Add registry authentication in runtime#40123
Open
kvega005 wants to merge 47 commits intomicrosoft:feature/wsl-for-appsfrom
Open
Add registry authentication in runtime#40123kvega005 wants to merge 47 commits intomicrosoft:feature/wsl-for-appsfrom
kvega005 wants to merge 47 commits intomicrosoft:feature/wsl-for-appsfrom
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds registry authentication support to the WSLC runtime Docker HTTP layer (X-Registry-Auth + /auth) and introduces a local-registry helper + tests to validate authenticated pull/push flows.
Changes:
- Add
PushImageandAuthenticatesession APIs and plumb optionalX-Registry-AuththroughDockerHTTPClientfor pull/push. - Refactor image streaming logic into a shared
StreamImageOperation()path with progress callback support. - Add Windows tests that stand up a local registry container with basic auth and validate failure/success cases.
Reviewed changes
Copilot reviewed 15 out of 15 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| test/windows/WSLCTests.cpp | Adds an authenticated registry E2E test and supporting helpers. |
| test/windows/CMakeLists.txt | Links Crypt32 for base64 support used by new auth helpers. |
| src/windows/wslcsession/WSLCSession.h | Adds new COM method declarations and shared streaming helper. |
| src/windows/wslcsession/WSLCSession.cpp | Implements PushImage/Authenticate and refactors pull/push streaming + auth header plumbing. |
| src/windows/wslcsession/WSLCContainer.cpp | Avoids sending empty Cmd/Entrypoint (supports default entrypoint behavior). |
| src/windows/wslcsession/DockerHTTPClient.h | Extends pull request API to accept registry auth; adds push/auth APIs; supports custom headers. |
| src/windows/wslcsession/DockerHTTPClient.cpp | Sets X-Registry-Auth on pull/push and adds /auth implementation. |
| src/windows/service/inc/wslc.idl | Extends IWSLCSession with PushImage and Authenticate. |
| src/windows/inc/docker_schema.h | Adds auth request/response schema; makes Entrypoint optional in create-container schema. |
| src/windows/common/WSLCLocalRegistry.h / .cpp | Adds helper to start a local registry container (optionally with htpasswd auth). |
| src/windows/common/WslcCredentialStore.h / .cpp | Adds helper to build base64 X-Registry-Auth payloads. |
| src/windows/common/WSLCContainerLauncher.h | Exposes FormatResult for use in new registry helper. |
| src/windows/common/CMakeLists.txt | Adds new helper sources/headers and links Crypt32 into common. |
… into user/kevinve/registry
OneBlue
reviewed
Apr 8, 2026
| } | ||
| CATCH_RETURN(); | ||
|
|
||
| STDAPI WslcTagSessionImage(_In_ WslcSession session, _In_ const WslcTagImageOptions* options, _Outptr_opt_result_z_ PWSTR* errorMessage) |
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 22 out of 22 changed files in this pull request and generated 1 comment.
Comments suppressed due to low confidence (1)
src/windows/wslcsession/WSLCSession.cpp:534
StreamImageOperationhard-codes HTTP 404 →WSLC_E_IMAGE_NOT_FOUNDfor all operations. ForPushImage, a 404 from dockerd commonly represents “no such image (locally)” rather than a registry lookup miss, and the tests in this PR expect a different HRESULT for that scenario. Consider making the 404 mapping operation-specific (e.g., let the caller decide which HRESULT to surface for 404) so Push/Pull can return semantically correct errors.
if (httpResponse->result == boost::beast::http::status::not_found)
{
THROW_HR_WITH_USER_ERROR(WSLC_E_IMAGE_NOT_FOUND, errorMessage);
}
else if (httpResponse->result == boost::beast::http::status::bad_request)
{
THROW_HR_WITH_USER_ERROR(E_INVALIDARG, errorMessage);
}
else
{
THROW_HR_WITH_USER_ERROR(E_FAIL, errorMessage);
}
Apply clang-format (VS 2022 / v19.1.5) to fix formatting check failures. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
benhillis
force-pushed
the
user/kevinve/registry
branch
from
8732599 to
baabcd9
Compare
OneBlue
approved these changes
Apr 9, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary of the Pull Request
PR Checklist
Detailed Description of the Pull Request / Additional comments
Validation Steps Performed