Skip to content

fix(737): handle credentials resolution correctly#1191

Merged
matthiasbruns merged 29 commits into
open-component-model:mainfrom
matthiasbruns:feat/737_error_handling_credentials_plugin
Dec 1, 2025
Merged

fix(737): handle credentials resolution correctly#1191
matthiasbruns merged 29 commits into
open-component-model:mainfrom
matthiasbruns:feat/737_error_handling_credentials_plugin

Conversation

@matthiasbruns

@matthiasbruns matthiasbruns commented Nov 12, 2025

Copy link
Copy Markdown
Contributor

On-behalf-of: SAP matthias.bruns@sap.com

What this PR does / why we need it

During debugging issues with mounting .ocmconfig files into Docker containers, we had hard time finding the real root case for the issue.

In case we don’t find Docker a credential helper, but the config directs to a docker credential helper, we should fall back to a plain credential plugin / helper.

Which issue(s) this PR fixes

Contributes: open-component-model/ocm-project#737

@matthiasbruns matthiasbruns requested a review from a team as a code owner November 12, 2025 07:39
@matthiasbruns matthiasbruns marked this pull request as draft November 12, 2025 07:42
@matthiasbruns matthiasbruns mentioned this pull request Nov 14, 2025
Merged
matthiasbruns added a commit that referenced this pull request Nov 14, 2025
@matthiasbruns
feat: 737 add credentials error handling (#1201)
3af5ed7 
#### What this PR does / why we need it
Credentials error handling from
#1191

#### Which issue(s) this PR fixes
Contributes:
open-component-model/ocm-project#737

---------

Signed-off-by: Matthias Bruns <git@matthiasbruns.com>
@matthiasbruns matthiasbruns force-pushed the feat/737_error_handling_credentials_plugin branch 2 times, most recently from c28d940 to b39efdd Compare November 16, 2025 09:39
@matthiasbruns matthiasbruns marked this pull request as ready for review November 16, 2025 09:46
@matthiasbruns matthiasbruns force-pushed the feat/737_error_handling_credentials_plugin branch 3 times, most recently from 4af4fcf to 26bbdb5 Compare November 16, 2025 09:59
@github-actions github-actions Bot added the size/m Medium label Nov 16, 2025
@matthiasbruns matthiasbruns force-pushed the feat/737_error_handling_credentials_plugin branch from 30d1c05 to d7c359a Compare November 16, 2025 11:43
matthiasbruns
matthiasbruns commented Nov 16, 2025
View reviewed changes
Comment thread bindings/go/plugin/go.mod Outdated
@matthiasbruns matthiasbruns force-pushed the feat/737_error_handling_credentials_plugin branch 9 times, most recently from e86cfc6 to fa8567a Compare November 17, 2025 10:32
@github-actions github-actions Bot added the component/github-actions Changes on GitHub Actions or within `.github/` directory label Nov 17, 2025
jakobmoellerdev
jakobmoellerdev reviewed Nov 17, 2025
View reviewed changes

@jakobmoellerdev jakobmoellerdev left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could we add a test case for the fallback behavior somehow? apart from that lgtm

@matthiasbruns

matthiasbruns commented Nov 18, 2025

Copy link
Copy Markdown
Contributor Author

could we add a test case for the fallback behavior somehow? apart from that lgtm

I tried but I couldn't break Resolve directly - only the plugins or parsing parts of the credentials api

fabianburth
fabianburth reviewed Nov 18, 2025
View reviewed changes
Comment thread bindings/go/repository/component/fallback/v1/repository.go Outdated
Comment thread bindings/go/repository/component/fallback/v1/repository.go
Comment thread cli/cmd/add/component-version/cmd.go
@matthiasbruns

matthiasbruns commented Nov 18, 2025

Copy link
Copy Markdown
Contributor Author

Had to update the credentials implementation to behave as expected

#1226

@matthiasbruns matthiasbruns force-pushed the feat/737_error_handling_credentials_plugin branch from 4cfd40a to 85f6568 Compare November 22, 2025 04:52
@matthiasbruns
fix: cli build
17e482f 
On-behalf-of: SAP <matthias.bruns@sap.com>

Signed-off-by: Matthias Bruns <git@matthiasbruns.com>
@matthiasbruns
chore: use new credentials version
61db039 
On-behalf-of: SAP <matthias.bruns@sap.com>

Signed-off-by: Matthias Bruns <git@matthiasbruns.com>
@matthiasbruns
chore: update to credentials v0.0.4
b8230ee 
On-behalf-of: SAP <matthias.bruns@sap.com>

Signed-off-by: Matthias Bruns <git@matthiasbruns.com>
@matthiasbruns
feat: update all bindings required for new credentials
3e9af2e 
On-behalf-of: SAP <matthias.bruns@sap.com>

Signed-off-by: Matthias Bruns <git@matthiasbruns.com>
@matthiasbruns
chore: manual rebase
a8c77c1 
On-behalf-of: SAP <matthias.bruns@sap.com>

Signed-off-by: Matthias Bruns <git@matthiasbruns.com>
@matthiasbruns
chore: upgrade constructor
eaa1f4f 
On-behalf-of: SAP <matthias.bruns@sap.com>

Signed-off-by: Matthias Bruns <git@matthiasbruns.com>
@matthiasbruns
fix: go.mod
13c4b52 
On-behalf-of: SAP <matthias.bruns@sap.com>

Signed-off-by: Matthias Bruns <git@matthiasbruns.com>
@matthiasbruns
feat: add docker tests
dbc0764 
On-behalf-of: SAP <matthias.bruns@sap.com>

Signed-off-by: Matthias Bruns <git@matthiasbruns.com>
@matthiasbruns
feat: docker not found test case
bfe04be 
On-behalf-of: SAP <matthias.bruns@sap.com>

Signed-off-by: Matthias Bruns <git@matthiasbruns.com>
@matthiasbruns matthiasbruns force-pushed the feat/737_error_handling_credentials_plugin branch from 8f1b4c1 to bfe04be Compare December 1, 2025 08:00
@gitguardian

gitguardian Bot commented Dec 1, 2025
edited
Loading

Copy link
Copy Markdown

⚠️ GitGuardian has uncovered 1 secret following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

Since your pull request originates from a forked repository, GitGuardian is not able to associate the secrets uncovered with secret incidents on your GitGuardian dashboard.
Skipping this check run and merging your pull request will create secret incidents on your GitGuardian dashboard.

🔎 Detected hardcoded secret in your pull request
GitGuardian id GitGuardian status Secret Commit Filename
14926537 Triggered Generic High Entropy Secret bfe04be cli/cmd/cmd_test.go View secret
🛠 Guidelines to remediate hardcoded secrets
  1. Understand the implications of revoking this secret by investigating where it is used in your code.
  2. Replace and store your secret safely. Learn here the best practices.
  3. Revoke and rotate this secret.
  4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

@matthiasbruns matthiasbruns force-pushed the feat/737_error_handling_credentials_plugin branch 2 times, most recently from 48101a4 to 555e79a Compare December 1, 2025 08:04
@matthiasbruns

matthiasbruns commented Dec 1, 2025

Copy link
Copy Markdown
Contributor Author

could we add a test case for the fallback behavior somehow? apart from that lgtm

https://github.com/open-component-model/open-component-model/pull/1191/files#diff-0da9123292653cbb68d92a1b0f69368f5f8b353010514676ca676ae2b4ee490bR1477

@matthiasbruns matthiasbruns force-pushed the feat/737_error_handling_credentials_plugin branch 3 times, most recently from 6267a33 to beb5c32 Compare December 1, 2025 08:08
@matthiasbruns
feat: add ErrUnknown test
3c091b0 
On-behalf-of: SAP <matthias.bruns@sap.com>

Signed-off-by: Matthias Bruns <git@matthiasbruns.com>
@matthiasbruns matthiasbruns force-pushed the feat/737_error_handling_credentials_plugin branch from beb5c32 to 3c091b0 Compare December 1, 2025 08:09
piotrjanik
piotrjanik reviewed Dec 1, 2025
View reviewed changes
Comment thread cli/cmd/sign/component-version/cmd.go
@matthiasbruns matthiasbruns merged commit 226148f into open-component-model:main Dec 1, 2025
21 checks passed
@fabianburth fabianburth mentioned this pull request Dec 2, 2025
Merged
jakobmoellerdev pushed a commit that referenced this pull request Dec 2, 2025
@fabianburth
fix(oci): make consumer identity for ctf return an error (#1323)
cecb9e6 
<!-- markdownlint-disable MD041 -->
#### What this PR does / why we need it
After the changes in #1191, the credential resolution is broken as we
attempt to resolve credentials with the consumer identity returned for
ctf from dockerconfig credential repository in the fallback logic to any
consumer identity type of our credential resolution.

This is a preliminary fix for the issue, unblocking us. A broader scoped
issue will be created as follow up.

#### Which issue(s) this PR fixes
<!--
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
-->
Contributes to
open-component-model/ocm-project#737

---------

Signed-off-by: Fabian Burth <fabian.burth@sap.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@piotrjanik piotrjanik piotrjanik left review comments

@fabianburth fabianburth fabianburth approved these changes

@jakobmoellerdev jakobmoellerdev jakobmoellerdev approved these changes

@morri-son morri-son Awaiting requested review from morri-son

Assignees

No one assigned

Labels

component/github-actions Changes on GitHub Actions or within `.github/` directory kind/bugfix Bug size/l Large size/m Medium size/s Small

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@matthiasbruns @jakobmoellerdev @piotrjanik @fabianburth @morri-son