Hi Marco,
it's a good analysis. Replying inline.
On Thu, Aug 15, 2013 at 7:37 AM, Marco Hennings
<
marco.h...@freiheit.com> wrote:
> - Login
True, right now the private Registry does not come with
authentication. And the fact that we fixed the login command to be
mapped to the
index.docker.io realm (to allow different credentials on
different location in the future), prevents docker to send the
credentials to the private Registry.
> - Authentication restriction to the individual repositories
Yes, we wanted to let people use their namespace as they want. Would
it make sense to restrict users to their "username" namespace like the
central one?
> - Search
This one will make the Registry code a bit heavier since we need to
Index those data somewhere (db, elasticsearch, etc...). So we need a
daemon to consolidate the Index, etc... But I agree it a must have
(less important than login though).
> - Endpoint delegation with X-Docker-Endpoint seems to be not available
That's right, we added this in the protocol as you notice but we don't
actually use it at the moment. We're going to use it on the central
Index to allow different endpoint for push and pull and enable us to
use a CDN for image download.
> Maybe i overlook the one or other, but for now authentication would be most
> important for my use case.
>
>
>
> Currently the login command does not allow to differenciate between
> different realms.
> I would like to extend this in the following way:
>
> docker login [targethost]
Sounds like a good syntax. I'd like also to have a different syntax
for creating accounts and login. It's annoying right now to have to
specify username / password / email just for login... And if you make
a typo, it creates a new account... Not ideal.
> To store the authentication the ~.dockercfg needs to be extended. For
> compatibility the auth for the official indec needs to stay in the already
> existing fields.
> I think that sections for each host could be a good solution. To preserve
> future extension a prefix like "host " could be used.
We already support the realm in the .dockercfg. Try to "rm -f
~/.dockercfg" and login again. You will see this file is now json and
contains the login endpoint.
Right now, it's more a matter of making what we have stable and find a
good balance between stabilize and add features (at least on the
Registry). To be completely transparent, we're currently working to
improve download and upload speed. Clean auth (+ improve login) and
Search are definitely on the roadmap.
I hop this clarifies what's going on behind :-)
--
@sam_alba