portauthority icon indicating copy to clipboard operation
portauthority copied to clipboard
verified publisher icon target

Authentication to gcr.io registries is broken

Open caipre opened this issue 7 years ago • 2 comments

The token retrieved via docker.AuthRegistry isn't threaded into the call to docker.GetRegistry:

https://github.com/target/portauthority/blob/master/api/v1/routes.go#L388-L405

I hacked a fix that I'll try to polish up tomorrow; making an issue in case anyone runs into this problem in the meantime. Also useful to know that the way to make the request is as follows:

$ curl -XPOST -H 'content-type: application/json' localhost:31700/v1/images -d <<<EOF
{"Image":{
  "Registry":"https://gcr.io",
  "Repo":"<project-id>/<image-name>",
  "Tag":"<image-tag>",
  "RegistryPassword":"$(cat credentials.json | jq tostring)"
}} 
EOF

caipre avatar May 10 '18 21:05 caipre

@caipre can you share the error you are getting?

One thing you will need if you are using a gcr service account. Is to set the RegistryUser like so: "RegistryUser":"_json_key" then like in your example you can pass in the json credentials file as a string.

ErikThoreson avatar May 11 '18 14:05 ErikThoreson

Also to share context. on post image request we auth twice because I needed a custom/hacky way to pull out the bearer token to pass to Clair.. which is used here:

https://github.com/target/portauthority/blob/master/api/v1/routes.go#L414

The second auth uses an internal auth to pull manifests and repo data.

Long term I'd like to collapse things into a single auth.

ErikThoreson avatar May 11 '18 14:05 ErikThoreson