podman: Podman doesn't implement identityToken (OAuth2) for registry credentials

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

When pulling from azure container registry, docker pull is successful whereas podman pull fails. Auth information is located under ~/.docker/config.json. Podman documentation on pull specifies that if no auth.json file is found, then ~/.docker/config.json is used.

Steps to reproduce the issue:

  1. az acr login

  2. podman pull <images>

Describe the results you received:

unable to retrieve auth token: invalid username/password

Describe the results you expected:

Pull successful

Additional information you deem important (e.g. issue happens only occasionally):

Output of podman version:

Version:            1.6.1
RemoteAPI Version:  1
Go Version:         go1.12.9
OS/Arch:            linux/amd64

Output of podman info --debug:

[yihuaf@localhost km]$ podman info --debug
debug:
  compiler: gc
  git commit: ""
  go version: go1.12.9
  podman version: 1.6.1
host:
  BuildahVersion: 1.11.2
  CgroupVersion: v1
  Conmon:
    package: conmon-2.0.1-1.fc30.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.0.1, commit: 4346fbe0b2634b05857973bdf663598081240374'
  Distribution:
    distribution: fedora
    version: "30"
  MemFree: 2509381632
  MemTotal: 16482402304
  OCIRuntime:
    package: runc-1.0.0-95.rc9.gitc1485a1.fc30.x86_64
    path: /usr/bin/runc
    version: |-
      runc version 1.0.0-rc9+dev
      commit: 0840802d505e28d3adcbc7a275cbeadbdf64ddec
      spec: 1.0.1-dev
  SwapFree: 7904391168
  SwapTotal: 8308912128
  arch: amd64
  cpus: 8
  eventlogger: journald
  hostname: localhost.localdomain
  kernel: 5.2.16-200.fc30.x86_64
  os: linux
  rootless: true
  slirp4netns:
    Executable: /usr/bin/slirp4netns
    Package: slirp4netns-0.4.0-4.git19d199a.fc30.x86_64
    Version: |-
      slirp4netns version 0.4.0-beta.2
      commit: 19d199a6ca424fcf9516320a327cedad85cf4dfb
  uptime: 741h 40m 51.26s (Approximately 30.88 days)
registries:
  blocked: null
  insecure: null
  search:
  - docker.io
  - registry.fedoraproject.org
  - quay.io
  - registry.access.redhat.com
  - registry.centos.org
store:
  ConfigFile: $HOME/.config/containers/storage.conf
  ContainerStore:
    number: 0
  GraphDriverName: overlay
  GraphOptions:
    overlay.mount_program:
      Executable: /usr/bin/fuse-overlayfs
      Package: fuse-overlayfs-0.6.4-2.fc30.x86_64
      Version: |-
        fusermount3 version: 3.6.2
        fuse-overlayfs: version 0.6.4
        FUSE library version 3.6.2
        using FUSE kernel interface version 7.29
  GraphRoot: $HOME/.local/share/containers/storage
  GraphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  ImageStore:
    number: 9
  RunRoot: /run/user/1000
  VolumePath: $HOME/.local/share/containers/storage/volumes

Package info (e.g. output of rpm -q podman or apt list podman):

(paste your output here)

Additional environment details (AWS, VirtualBox, physical, etc.):

Local fedora 30 box.

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Reactions: 1
  • Comments: 32 (13 by maintainers)

Most upvoted comments

@fuomag9 see the referenced issue #12706

+1
matejvasek on Jan 31, 2022

--authfile="" doesn’t seem to work. Should I try converting .docker/config.json into a authfile? Is there a doc on the format of the authfile? I can’t seem to find it.

Will try podman login a bit. Azure is a bit pain to use docker/podman login directly. Their CLI is hardcoded wrapper to docker login.

+1
yihuaf on Oct 28, 2019
Read more comments on GitHub
← podman: podman doesn't honour `init_path` for its pause containers
podman: podman doesn't start `aardvark-dns` when in an LXC container →