Open c4tz opened 6 years ago
Can you post an example of the config format that seems to be causing the issue? Our auth parsing supports at least 3 different versions of the file, but maybe we missed something.
Thank you for the fast response! :)
cat ~/.dockercfg
{
"https://eu.gcr.io": {
"email": "not@val.id",
"auth": "XYZ"
},
"https://staging-k8s.gcr.io": {
"email": "not@val.id",
"auth": "XYZ"
},
"https://gcr.io": {
"email": "not@val.id",
"auth": "XYZ"
},
"https://us.gcr.io": {
"email": "not@val.id",
"auth": "XYZ"
},
"https://k8s.gcr.io": {
"email": "not@val.id",
"auth": "XYZ"
},
"https://asia.gcr.io": {
"email": "not@val.id",
"auth": "XYZ"
}
}
docker-compose pull
Pulling test (eu.gcr.io/some/private/image:latest)...
ERROR: pull access denied for eu.gcr.io/some/private/image, repository does not exist or may require 'docker login'
Again, this will only happen, if there is no ~/.docker/config.json
created before by any other process (like docker itself, e.g.)
This may be unrelated to the issue, but I must leave a comment so that people stop using gcloud docker
.
gcloud docker
is deprecated and should not be used. It places those credentials for GCR whose email is not@val.id
in the auths
block in ~/.docker/config.json
, and they are very short-lived and will stop working very soon.
Hey there,
I recently noticed a bad/wrong behaviour of this library when using
docker-compose pull
.docker-compose.yml:
If I authenticate myself using
gcloud docker login && gcloud docker -a
, I cannot pull the image with docker-compose. When I log in withdocker login -u _token -p $(gcloud auth print-access-token) eu.gcr.io
, it works.Furthermore, I can pull the exact same image doing
docker pull eu.gcr.io/some/private/image:latest
after logging in withgcloud docker login && gcloud docker -a
. (This is why I post here instead of creating an issue in google-cloud-sdk)I looked at the source code of docker, gcloud and docker-py and found out the following:
~/.dockercfg
, but will always write new data to~/.docker/config.json
~/.dockercfg
using the old file format (plain config object) IF there is no~/.docker/config.json
. ELSE it will write to~/.docker/config.json
using the new file format (auths
object inside config object).~/.dockercfg
or~/.docker/config.json
, but only uses the new format (see: https://github.com/docker/docker-py/blob/master/docker/auth.py#L104)So, if there is no
~/.docker/config.json
and one doesgcloud docker login && gcloud docker -a
,~/.dockercfg
is created in the old format, which docker-py won't read. Thus, it cannot find the auth credentials anddocker-compose pull
fails.IMO, docker-py should use the old format for the old file and the new format for the new file, as both docker and Gcloud do.
I worked around this by using
docker login -u _token -p $(gcloud auth print-access-token) eu.gcr.io
for now, but others might run into the same problem.