I'm setting both CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE and GOOGLE_APPLICATION_CREDENTIALS environment variables to the path of a JSON file with the following content:
I then try to list artifacts in an Artifact Registry repository, and crane returns the error No matching credentials were found for "us-east1-docker.pkg.dev". However, doing the same with gcloud works just fine.
The only way I got this to work with crane was to use docker-credential-gcr or gcloud auth configure-docker to configure auth.
So it seems that crane fails to identity the environment credentials, and the only fallback that works is the Docker config (if any).
To Reproduce
This is based on an experimental GitLab feature that is not yet released. I can give access to a maintainer from Google for debug purposes if needed.
Expected behavior
crane is able to identify and use environment credentials.
Additional context
Here are some logs. I'm using the latest (v0.19.0) version of crane.
This issue is stale because it has been open for 90 days with no
activity. It will automatically close after 30 more days of
inactivity. Keep fresh with the 'lifecycle/frozen' label.
Describe the bug
I'm testing a workload identity federation setup from GitLab.
crane
seems to fail to identity environment credentials while thegcloud
CLI succeeds. This behaviour seems to go against what was described in https://github.com/google/go-containerregistry/issues/1496#issuecomment-1329578823.I'm setting both
CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE
andGOOGLE_APPLICATION_CREDENTIALS
environment variables to the path of a JSON file with the following content:I then try to list artifacts in an Artifact Registry repository, and
crane
returns the errorNo matching credentials were found for "us-east1-docker.pkg.dev"
. However, doing the same withgcloud
works just fine.The only way I got this to work with
crane
was to usedocker-credential-gcr
orgcloud auth configure-docker
to configure auth.So it seems that
crane
fails to identity the environment credentials, and the only fallback that works is the Docker config (if any).To Reproduce
This is based on an experimental GitLab feature that is not yet released. I can give access to a maintainer from Google for debug purposes if needed.
Expected behavior
crane
is able to identify and use environment credentials.Additional context
Here are some logs. I'm using the latest (v0.19.0) version of
crane
.crane
🔴crane-nok.log
gcloud
🟢gcloud-ok.log
crane
+ docker config 🟢crane-ok.log
Local test 🔴 🟢
I get the exact same result (
crane
does not work,gcloud
does) when running this locally.local.log