Fix skipper rmi -r and images -r remote registry operations#194
Open
tomerschwartz24 wants to merge 1 commit into
Open
Fix skipper rmi -r and images -r remote registry operations#194tomerschwartz24 wants to merge 1 commit into
tomerschwartz24 wants to merge 1 commit into
Conversation
e425717 to
6acbe51
Compare
b29c39c to
c4318cc
Compare
Some registries (e.g. Harbor) run a token service that only accepts GET and require every repository to live under a namespace, breaking three remote-registry operations that worked against the previous registry. rmi -r: the manifest DELETE was routed through HttpBearerAuth, which fetches the bearer token by copying the original request method, sending DELETE to the token endpoint (405). Fetch the token with an explicit GET against the challenge realm, then send the DELETE with the resulting Authorization: Bearer header. rmi -r: image validation only consulted Dockerfile.* names, which cannot contain a slash, so a namespaced <namespace>/<image> could never be deleted. Honor the containers config as well, matching images and build. images -r: a non-namespaced name is rejected with BAD_REQUEST, which aborted the whole listing. Treat BAD_REQUEST like NAME_UNKNOWN/NOT_FOUND and skip the offending image with a warning instead of raising. Also drop the deprecated pkg_resources (removed from recent setuptools and absent on Python 3.14): use importlib.metadata for the version and locate packaged data via __file__, keeping the existing compatibility floor (importlib_metadata backport for Python < 3.8). The build job installs setuptools<81 so the released bootstrap skipper still imports.
efca33b to
d33d9da
Compare
roeigo-stratoscale
approved these changes
Jul 5, 2026
roeigo-stratoscale
left a comment
There was a problem hiding this comment.
Please run with @khizunov / @ofir-amir as well
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #193.
Three remote-registry operations failed against a Harbor registry (stricter than the previously used registry: its token service only accepts
GET, and every repository must live under a namespace).skipper rmi -r— 405 on the token endpointThe manifest
DELETEwas routed throughHttpBearerAuth, which fetches the bearer token by copying the original request method — sendingDELETEto the token service, which Harbor only serves overGET(405). Now the token is fetched with an explicitGETagainst the challenge realm, then theDELETEis sent with theAuthorization: Bearerheader.skipper rmi -r— namespaced images could not be addressedImage validation only consulted
Dockerfile.*names, which cannot contain a/, so a namespaced<namespace>/<image>was always rejected as "not an image of this project". Validation now also honors thecontainersconfig, matchingimagesandbuild.skipper images -r— crash on non-namespaced namesHarbor rejects a single-segment repository name with
400 BAD_REQUEST.get_remote_image_infoonly toleratedNAME_UNKNOWN/NOT_FOUND, soBAD_REQUESTraised and aborted the whole listing. It now skips the offending image with a warning.Testing
GET; namespaced image accepted from config;BAD_REQUESTtolerated; unknown errors still raise). Full suite: 116 passing.push,images -r, andrmi -rall succeed.