Skip to content

feat: Add support for token auth in oci-sync #1936

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Camila-B wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: Add support for token auth in oci-sync #1936

Camila-B wants to merge 2 commits into from

Conversation

@Camila-B
Copy link
Contributor

@Camila-B Camila-B commented Nov 14, 2025

No description provided.

@google-oss-prow
Copy link

google-oss-prow bot commented Nov 14, 2025

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@google-oss-prow
Copy link

google-oss-prow bot commented Nov 14, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from camila-b. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@Camila-B
Copy link
Contributor Author

Camila-B commented Nov 14, 2025

/test all

@Camila-B
Copy link
Contributor Author

Camila-B commented Nov 14, 2025

/retest

1 similar comment
@Camila-B
Copy link
Contributor Author

Camila-B commented Nov 14, 2025

/retest

@Camila-B
Copy link
Contributor Author

Camila-B commented Nov 15, 2025

/retest

@Camila-B
Copy link
Contributor Author

Camila-B commented Nov 15, 2025

/retest

@Camila-B
Copy link
Contributor Author

Camila-B commented Dec 5, 2025

/test all

@Camila-B Camila-B marked this pull request as ready for review December 5, 2025 21:14
gemini-code-assist[bot]
gemini-code-assist bot reviewed Dec 5, 2025
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces support for token-based authentication for OCI sources in oci-sync. The changes are well-structured and comprehensive, spanning the oci-sync binary, reconciler controllers, API definitions, CRDs, and validation logic.

Key changes include:

  • Adding flUsername and flPassword flags to oci-sync to handle credentials.
  • Refactoring authenticator creation into a getAuthenticator function for better testability and clarity.
  • Updating RootSync and RepoSync CRDs and API types to include a token auth type and a secretRef for OCI sources.
  • Implementing logic in the reconciler-manager to securely pass credentials from the specified secret to the oci-sync container via environment variables.
  • Enhancing validation to ensure correct configuration of the new authentication mechanism.
  • Adding thorough unit tests for the new logic and comprehensive e2e tests for both Artifact Registry (_json_key) and generic basic auth scenarios.

The code is of high quality, and the changes are well-tested. I have no concerns with this pull request.

@Camila-B Camila-B changed the title [WIP]feat: Add support for token auth in oci-sync feat: Add support for token auth in oci-sync Dec 5, 2025
tiffanny29631
tiffanny29631 reviewed Dec 6, 2025
View reviewed changes
cmd/oci-sync/main.go
var flUsername = flag.String("username", util.EnvString("OCI_SYNC_USERNAME", ""),
"the username to use for oci authentication")
var flPassword = flag.String("password", util.EnvString("OCI_SYNC_PASSWORD", ""),
"the password or personal access token to use for oci authentication")
Copy link
Contributor

@tiffanny29631 tiffanny29631 Dec 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does the password needs nil check is username is set?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tiffanny29631 tiffanny29631 tiffanny29631 left review comments

@sdowell sdowell Awaiting requested review from sdowell

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

size/XL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Camila-B @tiffanny29631