testcontainers-go icon indicating copy to clipboard operation
testcontainers-go copied to clipboard

Published 20 hours ago verified publisher icon testcontainers

[Bug]: compose plugin not honoring Podman authentication credentials

Open bagnaram opened this issue 1 year ago • 2 comments

Testcontainers version

0.30.0

Using the latest Testcontainers version?

Yes

Host OS

Linux

Host arch

X86_64

Go version

1.22.0

Docker version

Client:       Podman Engine
Version:      5.0.1
API Version:  5.0.1
Go Version:   go1.22.1
Built:        Sun Mar 31 18:00:00 2024
OS/Arch:      linux/amd64

Docker info

host:
  arch: amd64
  buildahVersion: 1.35.3
  cgroupControllers:
  - cpu
  - io
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.10-1.fc40.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.10, commit: '
  cpuUtilization:
    idlePercent: 89.85
    systemPercent: 1.94
    userPercent: 8.21
  cpus: 8
  databaseBackend: boltdb
  distribution:
    distribution: fedora
    variant: workstation
    version: "40"
  eventLogger: journald
  freeLocks: 1997
  hostname: fedora
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 524288
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 524288
      size: 65536
  kernel: 6.8.7-300.fc40.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 442937344
  memTotal: 16475099136
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: aardvark-dns-1.10.0-1.fc40.x86_64
      path: /usr/libexec/podman/aardvark-dns
      version: aardvark-dns 1.10.0
    package: netavark-1.10.3-3.fc40.x86_64
    path: /usr/libexec/podman/netavark
    version: netavark 1.10.3
  ociRuntime:
    name: crun
    package: crun-1.14.4-1.fc40.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.14.4
      commit: a220ca661ce078f2c37b38c92e66cf66c012d9c1
      rundir: /run/user/1000/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
  os: linux
  pasta:
    executable: /usr/bin/pasta
    package: passt-0^20240326.g4988e2b-1.fc40.x86_64
    version: |
      pasta 0^20240326.g4988e2b-1.fc40.x86_64
      Copyright Red Hat
      GNU General Public License, version 2 or later
        <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
  remoteSocket:
    exists: true
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.2-2.fc40.x86_64
    version: |-
      slirp4netns version 1.2.2
      commit: 0ee2d87523e906518d34a6b423271e4826f71faf
      libslirp: 4.7.0
      SLIRP_CONFIG_VERSION_MAX: 4
      libseccomp: 2.5.3
  swapFree: 7645425664
  swapTotal: 8589930496
  uptime: 116h 15m 18.00s (Approximately 4.83 days)
  variant: ""
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - localhost
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - docker.io
  - quay.io
store:
  configFile: /home/bagnaram/.config/containers/storage.conf
  containerStore:
    number: 13
    paused: 0
    running: 11
    stopped: 2
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /home/bagnaram/.local/share/containers/storage
  graphRootAllocated: 350807392256
  graphRootUsed: 48719003648
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Supports shifting: "false"
    Supports volatile: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 62
  runRoot: /run/user/1000/containers
  transientStore: false
  volumePath: /home/bagnaram/.local/share/containers/storage/volumes
version:
  APIVersion: 5.0.1
  Built: 1711929600
  BuiltTime: Sun Mar 31 18:00:00 2024
  GitCommit: ""
  GoVersion: go1.22.1
  Os: linux
  OsArch: linux/amd64
  Version: 5.0.1

What happened?

When launching a compose manifest with container images behind a private registry, gocontainers fails to authenticate with invalid auth token. I expect it to fall back onto the container runtime and pull images with credentials specified in ~/.config/containers/auth.json

If I pull the container images manually outside of gocontainers with podman pull xxxx and launch gocontainers, it will launch the stack successfully

Relevant log output

No response

Additional information

No response

bagnaram avatar May 03 '24 14:05 bagnaram

Hi @bagnaram could you share a repro scenario for that? 🙏 With that, I can verify it with podman

Cheers!

mdelapenya avatar Aug 21 '24 11:08 mdelapenya

Hello! It looks like setting DOCKER_AUTH_CONFIG explicitly to the podman configuration gets it to pick it up, however I would expect that to be sourced automatically

bagnaram avatar Aug 28 '24 15:08 bagnaram