-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP: don't forget to request the pull scope #1
Draft
kingdonb
wants to merge
1
commit into
getkuby:master
Choose a base branch
from
kingdonb:request-pull-scope
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Draft
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The
:scopehash entry will get replaced by the body of theifstatement below, is that ok? Should therepository:<repo>:pullscope be added to the scopes inwww-authenticateor just be a default?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure the function of the body of the if statement below, but it wasn't getting replaced for me. I'm using a Harbor registry and it seemed like the Bearer token was getting requested with no scopes. I used Pixie to inspect the conversation, but I'm not sure I have all the details right, all I could say for sure is I had several processes of different kinds having this conversation (image-reflector-controller and others) and the one that was failing was here.
When I added the repository scope, it no longer received 401 on the request that uses the bearer token (in between building the app image and starting the build for the assets image, where it needs to confirm if any prior asset image exists, it tries to list the tags and fails 401.)
I wouldn't really suggest this change in particular as it's poorly thought out (this token will undoubtedly get used for other stuff besides pulling a specific repo), it was just the quickest way for me to confirm and resolve what was wrong in this one specific conversation that seems to be the only place this gem+token gets used by me, at least for now.