberner February 8, 2022 01:28
misberner
misberner approved these changes Feb 8, 2022
View reviewed changes
RTann
RTann commented Feb 8, 2022
View reviewed changes
@RTann RTann requested a review from connorgorman February 8, 2022 21:01
connorgorman
connorgorman reviewed Feb 8, 2022
View reviewed changes
@RTann RTann changed the title ROX-8401: Store internal registries + credentials ROX-8401, ROX-8465: Store internal registries + credentials Feb 9, 2022
@RTann RTann enabled auto-merge (squash) February 9, 2022 01:01
@RTann RTann merged commit 4e3815a into master Feb 9, 2022
@RTann RTann deleted the ROX-8401-registry-store branch February 9, 2022 01:17
RTann added a commit that referenced this pull request Apr 6, 2022
@RTann
ROX-8401, ROX-8465: Store internal registries + credentials (#416)
4861993
@janisz janisz mentioned this pull request Jun 3, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@c-du c-du Awaiting requested review from c-du

@jvdm jvdm Awaiting requested review from jvdm

2 more reviewers

@connorgorman connorgorman connorgorman approved these changes

@misberner misberner misberner approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

area/sensor

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@RTann @connorgorman @misberner