Recipe support for private Bicep registries #6917
Comments
AaronCrawfis
changed the title
|
Similar to #6911 |
shalabhms
added
feature
|
👋 @AaronCrawfis Thanks for filing this feature request. A project maintainer will review this feature request and get back to you soon. We also welcome community contributions! If you would like to pick this item up sooner and submit a pull request, please visit our contribution guidelines and assign this to yourself by commenting "/assign" on this issue. For more information on our triage process please visit our triage overview |
|
👍 We've reviewed this issue and have agreed to add it to our backlog. Please subscribe to this issue for notifications, we'll provide updates when we pick it up. We also welcome community contributions! If you would like to pick this item up sooner and submit a pull request, please visit our contribution guidelines and assign this to yourself by commenting "/assign" on this issue. For more information on our triage process please visit our triage overview |
|
Triaged: similar parity #6911 |
|
/assign @vishwahiremat |
|
/assign |
# Description
1. Update LoadSecrets() to return data for all keys for corresponding
secret store when no keys filter is provided.
2. Update return type to include SecretData{}
3. Updated existing LoadSecrets() to return data collated for multiple
secret store ids
4. Update to helper function populateSecretData() and it's unit tests
which populates secret data map returned.
5. Update functional test to include envSecrets input
## Type of change
- This pull request adds or changes features of Radius and has an
approved issue (#6917).
Fixes: (Part of #6917)
# Description Add new types to Applications.Core/secretstores (basicAuthentication, azureWorkloadIdentity, awsIRSA) Update convertor, tests. Update existing ValidateAndMutateRequest() in /pkg/corerp/frontend/controller/secretstores/kubernetes.go to check if required secret keys exist for current secret type. Add to existing unit tests. ## Type of change - This pull request fixes a bug in Radius and has an approved issue (#6917 ). Fixes: Part of #6917
Current state
Today we allow OCI registries with anonymous pull to be used as Bicep registries for Recipes. For example,
ghcr.io/radius-project/recipes/local-dev/rediscaches:latestis a public Recipe Bicep module: https://github.com/radius-project/recipes/pkgs/container/recipes%2Flocal-dev%2FrediscachesDesired state
We want to enable users to be able to use private OCI registries that are not open to the public. For example, an ACR or GHCR registry could be locked down to only certain users or accounts.
Acceptance criteria
rad bicep publish, after the user logs into the OCI registry via the registries login mechanism (az acr loginfor example).ghcr.io/myaccountand then public recipes forghcr.io/radius-projectcan no longer be pulled.AB#10666
The text was updated successfully, but these errors were encountered: