opm render - Add support for REGISTRY_AUTH_FILE env variable

[betoredhat]

Hello,

On "opm index" we are able to pass custom pull secrets using the REGISTRY_AUTH_FILE environment variable, this is not working for "opm render". Could you please add support for this?

REGISTRY_AUTH_FILE=/auths.json opm render INDEX

It looks like at this time only the podman and docker auths files are considered for authentication.

Thanks in advance

[exdx]

Hi @betoredhat, thank you for opening this issue. It seems reasonable to support additional authentication for various file based opm commands. @joelanford would know best how to support this request.

[joelanford]

I think we'll get this as part of the implementation of #935.

[pwnall1337]

I wanted to comment on this as I found it in google. I spent hours chasing why I was getting a 401 with OPM render when using sudo.

In podman 3.2.3 the root auth.json from podman login is placed into /var/run/containers/0/auth.json

Every other user the location is /run/user/$(id -u)/containers/auth.json. OPM render was ignoring my REGISTRY_AUTH_FILE that I used with opm index prune, and it was looking for /run/users/0/containers/auth.json which I'm having to create manually to satisfy opm render or it simply doesn't work at all. OPM render doesn't take any env var for an auth file or a command argument for auth file either.

[betoredhat]

Hello @pwnall1337

DOCKER_CONFIG works for us, something like this should be fine:

$ mkdir /tmp/auth
$ cp auths.json /tmp/auth/config.json
$ DOCKER_CONFIG=/tmp/auth/ opm render ...

Or you can just append the credentials to $HOME/.docker/configs.json

Regards

[pwnall1337]

If opm index prune and pretty much all docker interactive programs accept env REGISTRY_AUTH_FILE then why whould opm render not?

opm index prune (accepts the env var) opm render (does not accept the env var)