Description
When trying to use the ocm k8s toolkit, several issues in the underlying libraries credential management were discovered.
- The
ComponentVersionRepository and ResourceRepository in oci package set OCIRepository as consumer identity instead of OCIRegistry. This is unintended. We have to change this.
- If either the consumer identity defined in the graph or the one used to try to resolve credentials from the graph contains a scheme
scheme, we do not match. Here, we should be more flexibel. Therefore, we might want to default scheme to https in the matcher if not set.
- Currently, we also mismatch if the
scheme: oci and scheme: https (although oci is always resolved as https). So, as an UX improvement, we can be more lenient and allow that to match.
- Currently, some
GetConsumerIdentity() methods default some identity properties (such as scheme: oci), even though the actual url did not contain a scheme at all. We should remove this defaulting to avoid confusing mismatches. Currently, such defaulting happens in the IdentityFromOCIRepository() in the blob transformers. Have a look at the PR closed as duplicate.
Done Criteria
Description
When trying to use the ocm k8s toolkit, several issues in the underlying libraries credential management were discovered.
ComponentVersionRepositoryandResourceRepositoryinocipackage setOCIRepositoryas consumer identity instead ofOCIRegistry. This is unintended. We have to change this.scheme, we do not match. Here, we should be more flexibel. Therefore, we might want to defaultschemetohttpsin the matcher if not set.scheme: ociandscheme: https(although oci is always resolved as https). So, as an UX improvement, we can be more lenient and allow that to match.GetConsumerIdentity()methods default some identity properties (such asscheme: oci), even though the actual url did not contain a scheme at all. We should remove this defaulting to avoid confusing mismatches. Currently, such defaulting happens in theIdentityFromOCIRepository()in the blob transformers. Have a look at the PR closed as duplicate.Done Criteria
pathprefixreplacements (you need to add*/**glob patterns, if it is an actual prefix)