Skip to content

Comments

Feature add per dp software registry login#1936

Merged
pgvishnuram merged 22 commits intomainfrom
feat/add-per-dp-software-registry-login
Sep 26, 2025
Merged

Feature add per dp software registry login#1936
pgvishnuram merged 22 commits intomainfrom
feat/add-per-dp-software-registry-login

Conversation

@pgvishnuram
Copy link
Contributor

@pgvishnuram pgvishnuram commented Sep 15, 2025

Description

This PR adds an enhancement over how we authenticate against our incluster registry for Astro Private Cloud.

Earlier our implementation was to authenticate the registry at the time astro login to facilitate image push to destination airflow deployments which worked well for single tenant cluster.
Now since we have moved over to multi cluster mode each cluster will have its independent registry and should be authenticate upon deployment selection to push the images to its independent registry service.

This PR adds a extra logic to assert and validate against the version and selects the registry login logic based on the versioning.

🎟 Issue(s)

🧪 Functional Testing

List the functional testing steps to confirm this feature or fix.

📸 Screenshots

Add screenshots to illustrate the validity of these changes.

📋 Checklist

  • Rebased from the main (or release if patching) branch (before testing)
  • Ran make test before taking out of draft
  • Ran make lint before taking out of draft
  • Added/updated applicable tests
  • Tested against Astro-API (if necessary).
  • Tested against Houston-API and Astronomer (if necessary).
  • Communicated to/tagged owners of respective clients potentially impacted by these changes.
  • Updated any related documentation

Copy link
Contributor

@ianbuss ianbuss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there anything different about the login credentials for per DP registries?

@pgvishnuram
Copy link
Contributor Author

Is there anything different about the login credentials for per DP registries?

we use the same credentials to login to per dataplane registry - the same oauth token will be used to authenticate the registries.

@pgvishnuram pgvishnuram changed the title Feat/add per dp software registry login Feature add per dp software registry login Sep 18, 2025
Copy link
Contributor

@ianbuss ianbuss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small comment. We should also try to add at least some description to the PR

// Switch to per deployment registry login
err = auth.RegistryAuth(houstonClient, os.Stdout)
if err != nil {
logger.Debugf("There was an error logging into registry: %s", err.Error())
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we not exit here? It's not going to work if we haven't auth'd right?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

os.exit(1) right

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Better to return the error up to the command so it fails there.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in existing code as well even if the login fails on push it will get into error - thats why we didnt change this, now should we make this to return error with fail even when the auth gets failed

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Returning the err here is the right call. Better to fail earlier if we know it isn't going to work.

@coveralls-official
Copy link

coveralls-official bot commented Sep 25, 2025

Pull Request Test Coverage Report for Build 240ae823-eeb4-481a-969b-2bf9e9acbf12

Details

  • 19 of 32 (59.38%) changed or added relevant lines in 2 files are covered.
  • 2 unchanged lines in 1 file lost coverage.
  • Overall coverage increased (+0.009%) to 38.16%

Changes Missing Coverage Covered Lines Changed/Added Lines %
software/auth/auth.go 3 6 50.0%
software/deploy/deploy.go 16 26 61.54%
Files with Coverage Reduction New Missed Lines %
docker/docker.go 2 46.81%
Totals Coverage Status
Change from base Build 04c39e19-4d56-4706-a6ef-480413713603: 0.009%
Covered Lines: 23786
Relevant Lines: 62332

💛 - Coveralls

@pgvishnuram pgvishnuram requested a review from ianbuss September 25, 2025 17:59
Copy link

@karankhanchandani karankhanchandani left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR. LGTM.

@rishkarajgi
Copy link
Contributor

Tests are failing

@pgvishnuram
Copy link
Contributor Author

coveralls is failing - tests have already passed

Copy link
Contributor

@ianbuss ianbuss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left a nit but otherwise looks good to me.

mockURLs := []houston.DeploymentURL{
{URL: "https://deployments.local.astronomer.io/testDeploymentName/airflow", Type: "airflow"},
{URL: "https://deployments.local.astronomer.io/testDeploymentName/flower", Type: "flower"},
{URL: "registry.local.astronomer.io", Type: "registry"},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Docker login will work for both registry.local.astronomer.io and https://registry.local.astronomer.io so might be worth adding both as a test case here in case we ever wanted to change the houston response to be a "real" URL.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https wont work - we are sending only the url here without https

@pgvishnuram pgvishnuram merged commit 50dab82 into main Sep 26, 2025
7 checks passed
@pgvishnuram pgvishnuram deleted the feat/add-per-dp-software-registry-login branch September 26, 2025 15:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants