]
Xavier Coulon reassigned ERT-470:
---------------------------------
Issue Type: Bug (was: Task)
Sprint: devex #124 December 2017
Affects Version/s: Neon.1 (4.6)
Assignee: Xavier Coulon
Unable to list image tags on DockerHub [EBZ#508282]
---------------------------------------------------
Key: ERT-470
URL:
https://issues.jboss.org/browse/ERT-470
Project: Eclipse Release Train
Issue Type: Bug
Components: Linux Tools
Affects Versions: Neon.1 (4.6)
Reporter: Friendly Jira Robot
Assignee: Xavier Coulon
Labels: 5.2.0, Docker, bzira
Fix For: Neon.2 (4.6)
It seems like the '/v1/' endpoint has been removed, resulting in an empty list of
tags in the "Search Images" wizard.
But there's hope. The Docker Hub registry now runs on the '/v2' endpoint but
requires authentication:
curl
https://index.docker.io/v2/jboss/wildfly/tags/list -v
* Trying 54.85.12.131...
* Connected to index.docker.io (54.85.12.131) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: *.docker.io
* Server certificate: RapidSSL SHA256 CA - G3
* Server certificate: GeoTrust Global CA
> GET /v2/jboss/wildfly/tags/list HTTP/1.1
> Host: index.docker.io
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Content-Type: application/json; charset=utf-8
< Docker-Distribution-Api-Version: registry/2.0
< Www-Authenticate: Bearer
realm="https://auth.docker.io/token",service="registry.docker.io",scope="repository:jboss/wildfly:pull"
< Date: Mon, 28 Nov 2016 10:29:37 GMT
< Content-Length: 145
< Strict-Transport-Security: max-age=31536000
<
{"errors":[{"code":"UNAUTHORIZED","message":"authentication
required","detail":[{"Type":"repository","Name":"jboss/wildfly","Action":"pull"}]}]}
The request above failed because not auth token was provided, but the registry returned a
special 'Www.Authenticate' response header which points to the authentication
service to call, along with the parameters to provide:
curl -v
https://auth.docker.io/token\?service\=registry.docker.io\&scope\=rep...
* Trying 52.72.61.89...
* Connected to auth.docker.io (52.72.61.89) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: *.docker.io
* Server certificate: RapidSSL SHA256 CA - G3
* Server certificate: GeoTrust Global CA
> GET /token?service=registry.docker.io&scope=repository:jboss/wildfly:pull
HTTP/1.1
> Host: auth.docker.io
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: application/json
< Date: Mon, 28 Nov 2016 10:29:58 GMT
< Content-Length: 1442
< Strict-Transport-Security: max-age=31536000
<
{"token":"eyJ...Rg"}
Once the token has be retrieved, the first request can be run again, this time with the
token:
curl
https://index.docker.io/v2/jboss/wildfly/tags/list -v -H "Authorization: Bearer
eyJ...Rg"
* Trying 52.207.178.113...
* Connected to index.docker.io (52.207.178.113) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: *.docker.io
* Server certificate: RapidSSL SHA256 CA - G3
* Server certificate: GeoTrust Global CA
> GET /v2/jboss/wildfly/tags/list HTTP/1.1
> Host: index.docker.io
> User-Agent: curl/7.43.0
> Accept: */*
> Authorization: Bearer eyJ...Rg
>
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=utf-8
< Docker-Distribution-Api-Version: registry/2.0
< Date: Mon, 28 Nov 2016 10:30:13 GMT
< Content-Length: 157
< Strict-Transport-Security: max-age=31536000
<
{"name":"jboss/wildfly","tags":["10.0.0.Final","10.1.0.Final","8.1.0.Final","8.2.0.Final","8.2.1.Final","9.0.0.Final","9.0.1.Final","9.0.2.Final","latest"]}
See
https://docs.docker.com/registry/spec/api/#/listing-image-tags
and
https://docs.docker.com/registry/spec/auth/token/#/requesting-a-token
The logic to retrieve the list of tags for a given image should check if the registry is
a 'v2' and if it needs authentication as described above.