image/docker: use unified configfile for registries.d#753
image/docker: use unified configfile for registries.d#753jankaluza wants to merge 12 commits intocontainers:mainfrom
Conversation
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
When no policy.json is found, `DefaultPolicy()`` previously returned a generic error without indicating where the system looked for the file. This commit introduces `configfile.ReadWithPaths()` to track all attempted config file locations during iteration. It uses this in DefaultPolicy() to include the searched paths in the error message when no policy file is found. Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
This commit does the following: - The `setup()` function now returns the SystemContext. - The hardcoded check for "no policy file found" has moved to the test itself. - Fixture is used for SignaturePolicyPath. Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
This commit introduces `File.ErrorIfNotFound`. If it is true, the Read returns an error which contains all the paths it tried when searching for a config file. The ReadWithPaths is replaced by this new logic. Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
Switch registries.d loading to use `configfile.Read()`, enabling unified drop-in search across /usr, /etc, and user config directories. Files are merged with standard precedence, with higher-priority paths masking lower ones. Preserve explicit RegistriesDirPath override behavior. Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
github-actions
bot
added
storage
|
This depends on #711. If someone wants to review this early, check only the last commit. |
| mergedConfig.Docker[nsName] = nsConfig | ||
| nsMergedFrom[nsName] = configPath | ||
| // mergeRegistriesYAMLFragment parses configBytes as a single registries.d YAML fragment and merges it into merged. | ||
| func mergeRegistriesYAMLFragment(merged *registryConfiguration, configPath string, configBytes []byte, dockerDefaultMergedFrom *string, nsMergedFrom map[string]string) error { |
There was a problem hiding this comment.
(Non-blocking: This works, but I think defining an object to hold the merging state, with new / mergeFragment / mergedConfig methods would be cleaner. But see elsewhere, do we need this split at all?)
| if sys != nil && sys.RegistriesDirPath != "" { | ||
| return sys.RegistriesDirPath | ||
| logrus.Debugf(`Using registries.d directory %s`, sys.RegistriesDirPath) | ||
| return loadAndMergeConfig(sys.RegistriesDirPath) |
There was a problem hiding this comment.
At a glance, this separate implementation is fairly unsatisfactory.
One approach might be to extend configfile yet again, to support “read exactly this directory and nothing else”. Another would be to have a directory enumerator that returns the same iterator as configfile.Read (whether that enumerator exists in this package or as a configfile.ReadInSingleDirectory). Then the iteration+merging loop would exist just once.
There was a problem hiding this comment.
I was considering the iterator approach, but for me it was somehow over complicated, so I went with the current approach. Maybe new configfile function would make sense. I will try it.
|
|
||
| By default, the registries configuration directory is `$HOME/.config/containers/registries.d` if it exists, otherwise `/etc/containers/registries.d` (unless overridden at compile-time); | ||
| applications may allow using a different directory instead. | ||
| By default, registries.d configuration is loaded from drop-in directories following the same search locations and precedence rules as other containers configuration files. |
There was a problem hiding this comment.
This almost begs to be a link to a common man page (I think there is a plan to have one)…
… and if we have that man page, do we need all of the details here? Or, if we won’t have that man page, does “the same as other files” help at all?
I’m worried that users won’t understand “containers configuration” to refer to only the go.podman.io/*-dependent software; users don’t care.
2 participants
Switch registries.d loading to use
configfile.Read(), enablingunified drop-in search across /usr, /etc, and user config directories.
Files are merged with standard precedence, with higher-priority paths
masking lower ones.
Preserve explicit RegistriesDirPath override behavior.
Signed-off-by: Jan Kaluza jkaluza@redhat.com