-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to push to private Docker Hub repository with default docker login and credential helper #2182
Comments
Hi @edthorne,
It is
It works for me:
Basically, there's no reason to use FYI,
But make no mistake; Jib still supports And as you said, putting the key |
I believe this issue is resolved. Feel free to re-open or update if you'd like to give us any feedback. |
Environment:
Description of the issue:
Changes introduced in #1958 changed the order of the credential store lookup and the method used to perform the lookup. The credential helpers utilize the repository address to retrieve the credentials. As documented in #586, the default value used by the
docker
CLI'slogin
command ishttps://index.docker.io/v1/
.Versions prior to 1.6 worked as expected. Versions 1.6 and later exhibit the following output:
The output demonstrates that the code is trying to use the values in
RegistryAliasGroup.REGISTRY_ALIAS_GROUPS
as keys into the credential store. Because the credential store has stored the login with the keyhttps://index.docker.io/v1/
, the credential helper is unable to find it.The code previously used the
auths
values present to pattern match the registry values withDockerConfig.getRegistryMatchersFor(String registry)
method. Because the credential key was matched from the partialindex.docker.io
in theauths
value and that full value was used by the helper, the credentials were properly returned.Expected behavior:
The default login credentials in the configured credential store should work when pushing to private Docker Hub repositories
Steps to reproduce:
docker login
and enter your credentialsLog output:
Output included above
Additional Information:
This comment acknowledges that #1958 was a breaking change. It also says:
I couldn't find any foundation for this statement in any of the linked issues or the current Docker documentation for
docker login
. While there's a default behavior per operating system, nothing states thatcredsStore
is no longer used or necessary. In my case I've explicitly configuredsecretservice
in lieu of the defaultpass
.The thing that appears to be missing from the new code is usage of the
getRegistryMatchersFor
logic that pattern matches the repositories. In this linked issue there's discussion ofclient.List
as a replacement for the blankauths
in the configuration:If this is in fact the case, the code should be listing the credentials stored by the credential helper using
list
and pattern matching those to identify the credential to retrieve.Configuring a credential helper (
credHelper
) forregistry-1.docker.io
does not solve the problem. The only work around I was able to find was to do the following:docker login registry-1.docker.io
This adds a second set of credentials to the credential helper that jib is able to find with the current code base. Here's the output of
list
:This case is not covered by the current FAQ entry. As you can expect, pushing using the
docker
CLI works.The text was updated successfully, but these errors were encountered: