harbor: Can't use Docker Registry V2 HTTPS API w/ Harbor Registry.
Issue
By trying to use the standard Docker Registry V2 HTTPS API with node-fetch & with cURL, I only get the UNAUTHORIZED error code.
Here is an example request :
curl -X GET -u user:password "https://ID.gra7.container-registry.ovh.net/v2/_catalog"
and the result
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"registry","Class":"","Name":"catalog","Action":"*"}]}]}
The user and the password work to connect to the Harbor GUI & also work with docker login.
I cannot find any resources online about this issue. I need access to the following standard API requests :
GET /_catalogGET /{repository}/tags/listHEAD /{repository}/manifests/{tag}DELETE /{repository}/manifests/{tag}
These requests work as intended with other standard Docker Registries. How can I use them with Harbor ?
Thanks for your help.
More results
GET /_catalog
{
"errors": [
{
"code":"UNAUTHORIZED",
"message":"authentication required",
"detail": [
{
"Type":"registry",
"Class":"",
"Name":"catalog",
"Action":"*"
}
]
}
]
}
GET /{repository}/tags/list
{
"errors": [
{
"code":"UNAUTHORIZED",
"message":"authentication required",
"detail": [
{
"Type":"repository",
"Class":"",
"Name":"<subdir>/<reponame>",
"Action":"pull"
}
]
}
]
}
HEAD /{repository}/manifests/{tag}
HTTP/2 401
date: Tue, 01 Dec 2020 11:01:46 GMT
content-type: application/json; charset=utf-8
content-length: 168
docker-distribution-api-version: registry/2.0
www-authenticate: Bearer realm="https://ID.gra7.container-registry.ovh.net/service/token",service="harbor-registry",scope="repository:<subdir>/<reponame>:pull"
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-ovh-ingress: public-ingress
DELETE /{repository}/manifests/{tag}
{
"errors": [
{
"code":"UNAUTHORIZED",
"message":"authentication required",
"detail": [
{
"Type":"repository",
"Class":"",
"Name":"<subdir>/<reponame>",
"Action":"delete"
}
]
}
]
}
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 20 (3 by maintainers)
Hi, using Harbor v2.5.3, I created a system robot account using below API
With this robot I was able to call “GET {harbor-host}/v2/_catalog” successfully BUT trying to call “GET {harbor-host}/v2/{project}/{repo}/tags/list” I’m receiving
Get “{harbor-host}/v2/{project}/{repo}/tags/list”: http: non-successful response (status=401 body=“{"errors":[{"code":"UNAUTHORIZED","message":"unauthorized to access repository: {project}/{repo}, action: pull: unauthorized to access repository: {project}/{repo}, action: pull"}]}\n”)
I think this “if” https://github.com/goharbor/harbor/blob/v2.5.3/src/server/middleware/v2auth/auth.go#L76 is returning “false” for some reason (unknown to me).
I am also seeing this behavior. Is this seen as a non-issue by the maintainers?
What’s your harbro version?
If your harbor instance is new version and standard, you can use basic auth to access v2 API with baisc auth. e.g.
This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.
This issue was closed because it has been stalled for 30 days with no activity. If this issue is still relevant, please re-open a new issue.
This is fixed in version 2.2.1 - I’ve just confirmed it.