Feat/registries auth implementation#370
Feat/registries auth implementation#370Leay15 wants to merge 64 commits intosuperradcompany:mainfrom
Conversation
…d credential management
…registry authentication commands
…ring and managing credentials
…environment variable overrides
…te non-validation
…n registry credentials loading
…figuration and handler files
…uthentication files
…stry authentication files
|
@toksdotdev All the modifications were addressed according to your feedback. I'll be waiting for any further comments. |
There was a problem hiding this comment.
i'm sorry, but i have quite a number of reservations with this MR. it seems to me most of these were generated by AI, and hardly underwent much human review. while i'm not against AI generated code (i use it as well, i'm against humans not spending enough time reviewing their code). the implication of that is, most of the responsibilities are shifted to the reviewer which i don't think is great.
i definitely appreciate the contribution, but please spend time reviewing your changes before putting it up for review. i'm also up for discussing approaches in the github thread before implementation. that way, we can avoid multiple back-and-forths.
There was a problem hiding this comment.
could you create this as a separate PR after this is merged. makes it easier to review and test.
|
@toksdotdev, thank you so much for your feedback. I'll be working on it. Please excuse the AI code, which appears unreviewed. I'm still learning from the code I review and the feedback I've received. I can assure you that I don't upload code that I haven't reviewed, tested, and that doesn't make sense to me. Therefore, I greatly appreciate your comments and support in continuing to improve. |
…better understanding
… load_registry_credentials for clarity
…istryAuth for consistency
…istry credentials
…simplify logout command
…s to use RegistryAuth
…ion' into feat/registries-auth-implementation
|
@toksdotdev all modifications done 😄 In the I'm open to suggestions if there's a better way I'm missing and welcome any comments. Thank you again for all your patience and the kind comments you give me |
…improve security notes
|
While testing directly with the keychain, I've encountered a bug that I'll be working on. Nothing from the login is being saved. I've already tested the pull method using ENV vars, and that works correctly. 
|
|
The bug was fixed 😄 , just I need to know if we have to add windows support for keyring or just Linux and MacOs |
|
hey @Leay15. apologies i didn't get back on this. a lot of things have changed, and there's now auth support in the latest version. i'll proceed to close this now, but please do feel free to let me know if you've got other ideas in mind. |
2 participants
This pull request refers to #364 introduces robust support for registry authentication in the microsandbox CLI and core library, allowing users to securely pull and push images from private registries.
It adds new CLI commands for login/logout, implements environment and stored credential resolution, and integrates these mechanisms into image operations.
Documentation is updated to reflect these new features and usage patterns.
All test are passing OK
Registry Authentication Features
msb loginandmsb logoutfor managing registry credentials, including support for username/password and token-based authentication, with credentials stored locally in~/.microsandbox/registry_auth.json. [1] [2]MSB_REGISTRY_USERNAME,MSB_REGISTRY_PASSWORD,MSB_REGISTRY_TOKEN), with clear priority: environment variables override stored credentials, and both are used for authentication when pulling/pushing images. [1] [2]Core Library Enhancements
resolve_registry_authand related utilities inmicrosandbox-core/lib/oci/auth.rs, providing normalization, host resolution, and credential lookup logic, including comprehensive tests for all resolution scenarios.Documentation and Testing
Utilities and Re-exports
These changes collectively provide a secure, flexible, and user-friendly registry authentication system for microsandbox users.