deckschrubber
deckschrubber copied to clipboard
fraunhoferfokus
Unable to handle authentication
% $GOPATH/bin/deckschrubber -registry $REGISTRY_URL
FATA[0000] Error while fetching repositories! (err: unauthorized: authentication required)
Sorry for the scarce information. I was in a hurry freeing up the disk space ;)
As this project is using the official libraries, I was expecting that it handles authentication the same way as a docker pull (using the information from .docker/config.json).
So if it should theoretically work as currently implemented, this is a bug report. If it's simply not implemented yet, this is a feature request. :)
Anyways, in the meantime i already solved my issue by accessing the registry directly with my own custom script via the API, and cleaning the orphaned blobs afterwards with registry garbage-collect. So you can also see this information just as a comment and close the issue.
Got it! Maybe I should enhance the documentation. But the short answer is: no it doesn't read from config.json. You should just change your URL to contain HTTP basic auth credentials. But this would be a really nice feature 👍
Would you be able to test the new feature branch (not uploaded yet) that enables basic auth? If yes, I'll upload the branch. Thanks.
Hi! I am running into this issue as well, can you upload the branch so i can test it?
@gerritjanf great! I only have implemented the basic auth and not the token based. Please give me some time, as I am fairly busy ATM.
Here is the branch: https://github.com/fraunhoferfokus/deckschrubber/tree/feature/basic-auth
Please note that it has been a while since I tested the code and it might be buggy.
I really appreciate your commitment! 👍
@yan-foto The -username and -password options seem to be missing from the code in the branch you refference.
@gerritjanf sorry for wasting your time! The commit was missing :( I pushed again just now.
Hi @yan-foto, Just tried again and now i have the basic auth parameters. However it seems that it doesn't work for me. I am tying to use your tool against the registry included in GitLab omnibus and it is complaining about using a token. As this is not yet implemented i seems that your tool is not usable for me right now.
For anyone who is interested (cc @phertweck @mf-lit @phlegx), I have provided a shaky implementation for token-based authentication under basic-auth feature branch. As I don't use Docker anymore and have no proper way of testing this, it would be great if any of you guys cold give it a try. It still works with basic auth and should now support the rest.
NOTE: I am not familiar with scoping mechanisms of Docker Registry and don't know if you could even catalog a registry (to list repositories) if you're not the owner; I also don't know if that process can be limited to namespaces, etc. Accordingly, I'm not sure if this program could be used with registries that you don't own (e.g., Docker Hub).
I appreciate any help!
@yan-foto FYI I have tested https://github.com/fraunhoferfokus/deckschrubber/releases/tag/v0.6.0 against a traefik basic auth to a private registry and it was working like a charm :) Thanks!
