My GCP org requires that I two-factor auth every day or so. The error message this cred helper emits when I need to go through the two-factor auth flow could be improved.
For example:
$ crane cp <img> gcr.io/<proj>/<img>
Error: failed to copy index: error getting credentials - err: exit status 1, out: `docker-credential-gcr/helper: could not retrieve GCR's access token: oauth2: cannot fetch token: 400 Bad Request
Response: {
"error": "invalid_grant",
"error_description": "reauth related error (invalid_rapt)",
"error_uri": "https://support.google.com/a/answer/9368756",
"error_subtype": "invalid_rapt"
}`
exit status 1
What this error message is actually saying is, I need to run docker-credential-gcr gcr-login, which pops up a browser window and refreshes auth so that this helper can use it.
I think it could be nice if this error case was detected at least to provide a better error message, and maybe even proactively invoke gcr-login to pop up the window instead of failing.
If this sounds good let me know and I can send a PR.
My GCP org requires that I two-factor auth every day or so. The error message this cred helper emits when I need to go through the two-factor auth flow could be improved.
For example:
What this error message is actually saying is, I need to run
docker-credential-gcr gcr-login
, which pops up a browser window and refreshes auth so that this helper can use it.I think it could be nice if this error case was detected at least to provide a better error message, and maybe even proactively invoke
gcr-login
to pop up the window instead of failing.If this sounds good let me know and I can send a PR.