When pulling images and authentication fails, first try anonymous pull #4451
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov Report
@@ Coverage Diff @@
## master #4451 +/- ##
==========================================
- Coverage 72.26% 72.26% -0.01%
==========================================
Files 331 332 +1
Lines 12863 12878 +15
==========================================
+ Hits 9296 9306 +10
- Misses 2975 2978 +3
- Partials 592 594 +2
Continue to review full report at Codecov.
|
briandealwis
reviewed
Jul 7, 2020
There was a problem hiding this comment.
This is an improvement but it still has a puzzling effect:
Generating tags...
- skaffold-buildpacks -> skaffold-buildpacks:v1.12.0-34-g6c8ef32c1
Checking cache...
- skaffold-buildpacks: Not found. Building
Found [minikube] context, using local docker daemon.
Building [skaffold-buildpacks]...
ERROR: (gcloud.auth.docker-helper) You do not currently have an active account selected.
Please run:
$ gcloud auth login
to obtain new credentials, or if you have already logged in with a
different account:
$ gcloud config set account ACCOUNT
to select an already authenticated account to use.
v1: Pulling from buildpacks/builder
ab0f59294661: Already exists
c2ae8b336f77: Already exists
3c2cba919283: Already exists
55b4247b83ec: Pulling fs layer
2a71cd660153: Pulling fs layer
39b3e94ed04c: Pulling fs layer
3461ea70964b: Waiting
[...]
|
Not sure we can remove this output. Anyways, the config is still funky and
that shows it to the user. Wdyt?
…On Tue 7 Jul 2020 at 23:23, Brian de Alwis ***@***.***> wrote:
***@***.**** commented on this pull request.
This is an improvement but it still has a puzzling effect:
Generating tags...
- skaffold-buildpacks -> skaffold-buildpacks:v1.12.0-34-g6c8ef32c1
Checking cache...
- skaffold-buildpacks: Not found. Building
Found [minikube] context, using local docker daemon.
Building [skaffold-buildpacks]...
ERROR: (gcloud.auth.docker-helper) You do not currently have an active account selected.
Please run:
$ gcloud auth login
to obtain new credentials, or if you have already logged in with a
different account:
$ gcloud config set account ACCOUNT
to select an already authenticated account to use.
v1: Pulling from buildpacks/builder
ab0f59294661: Already exists
c2ae8b336f77: Already exists
3c2cba919283: Already exists
55b4247b83ec: Pulling fs layer
2a71cd660153: Pulling fs layer
39b3e94ed04c: Pulling fs layer
3461ea70964b: Waiting
[...]
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#4451 (review)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABFPF4FOTWJE76CP5CIPK3R2OG3RANCNFSM4OTOJRZQ>
.
|
|
I was hoping the following would work (try as public, and then with auth), except it fails with my private repository on Docker Hub when I'm logged out: --- pkg/skaffold/docker/image.go
+++ pkg/skaffold/docker/image.go
@@ -312,17 +312,11 @@ func (l *localDaemon) isAlreadyPushed(ctx context.Context, ref, registryAuth str
// Pull pulls an image reference from a registry.
func (l *localDaemon) Pull(ctx context.Context, out io.Writer, ref string) error {
- // Eargerly create credentials.
- registryAuth, err := l.encodedRegistryAuth(ctx, DefaultAuthHelper, ref)
- // Let's ignore the error because maybe the image is public
- // and can be pulled without credentials.
-
rc, err := l.apiClient.ImagePull(ctx, ref, types.ImagePullOptions{
- RegistryAuth: registryAuth,
PrivilegeFunc: func() (string, error) {
// If the first pull is unauthorized, retry without ignoring the
// authentication error.
- return registryAuth, err
+ return l.encodedRegistryAuth(ctx, DefaultAuthHelper, ref)
},
})
if err != nil {The failure happens in |
|
Yes, that’s what i tried first.
…On Tue 7 Jul 2020 at 23:49, Brian de Alwis ***@***.***> wrote:
I was hoping the following would work (try as public, and then with auth),
except it fails with my private repository on Docker Hub when I'm logged
out:
--- pkg/skaffold/docker/image.go+++ pkg/skaffold/docker/image.go@@ -312,17 +312,11 @@ func (l *localDaemon) isAlreadyPushed(ctx context.Context, ref, registryAuth str
// Pull pulls an image reference from a registry.
func (l *localDaemon) Pull(ctx context.Context, out io.Writer, ref string) error {- // Eargerly create credentials.- registryAuth, err := l.encodedRegistryAuth(ctx, DefaultAuthHelper, ref)- // Let's ignore the error because maybe the image is public- // and can be pulled without credentials.-
rc, err := l.apiClient.ImagePull(ctx, ref, types.ImagePullOptions{- RegistryAuth: registryAuth,
PrivilegeFunc: func() (string, error) {
// If the first pull is unauthorized, retry without ignoring the
// authentication error.- return registryAuth, err+ return l.encodedRegistryAuth(ctx, DefaultAuthHelper, ref)
},
})
if err != nil {
The failure happens in ImagePull() the tryImageCreate() returns an
github.com/docker/docker/errdefs.ErrNotFound error, not an ErrUnauthorized
.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#4451 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABFPF2II325JWOB6BZYMCDR2OJ5LANCNFSM4OTOJRZQ>
.
|
briandealwis
reviewed
Jul 8, 2020
briandealwis
approved these changes
Jul 8, 2020
…ling. Fixes GoogleContainerTools#4447 Signed-off-by: David Gageot <[email protected]>
briandealwis
pushed a commit
that referenced
this pull request
Jul 13, 2020
…ling. (#4451) Fixes #4447 Signed-off-by: David Gageot <[email protected]>
briandealwis
pushed a commit
that referenced
this pull request
Jul 14, 2020
…ling. (#4451) Fixes #4447 Signed-off-by: David Gageot <[email protected]>
Merged
|
This came up again in Sean's friction log. We can suppress the output with diff --git examples/buildpacks/skaffold.yaml examples/buildpacks/skaffold.yaml
index d78c0a329..4938c8f14 100644
--- examples/buildpacks/skaffold.yaml
+++ examples/buildpacks/skaffold.yaml
@@ -4,7 +4,7 @@ build:
artifacts:
- image: skaffold-buildpacks
buildpacks:
- builder: "gcr.io/buildpacks/builder:v1"
+ builder: "gcr.io/<private-project>/first"
env:
- GOPROXY={{.GOPROXY}}
sync:$ CLOUDSDK_CORE_VERBOSITY=none skaffold build
Generating tags...
- skaffold-buildpacks -> skaffold-buildpacks:v1.13.1-50-g456977b80-dirty
Checking cache...
- skaffold-buildpacks: Not found. Building
Found [minikube] context, using local docker daemon.
Building [skaffold-buildpacks]...
couldn't build "skaffold-buildpacks": failed to fetch builder image 'gcr.io/<private-project>/first:latest': pulling image from repository: Error response from daemon: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #4447
Signed-off-by: David Gageot [email protected]