Closed yaroslav-codefresh closed 1 year ago
Version 3.2.1 and all versions, this behaviour hasn't changed.
Will look into it when I have time, but feel free to open a PR :)
sure, here is it: https://github.com/apocas/docker-modem/pull/124
sorry, seems it's not so easy: other registries fail with such header passed with base64url (seems only acr supports and needs this).
Can you please take further investigations?
@apocas @yaroslav-codefresh I bumped into this bug too. ) Starts from Docker Engin API 1.39 we can't use "\~" in credentials normally since encode algorithm was changed to ''Base64url". It's related only to "X-Registry-Auth" header. Looks like I found a workaround (took from one of the topics in nodejs issue tracker) and created PR. I tested it with DockerHub credentials only. It works for a normal password (e.g. 08bd4-6bab-4b39-bb07-b2e3e0bf9826) and for passwords containing specific chars (e.g. fsjf\~kjzadf\~!@#$%^&*()zjlfhlj?/_=+). My conclusion that native support in NodeJS of base64url (starts from 14.18.0) and also some separate libraries (base64url or base64-url) doesn't work since they remove trailing "="'s but the Docker Engine API needs a strict string in auth header. It looks like bug in docker engine API too. )
After that should be updated Dockerod library accordingly.
@apocas would be happy if you can review it , because it is affecting our production customers. Thank you
Going to look into this later today :)
@apocas Good evening. Did you have a chance to look into PR? We are still blocked with that.
@apocas could you please check PR :)
@apocas thank you for review, is it possible that we can create release on it? so we can ask dockerrode update version of docker-modem
@apocas I prepared PR for Dockerode too.
Docker api docs say that
X-Registry-Auth
should bebase64urlencoded
(here), but what I see from the code in the version3.2.1
the value passed to this header is simplybase64
encoded. (here)This lead our company (codefresh.io) to errors when using credentials from Azure Container Registry for one of the customers.
Please check ASAP