I upgraded oras from 0.16 to 1.1 and found an incompatible change.
I expect the old format credentials to work normally as well.
The analysis is as follows:
1. Logic in oras
0.16
In oras
0.16.0, we use docker cli get credentials.
https://github.com/oras-project/oras/blob/release-0.16/internal/credential/store.go#L61C1-L62
return &Store{
configs: configs,
}, nil
authConf, err := c.GetCredentialsStore(registry).Get(registry)
https://github.com/docker/cli/blob/1401f9108517b33fe38fb3acd59557dcdf4d603d/cli/config/credentials/file_store.go#L39-L81
// ConvertToHostname converts a registry url which has http|https prepended
// to just an hostname.
// Copied from github.com/docker/docker/registry.ConvertToHostname to reduce dependencies.
func ConvertToHostname(url string) string {
stripped := url
if strings.HasPrefix(url, "http://") {
stripped = strings.TrimPrefix(url, "http://")
} else if strings.HasPrefix(url, "https://") {
stripped = strings.TrimPrefix(url, "https://")
}
hostName, _, _ := strings.Cut(stripped, "/")
return hostName
}
2. Logic in oras
1.1
In oras
1.1.0, we use oras-credentials-go get credentials.
https://github.com/oras-project/oras/blob/release-1.1/internal/credential/store.go#L31-L38
import (
credentials "github.com/oras-project/oras-credentials-go"
)
// NewStore generates a store based on the passed-in config file paths.
func NewStore(configPaths ...string) (credentials.Store, error) {
opts := credentials.StoreOptions{AllowPlaintextPut: true}
if len(configPaths) == 0 {
// use default docker config file path
return credentials.NewStoreFromDocker(opts)
}
var stores []credentials.Store
for _, config := range configPaths {
store, err := credentials.NewStore(config, opts)
if err != nil {
return nil, err
}
stores = append(stores, store)
}
return credentials.NewStoreWithFallbacks(stores[0], stores[1:]...), nil
}
3. actual
If such content is in my credentials, incompatible changes will occur.
{
"auths": {
"https://xxx.dkr.ecr.us-west-2.amazonaws.com": {
"username": "AWS",
"password": "",
"auth": "",
"email": "[email protected]"
}
}
}
4. expected
I can only alter the credentials into the following format for the new oras to recognize.
{
"auths": {
"xxx.dkr.ecr.us-west-2.amazonaws.com": {
"username": "AWS",
"password": "",
"auth": "",
"email": "[email protected]"
}
}
}