Open rajatjindal opened 1 year ago
on local registry (for testing) we are able to proceed without auth and for real registries, it is recommended not to run with http only registry. so i am ok with this ticket getting closed as won't do
You can trace that back to the line below.
I think you should be able to conditionally make that insecure based on whether it's HTTP or HTTPS.
Alternatively, we could add the --insecure
flag to login as well?
https://github.com/fermyon/spin/blob/492e50921f44086e2c9e2a0efdb074fce991eccf/crates/oci/src/client.rs#L294
I also ran into this
# Create user and pass pair using docker (could also just use htpasswb locally)
mkdir auth && docker run --entrypoint htpasswd registry:2.7.0 -Bbn kate pw > auth/htpasswd
docker container stop registry
# restart container
docker run -d \
-p 5000:5000 \
--restart=always \
--name registry \
-v `pwd`/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
registry:2.7.0
docker login localhost:5000 -u kate -p pw
#test local registry
docker pull ubuntu:16.04
docker tag ubuntu:16.04 localhost:5000/my-ubuntu
docker push localhost:5000/my-ubuntu
# try to get it to work with spin
RUST_LOG=spin=trace spin registry push localhost:5000
2023-03-30T22:01:19.363125Z DEBUG spin_loader::cache: using cache root directory /Users/kagold/Library/Caches/spin/registry
2023-03-30T22:01:19.503882Z TRACE spin_oci::client: Cannot retrieve credentials from Docker, attempting to use anonymous auth: Credential helper returned non-zero response code
2023-03-30T22:01:19.504054Z TRACE spin_oci::client: Reading wasm module from "/Users/kagold/Programs/temp/test/target/wasm32-wasi/release/test.wasm"
Error: cannot push Spin application
I realized what was going wrong on my side. Pushing to the base of the registry localhost:5000
was unauthorized. spin registry push localhost:5000/spin-apps --insecure
succeeds.
@rajatjindal @radu-matei should we add --insecure
to login as well or close this as wont-fix
? For now, you could use docker to login instead.
env:
spin 0.9.0 (e2f4fac 2023-02-21)
Apple arm
Login using Docker succeeds:
Login using Spin fails:
Caused by: cannot authenticate as rjindal to registry 127.0.0.1: http transport error: error sending request for url (https://127.0.0.1/v2/): error trying to connect: tcp connect error: Connection refused (os error 61)