Docker Image Resources for Non-CAAS Charms

I get a 403 trying to push a charm and a resource to the charmstore, where the charm is a non-caas charm and the resource is a docker image.

$ charm push ./build/builds/jupyter-notebook2 --resource jupyter_notebook_image=jupyter/base-notebook:latest --debug
17:11:06 DEBUG httpbakery logger.go:28 client do GET https://api.jujucharms.com/charmstore/v5/whoami {
17:11:07 INFO  httpbakery logger.go:33 HTTP response OK (status 200 OK)
17:11:07 DEBUG httpbakery logger.go:28 } -> error <nil>
17:11:07 DEBUG juju.charm charmdir.go:389 charm is not in revision control directory
17:11:07 DEBUG httpbakery logger.go:28 client do GET https://api.jujucharms.com/charmstore/v5/delegatable-macaroon {
17:11:07 INFO  httpbakery logger.go:33 HTTP response OK (status 200 OK)
17:11:07 DEBUG httpbakery logger.go:28 } -> error <nil>
17:11:07 DEBUG httpbakery logger.go:28 client do POST https://api.jujucharms.com/charmstore/v5/~jamesbeedy/jupyter-notebook2/archive?hash=d376640febe3f2782cb77473c8d0d1bdd2f020c29b5d76bec68718be5e352bd7ab74fde5d2c85d655405441c6b492890 {
17:11:19 INFO  httpbakery logger.go:33 HTTP response OK (status 200 OK)
17:11:19 DEBUG httpbakery logger.go:28 } -> error <nil>
url: cs:~jamesbeedy/jupyter-notebook2-0
channel: unpublished
17:11:19 DEBUG httpbakery logger.go:28 client do GET https://api.jujucharms.com/charmstore/v5/~jamesbeedy/jupyter-notebook2-0/docker-resource-upload-info?resource-name=jupyter_notebook_image {
17:11:19 INFO  httpbakery logger.go:33 HTTP response OK (status 403 Forbidden)
17:11:19 DEBUG httpbakery logger.go:28 } -> error <nil>
ERROR cannot push charm resources: cannot get upload info: "cs:~jamesbeedy/jupyter-notebook2-0" does not support docker resource upload
17:11:19 DEBUG cmd supercommand.go:475 error stack: 
"cs:~jamesbeedy/jupyter-notebook2-0" does not support docker resource upload
gopkg.in/juju/charmrepo.v4/csclient/csclient.go:1031: 
gopkg.in/juju/charmrepo.v4/csclient/csclient.go:308: 
github.com/juju/charmstore-client/cmd/charm/charmcmd/resource.go:144: cannot get upload info
github.com/juju/charmstore-client/cmd/charm/charmcmd/push.go:220: 
github.com/juju/charmstore-client/cmd/charm/charmcmd/push.go:211: 
github.com/juju/charmstore-client/cmd/charm/charmcmd/push.go:186: cannot push charm resources

I’m thinking this may be the line that is causing the 403 and blocking docker image resource uploads for non-caas charms.

Is this something we can have a discussion about, or is the registry.jujucharms.com locked down for the use of caas charms only?

The code which is rejecting the upload actually comes from the charmstore itself.

	if !charmstore.IsKubernetesCharm(e.CharmMeta) {
		return errgo.WithCausef(nil, params.ErrForbidden, "%q does not support docker resource upload", id.URL.String())
	}

k8s charms manage their docker images via an oci-image resource which is a snippet of YAML metadata which points to an image path in a docker repo, and username/password for private images. This metadata is used when setting up the pod spec as k8s itself will pull the image from the relevant repo.

If you want to use a docker image with a non-k8s charm, you currently need to upload the image blob itself as a charm file resource, and the charm would use the usual resource-get hook command to stream the image data to disk and then use it however the charm sees fit.

I am pretty sure there are charms which may do the above but I can’t point to any of the top of my head. Maybe someone else can help out pointing to a specific example.

1 Like