fraunhoferfokus / deckschrubber

Deckschrubber inspects images of a Docker Registry and removes those older than a given age. :high_brightness::ship:
GNU Affero General Public License v3.0
264 stars 50 forks source link

Unable to handle authentication #1

Open christian-sahlmann opened 7 years ago

christian-sahlmann commented 7 years ago
% $GOPATH/bin/deckschrubber -registry $REGISTRY_URL
FATA[0000] Error while fetching repositories! (err: unauthorized: authentication required)
yan-foto commented 7 years ago

It this a comment, a suggestion, or just an observation?

christian-sahlmann commented 7 years ago

Sorry for the scarce information. I was in a hurry freeing up the disk space ;)

As this project is using the official libraries, I was expecting that it handles authentication the same way as a docker pull (using the information from .docker/config.json).

So if it should theoretically work as currently implemented, this is a bug report. If it's simply not implemented yet, this is a feature request. :)

Anyways, in the meantime i already solved my issue by accessing the registry directly with my own custom script via the API, and cleaning the orphaned blobs afterwards with registry garbage-collect. So you can also see this information just as a comment and close the issue.

yan-foto commented 7 years ago

Got it! Maybe I should enhance the documentation. But the short answer is: no it doesn't read from config.json. You should just change your URL to contain HTTP basic auth credentials. But this would be a really nice feature 👍

yan-foto commented 6 years ago

Would you be able to test the new feature branch (not uploaded yet) that enables basic auth? If yes, I'll upload the branch. Thanks.

gerritjanf commented 6 years ago

Hi! I am running into this issue as well, can you upload the branch so i can test it?

yan-foto commented 6 years ago

@gerritjanf great! I only have implemented the basic auth and not the token based. Please give me some time, as I am fairly busy ATM.

gerritjanf commented 6 years ago

@yan-foto Okay. Basic auth is fine with me

yan-foto commented 6 years ago

Here is the branch: https://github.com/fraunhoferfokus/deckschrubber/tree/feature/basic-auth

Please note that it has been a while since I tested the code and it might be buggy.

I really appreciate your commitment! 👍

gerritjanf commented 6 years ago

@yan-foto The -username and -password options seem to be missing from the code in the branch you refference.

yan-foto commented 6 years ago

@gerritjanf sorry for wasting your time! The commit was missing :( I pushed again just now.

gerritjanf commented 6 years ago

Hi @yan-foto, Just tried again and now i have the basic auth parameters. However it seems that it doesn't work for me. I am tying to use your tool against the registry included in GitLab omnibus and it is complaining about using a token. As this is not yet implemented i seems that your tool is not usable for me right now.

yan-foto commented 6 years ago

Yes I know! They don't use basic auth.

yan-foto commented 3 years ago

For anyone who is interested (cc @phertweck @mf-lit @phlegx), I have provided a shaky implementation for token-based authentication under basic-auth feature branch. As I don't use Docker anymore and have no proper way of testing this, it would be great if any of you guys cold give it a try. It still works with basic auth and should now support the rest.

NOTE: I am not familiar with scoping mechanisms of Docker Registry and don't know if you could even catalog a registry (to list repositories) if you're not the owner; I also don't know if that process can be limited to namespaces, etc. Accordingly, I'm not sure if this program could be used with registries that you don't own (e.g., Docker Hub).

I appreciate any help!

davidrot commented 2 years ago

@yan-foto FYI I have tested https://github.com/fraunhoferfokus/deckschrubber/releases/tag/v0.6.0 against a traefik basic auth to a private registry and it was working like a charm :) Thanks!