Commit Graph

5 Commits

Author SHA1 Message Date
Sebastiaan van Stijn e26416f371
cli/registry/client: set actions when authn with token
When using a personal access token, Docker Hub produces an error if actions
are requested beyond the token's allowed actions. This resulted in errors
when using a PAT with limited permissions to do a "docker manifest inspect".

This patch sets actions to "pull" only by default, and requests "push" action
for requests that need it.

To verify:

- create a PAT with limited access (read-only)
- log in with your username and the PAT as password

Before this patch:

    docker manifest inspect ubuntu:latest
    Get "https://registry-1.docker.io/v2/library/ubuntu/manifests/latest": unauthorized: access token has insufficient scopes

With this patch applied:

    docker manifest inspect ubuntu:latest
    {
       "schemaVersion": 2,
       "mediaType": "application/vnd.oci.image.index.v1+json",
       "manifests": [
          {
             "mediaType": "application/vnd.oci.image.manifest.v1+json",
             "size": 424,
             "digest": "sha256:56887c5194fddd8db7e36ced1c16b3569d89f74c801dc8a5adbf48236fb34564",
             "platform": {
                "architecture": "amd64",
                "os": "linux"
             }
          },
          {
             "mediaType": "application/vnd.oci.image.manifest.v1+json",
             "size": 424,
             "digest": "sha256:c835a4f2a632bc91a2b494e871549f0dd83f2966c780e66435774e77e048ddf0",
             "platform": {
                "architecture": "arm",
                "os": "linux",
                "variant": "v7"
             }
          }
       ]
    }

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d2047b954e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-22 21:56:45 +02:00
Sebastiaan van Stijn ae7cd7e16a
cli/registry/client: AuthorizeRequest(): remove name for unused arg (revive)
This method implements the interface defined in distribution, but doesn't
use the argument.

    cli/registry/client/endpoint.go:123:69: unused-parameter: parameter 'params' seems to be unused, consider removing or renaming it as _ (revive)
    func (th *existingTokenHandler) AuthorizeRequest(req *http.Request, params map[string]string) error {
                                                                        ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9252fae838)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 15:21:09 +02:00
Sebastiaan van Stijn a04c8210a6
vendor: github.com/docker/docker 25917217cab38eab40c3db0010b915258f4a8491
b0f5bc36fe..25917217ca

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-22 10:16:54 +02:00
Christy Norman c26e2264fb specify specific permissions
When creating manifest lists, don't use "*" as the permission when
creating the token handler. This causes problems with gitlab's repos.

Fixes https://github.com/docker/cli/issues/1010

Signed-off-by: Christy Norman <christy@linux.vnet.ibm.com>
2018-04-24 17:01:57 -05:00
Christy Perez 02719bdbb5 add manifest command
Enable inspection (aka "shallow pull") of images' manifest info, and
also the creation of manifest lists (aka "fat manifests").

The workflow for creating a manifest list will be:

`docker manifest create new-list-ref-name image-ref [image-ref...]`
`docker manifest annotate new-list-ref-name image-ref --os linux --arch
arm`
`docker manifest push new-list-ref-name`

The annotate step is optional. Most architectures are fine by default.

There is also a `manifest inspect` command to allow for a "shallow pull"
of an image's manifest: `docker manifest inspect
manifest-or-manifest_list`.

To be more in line with the existing external manifest tool, there is
also a `-v` option for inspect that will show information depending on
what the reference maps to (list or single manifest).

Signed-off-by: Christy Perez <christy@linux.vnet.ibm.com>
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-01-08 10:43:56 -06:00