Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove Build command requirement for service principal #1293

Merged
merged 9 commits into from
May 20, 2024
Merged

Remove Build command requirement for service principal #1293

merged 9 commits into from
May 20, 2024

Conversation

lbussell
Copy link
Contributor

@lbussell lbussell commented May 17, 2024
edited
Loading

Sorry this PR is so large!

Related: #1264

Notes:

  • Addresses DockerService, ManifestService, ImageDigestCache, and RegistryServiceClient classes are all too tightly coupled #1265 - DockerService never needs auth, ManifestService uses auth when we have it, therefore I've separated the two classes out so that DockerService is never concerned about auth.
  • Create a wrapper around ManifestService (now InnerManifestService) so extension methods can be mocked for testing (DockerService previously served this function).
  • Add a ManifestServiceFactory to handle passing auth to the ManifestService in one place.
  • Add RegistryCredentialsProvider which uses logic similar to RegistryContentClientFactory to dynamically get username/password for docker login.

TODO:

  • RegistryContentClientFactory Tests are failing
  • Re-add implementation for image layers caching in ImageDigestCache - maybe rename to ManifestServiceCache
  • Test in the public

@lbussell lbussell requested a review from a team as a code owner May 17, 2024 15:24
@dotnet-issue-labeler dotnet-issue-labeler
Copy link

I couldn't figure out the best area label to add to this PR. If you have write-permissions please help me learn by adding exactly one area label.

@lbussell lbussell requested a review from ellahathaway May 17, 2024 15:24
@lbussell lbussell force-pushed the dev/loganbussell/build branch from c8d9e0b to 9cf0fb0 Compare May 17, 2024 15:43
@lbussell lbussell mentioned this pull request May 17, 2024
Closed
16 tasks
mthalman
mthalman reviewed May 17, 2024
View reviewed changes
src/Microsoft.DotNet.ImageBuilder/src/Commands/BuildCommand.cs Outdated Show resolved Hide resolved
src/Microsoft.DotNet.ImageBuilder/src/Commands/GetStaleImagesOptions.cs Outdated Show resolved Hide resolved
src/Microsoft.DotNet.ImageBuilder/src/Commands/RegistryCredentialsOptions.cs Outdated
})
};
}),
CreateOption<string?>("tenant", nameof(RegistryCredentialsOptions.Tenant),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't we just derive this value from the tenant environment variable just as DefaultAzureCredential is doing? I'm thinking that GetDefaultAccessTokenAsync could return both the token and the tenant. Or is there an API that can get the tenant from the token?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea. I'll work on this.

src/Microsoft.DotNet.ImageBuilder/src/InnerManifestService.cs Outdated
_inner.GetManifestDigestShaAsync(tag, isDryRun);
}

internal class InnerManifestService : IInnerManifestService
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems strange that all these other interfaces and classes are contained in this file but not IInnerManifestService. They should either all be in separate files or all contained in this file.

src/Microsoft.DotNet.ImageBuilder/src/InnerManifestService.cs Outdated Show resolved Hide resolved
@lbussell lbussell requested a review from MichaelSimons May 17, 2024 16:44
@lbussell lbussell force-pushed the dev/loganbussell/build branch from a9e1324 to 354896e Compare May 20, 2024 20:13
@lbussell lbussell mentioned this pull request May 20, 2024
Closed
@lbussell
Copy link
Contributor Author

lbussell commented May 20, 2024
edited
Loading

The force push contains no changes, I just did a rebase instead of a merge by accident.

I ran a sanity check of the build command and it seems OK - [internal link] - another one without Windows so it can run publishing commands

We should merge to get the actual ImageBuilder image built and continue validating. We can address #1296 at a later date.

@lbussell lbussell merged commit 4fa0fea into dotnet:main May 20, 2024
12 checks passed
@mthalman mthalman mentioned this pull request May 21, 2024
Merged
@lbussell lbussell mentioned this pull request May 21, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mthalman mthalman mthalman approved these changes

@ellahathaway ellahathaway Awaiting requested review from ellahathaway

@MichaelSimons MichaelSimons Awaiting requested review from MichaelSimons

Assignees
No one assigned
Labels
untriaged
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lbussell @mthalman