Unable to handle authentication

Question

Unable to handle authentication

christian-sahlmann opened this issue 7 years ago · 14 comments

christian-sahlmann commented 7 years ago

% $GOPATH/bin/deckschrubber -registry $REGISTRY_URL
FATA[0000] Error while fetching repositories! (err: unauthorized: authentication required)

Answer 1 · 2017-06-14T12:24:32.000Z

It this a comment, a suggestion, or just an observation?

Answer 2 · 2017-06-15T07:27:46.000Z

Sorry for the scarce information. I was in a hurry freeing up the disk space ;)

As this project is using the official libraries, I was expecting that it handles authentication the same way as a docker pull (using the information from .docker/config.json).

So if it should theoretically work as currently implemented, this is a bug report. If it's simply not implemented yet, this is a feature request. :)

Anyways, in the meantime i already solved my issue by accessing the registry directly with my own custom script via the API, and cleaning the orphaned blobs afterwards with registry garbage-collect. So you can also see this information just as a comment and close the issue.

Answer 3 · 2017-06-15T13:11:32.000Z

Got it! Maybe I should enhance the documentation. But the short answer is: no it doesn't read from config.json. You should just change your URL to contain HTTP basic auth credentials. But this would be a really nice feature 👍

Answer 4 · 2017-12-20T14:11:43.000Z

Would you be able to test the new feature branch (not uploaded yet) that enables basic auth? If yes, I'll upload the branch. Thanks.

Answer 5 · 2018-01-31T14:25:23.000Z

Hi! I am running into this issue as well, can you upload the branch so i can test it?

Answer 6 · 2018-01-31T16:09:10.000Z

@gerritjanf great! I only have implemented the basic auth and not the token based. Please give me some time, as I am fairly busy ATM.

Answer 7 · 2018-02-01T09:08:24.000Z

@yan-foto Okay. Basic auth is fine with me

Answer 8 · 2018-02-01T10:04:05.000Z

Here is the branch: https://github.com/fraunhoferfokus/deckschrubber/tree/feature/basic-auth

Please note that it has been a while since I tested the code and it might be buggy.

I really appreciate your commitment! 👍

Answer 9 · 2018-02-02T09:40:15.000Z

@yan-foto The -username and -password options seem to be missing from the code in the branch you refference.

Answer 10 · 2018-02-03T20:03:05.000Z

@gerritjanf sorry for wasting your time! The commit was missing :( I pushed again just now.

Answer 11 · 2018-02-05T07:53:05.000Z

Hi @yan-foto, Just tried again and now i have the basic auth parameters. However it seems that it doesn't work for me. I am tying to use your tool against the registry included in GitLab omnibus and it is complaining about using a token. As this is not yet implemented i seems that your tool is not usable for me right now.

Answer 12 · 2018-02-05T10:48:55.000Z

Yes I know! They don't use basic auth.

Answer 13 · 2021-06-29T10:34:43.000Z

For anyone who is interested (cc @phertweck @mf-lit @phlegx), I have provided a shaky implementation for token-based authentication under basic-auth feature branch. As I don't use Docker anymore and have no proper way of testing this, it would be great if any of you guys cold give it a try. It still works with basic auth and should now support the rest.

NOTE: I am not familiar with scoping mechanisms of Docker Registry and don't know if you could even catalog a registry (to list repositories) if you're not the owner; I also don't know if that process can be limited to namespaces, etc. Accordingly, I'm not sure if this program could be used with registries that you don't own (e.g., Docker Hub).

I appreciate any help!

Answer 14 · 2022-01-01T10:32:39.000Z

@yan-foto FYI I have tested https://github.com/fraunhoferfokus/deckschrubber/releases/tag/v0.6.0 against a traefik basic auth to a private registry and it was working like a charm :) Thanks!