initiateUpload() fails with gitlab registries due to urlValues["from"] causing an auth failiure #220
Comments
|
I think this was fixed a couple hours ago 😅 See #219 |
|
Going to close this. Please feel free to reopen if it repros at HEAD. |
|
Reopening because it seems this worked for harbor but not gitlab. Copying @bajacondor 's comment from the PR.
|
|
I am admittedly ruby-ignorant, but casually looking through gitlab it seems that they don't handle multiple scopes during the token exchange. I may be misreading, but see here: I wonder if #221 would help with this somehow. |
|
Thank you for re-opening. Also, thank you @jonjohnsonjr for digging into gitlab code. I see also that they refuse a scope where the path is not within the repository: |
|
Thanks @bajacondor - I just saw this issue as well: https://gitlab.com/gitlab-org/gitlab-ce/issues/48968 Related kaniko issue: GoogleContainerTools/kaniko#181 |
|
Looks like this got fixed on GitLab's side: https://gitlab.com/gitlab-org/gitlab-ce/issues/48968 🎉 @bajacondor can we close this now? |
Authentication to gitlab docker registry is failing on push for blobs that have the
fromquerystring property added when that value is a registry other than gitlab.Requests like this from
initiateUpload():https://gitlab-registry.example.com/v2/cicd/bazel-reference-implementations/java/blobs/uploads/?from=library%2Fnginx&mount=sha256%3A162f7aebbf400c6fb16f0520254513b6e505b567ca2fb3995311f92a71f0419fRespond with this:
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"repository","Class":"","Name":"cicd/bazel-reference-implementations/java","Action":"pull"},{"Type":"repository","Class":"","Name":"cicd/bazel-reference-implementations/java","Action":"push"},{"Type":"repository","Class":"","Name":"library/nginx","Action":"pull"}]}]}The text was updated successfully, but these errors were encountered: