Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Always use latest repository credentials #846

Merged
merged 1 commit into from
Apr 10, 2022
Merged

Always use latest repository credentials #846

merged 1 commit into from
Apr 10, 2022

Conversation

mKeRix
Copy link
Contributor

@mKeRix mKeRix commented Apr 6, 2022

Description

Read and delete operations do not require access to the actual chart, so we don't need to login for those. In the current implementation any refresh fails if the credentials used in the past expire, e.g. when you use the resource with rotating Amazon ECR credentials. If you only do the login in the operations that actually pull a chart (create & update), the resource will always use the most recent credentials for its operations.

Acceptance tests

  • Have you added an acceptance test for the functionality being added?

Release Note

Release note for CHANGELOG:

Always use latest repository credentials

References

Closes #844

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Only run OCI logins when necessary
9ac8fab 
Read and delete operations do not require access to the actual chart,
so we don't need to login. Removing this prevents issues on refresh for
short-living, rotated credentials as e.g. used by Amazon ECR.
@hashicorp-cla
Copy link

hashicorp-cla commented Apr 6, 2022
edited
Loading

CLA assistant check
All committers have signed the CLA.

@mKeRix mKeRix mentioned this pull request Apr 6, 2022
Closed
@mKeRix
Copy link
Contributor Author

mKeRix commented Apr 6, 2022

@jrhouston Since you wrote the original PR for this, could you maybe check this one? Maybe I missed some reason for why you added the logins to the places that I removed them from.

@jrhouston
Copy link
Contributor

Yep, you're right @mKeRix – logging into the OCI registry is unnecessary in these places as we only need to login when creating or updating the release.

@jrhouston jrhouston merged commit eeba9bf into hashicorp:main Apr 10, 2022
@junaid-ali
Copy link

junaid-ali commented Apr 11, 2022
edited
Loading

@jrhouston I see you've mentioned tag v2.5.1 having this change but don't see a corresponding release yet?

@jrhouston
Copy link
Contributor

@junaid-ali The release should be out now.

@mKeRix mKeRix deleted the repository-cred-fix branch April 12, 2022 07:48
@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 13, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
size/XS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

could not login to OCI registry (ecr)
4 participants
@mKeRix @hashicorp-cla @jrhouston @junaid-ali