#Can't access private container image

Hello people,
I'm trying to a build a very basic container image based on another image located in a private registry:

package main

import (
    "dagger.io/dagger"
    "universe.dagger.io/docker"
)

#doStuff: {
    // Source code of the Python application
    source: dagger.#FS

    // Resulting container image
    image: _build.output

    // Build steps
    _build: docker.#Build & {
        steps: [
            docker.#Pull & {
                source: "eu.gcr.io/private/image:foo"
            },
            docker.#Set & {
                config: cmd: ["sh", "-c", "'echo foo'"]
            },
        ]
    }
}

// Example usage in a plan
dagger.#Plan & {
    client: filesystem: "./src": read: contents: dagger.#FS

    actions: build: #doStuff & {
        source: client.filesystem."./src".read.contents
    }
}

The image exists and I can pull the image just fine with docker, e.g.:

docker pull eu.gcr.io/private/image:foo

However dagger-cue gives me the following error:

1:50PM FATAL failed to execute plan: task failed: actions.build._build._dag."0"._pull: pulling from host eu.gcr.io failed with status code [manifests foo]: 401 Unauthorized

The problem also occurs with DockerHub.

According to https://docs.dagger.io/162770/faq/#how-do-i-log-in-to-a-container-registry-using-a-dagger-sdk this should just work, but it does not 😦

Can someone help me out?

Hi @wispy torrent ! 👋 You could add auth to docker.#Pull:

https://github.com/dagger/dagger/blob/v0.2.x/pkg/universe.dagger.io/docker/pull.cue#L18-L21

Here's a complete example: https://docs.dagger.io/1244/docker/#dockerpull

The creds are in env vars in this case

According to https://docs.dagger.io/162770/faq/#how-do-i-log-in-to-a-container-registry-using-a-dagger-sdk this should just work, but it does not 😦
That note is really applicable to the new language SDKs like Go, Python, Node.js, etc.

Thank you, I got it working that way!
I'm still confused why the way described in the FAQ does not work though.

@wispy torrent Good to hear!

Is there a reason why you need/want to use the CUE approach?

If you used one of the newer Dagger SDKs, which language would you choose? Python?

Probably Go.
Is the FAQ way only unsupported for CUE?

Correct.

https://github.com/dagger/dagger/issues/4272

Oh so fast, already an issue, just what I wanted to suggest 😄

Thank you for taking time to push me into the right direction 🙏
I will keep fiddling around with dagger 🙂

@wispy torrent Here's something to play with 🙂 Very similar to your CUE example above. Happy hacking!
https://gist.github.com/jpadams/4c59f43cab23895951e1c7fe71c03562

The image that I base things on Container.From("jeremyatdockerhub/ubuntu_test:latest") is private, so Dagger relies on the fact that I'm logged in to Docker Hub via docker login.

deso ➤ cat src/bar
hello

You can use the Getting Started to get things going, but use that main.go instead.

https://docs.dagger.io/sdk/go/959738/get-started

The image I published is public, so you can run docker run -it --rm jeremyatdockerhub/result:1

or look to see that /src/bar is really there with docker run -it --rm --entrypoint sh jeremyatdockerhub/result:1 and then take a look around 🙂

Successful run with registry creds in place (docker login was done at some point)

deso ➤ go run main.go
Building with Dagger
#1 resolve image config for docker.io/jeremyatdockerhub/ubuntu_test:latest
#1 DONE 0.9s

#2 local:///Users/jeremyadams/src/deso/src
#2 transferring /Users/jeremyadams/src/deso/src: 24B done
#2 DONE 0.0s

#3 docker-image://docker.io/jeremyatdockerhub/ubuntu_test:latest
#3 resolve docker.io/jeremyatdockerhub/ubuntu_test:latest
#3 resolve docker.io/jeremyatdockerhub/ubuntu_test:latest 0.2s done
#3 DONE 0.2s

#4 copy / /
#4 CACHED

#5 copy / /src
#5 CACHED

#6 exporting to image
#6 exporting layers done
#6 exporting manifest sha256:6b995bb9b5a5b4a3112964cc7b8af96ad4d89bd05394253a30852c93b8cf463d done
#6 exporting config sha256:6029fcdc7615e098475866b698f0512d51c48cef40301669d765b120a9cb76af done
#6 pushing layers
#6 pushing layers 0.6s done
#6 pushing manifest for docker.io/jeremyatdockerhub/result:1@sha256:6b995bb9b5a5b4a3112964cc7b8af96ad4d89bd05394253a30852c93b8cf463d
#6 pushing manifest for docker.io/jeremyatdockerhub/result:1@sha256:6b995bb9b5a5b4a3112964cc7b8af96ad4d89bd05394253a30852c93b8cf463d 0.1s done
docker.io/jeremyatdockerhub/result:1@sha256:6b995bb9b5a5b4a3112964cc7b8af96ad4d89bd05394253a30852c93b8cf463d

After docker logout

deso ➤ go run main.go
Building with Dagger
#1 resolve image config for docker.io/jeremyatdockerhub/ubuntu_test:latest
panic: input:1: container.from pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed

Please visit https://dagger.io/help#go for troubleshooting guidance.

goroutine 1 [running]:
main.build({0x10321ff70, 0x1400011a000})
    /Users/jeremyadams/src/deso/main.go:50 +0xa20
main.main()
    /Users/jeremyadams/src/deso/main.go:12 +0x30
exit status 2

Happy new year and thank you for all the examples! ❤️