Credentials for Docker Hub may be stored in different registry entry.

[coollog]

Some people are experiencing an authorization error when pushing to Docker Hub even if pushing with docker works. This may be because Docker Hub credentials could be stored under a different registry entry instead of registry.hub.docker.com. For example, a Docker config (located usually at $HOME/.docker/config.json) could have:

{
	"auths": {
		"https://index.docker.io/v1/": {},
...

We should support this alias as well when using Docker config to fetch credentials.

[coollog]

May be what's happening for #564

[coollog]

We should also support any auths with suffixes after the registry domain (ie. index.docker.io/v1/ vs. index.docker.io) in this method.

[chanseokoh]

How should it work exactly? For example, my intuition is that, if the given registry is index.docker.io, it wouldn't match the entry index.docker.io/v1/ in the Docker config because it is more specific. Conversely, if the given repository is index.docker.io/v1/, it would match entries of both index.docker.io and index.docker.io/v1/. Is that right? And is the suffix only possible in the Docker config or it is generally applicable in other stores like settings.xml and the build configurations (pom.xml and build.gradle)?

[coollog]

So v1 or v2 refers to the Docker Registry API version that route implements. For example, GCR uses Docker Registry API V2, so all requests are to gcr.io/v2/.... In the image reference, this v1 or v2 is omitted. I think the way it should work is that the domain name should match any entry with the suffix.

ie. index.docker.io should match index.docker.io and index.docker.io/v1

I think in settings.xml, we should do the opposite: index.docker.io/v1 should match index.docker.io/v1/ and not index.docker.io. This is so that specifying credentials for gcr.io/my-gcp-project should not have those credentials be used for gcr.io/my-other-gcp-project, for example.

[chanseokoh]

I think we should do the same to getCredentialHelperFor(), right?

[coollog]

Yep!

[chanseokoh]

Hmm... I actually find a pitfall with #642 and #650, with the startsWith registry name match. For example, this.regsitry should not match this.registry.com. I think the match of startsWith(registry + "/") should do it right.

[coollog]

@chanseokoh hmm, good catch - we should probably match equals(registry) || startsWith(registry + "/") so that if it's just this.registry.com it will still match

[chanseokoh]

What I think are the remaining tasks: also look for aliases in settings.xml and the auth section in build.gradle, and that's all?

[coollog]

I think we can leave that off to a later version, since the users explicitly type the names in settings.xml. (For auth, it is directly tied to the image so there is no alias necessary).