Request subscription activation and registry configuration when building RHEL based bootable images

[dgolovin]

Is your enhancement related to a problem? Please describe

Current implementation for SSO Sign In always configures access to registry.redhat.io and activates developer's subscription for running podman VM which in most use cases is not required when working with Developer Sandbox or OpenShift Local.

This extension looks like perfect place to detect that targeted image is based on RHEL and to perform necessary prerequisite checks/steps to ensure successful build like:

1. Check subscription is activated on current VM
2. Request Sign In with Red Hat SSO to get access token
3. Use that token to activate subscription before build
4. Configure access to reqistry.redhat.io

Describe the solution you'd like

Extension should trigger subscription check/activation/deacitvation and registry access configuration/removal whenever it is required for specific use-cases.

Describe alternatives you've considered

No response

Additional context

Decoupling signin from subscription related commands - redhat-developer/podman-desktop-redhat-account-ext#152
Use Red Hat SSO account to pull Pull-secret when configuring OpenShift Local instance crc-org/crc-extension#207

[cdrage]

Is your enhancement related to a problem? Please describe

Current implementation for SSO Sign In always configures access to registry.redhat.io and activates developer's subscription for running podman VM which in most use cases is not required when working with Developer Sandbox or OpenShift Local.

This extension looks like perfect place to detect that targeted image is based on RHEL and to perform necessary prerequisite checks/steps to ensure successful build like:

1. Check subscription is activated on current VM

2. Request Sign In with Red Hat SSO to get access token

3. Use that token to activate subscription before build

4. Configure access to reqistry.redhat.io

Describe the solution you'd like

Extension should trigger subscription check/activation/deacitvation and registry access configuration/removal whenever it is required for specific use-cases.

Describe alternatives you've considered

No response

Additional context

Decoupling signin from subscription related commands - redhat-developer/podman-desktop-redhat-account-ext#152

Use Red Hat SSO account to pull Pull-secret when configuring OpenShift Local instance crc-org/crc-extension#207

Hi! When building, it copies the image over from the local storage to bootc and the builds it.

At no point do we ever pull from anything rhel / sso / authentication related.

It does not pull anything else internet-wise and it's similar to basic a conversion tool since the image is provided to the extension via a volume.

We have been building RHEL product images no problem with no need for SSO within the bootc extension.

All the image building side that relates to pulling from RHEL happens outside the bootc extension on the build image page within PD and uses your extension which has been working wonderfully!

I hope that answers your question!

cc @deboer-tim

[deboer-tim]

I agree with @cdrage - it seems artificial to put SSO into an extension that is generic/not just Red Hat, doesn't pull images directly, and where everything works whether or not you're logged in. I'm happy to discuss if there's something we're missing, but for now I'm going to close.