Problems with docker registry authorization | Dagger | Page 1

hybrid pilot Oct 17, 2023, 1:06 PM

#

Hello everyone,

I am currently facing an issue where I am unable to authenticate myself to our company's docker registry (Harbor) using the Go SDK method WithRegistryAuth() to pull images.

Regardless of whether I use the method or not, I receive an Unauthorized 401 error when attempting to pull an image. If I log in beforehand using the Docker CLI via docker login, it works.

Below is a minimal example of the code I am using.

func main() {  
       vars := []string{"HARBOR_USER", "HARBOR_PASS"}  
  
       for _, v := range vars {  
               if os.Getenv(v) == "" {  
                       log.Fatalf("Environment variable %s is not set", v)  
               }  
       }  
  
       ctx := context.Background()  
       client, err := dagger.Connect(ctx, dagger.WithLogOutput(os.Stdout), dagger.WithWorkdir(".."))  
       if err != nil {  
               panic(err)  
       }  
       defer client.Close()  
  
       golangImage := "corporate-harbor-registry.de/dockerhub/library/golang:latest"  
       harborUser := os.Getenv("HARBOR_USER")  
       harborPass := client.SetSecret("harborPass", os.Getenv("HARBOR_PASS"))  
  
       project := client.Host().Directory("./app")  
  
       builder := client.Container().  
               From(golangImage).  
               WithDirectory("/src", project).  
               WithWorkdir("/src").
               WithRegistryAuth("corporate-harbor-registry.de", harborUser, harborPass)  
  
       builder = builder.WithExec([]string{"go", "build", "-o", "microservice"})  
  
       _, err = builder.Stdout(ctx)  
       if err != nil {  
               panic(err)  
       }  
}

Is the login process somehow visible in the logs of the Dagger Engine? The logs I see don't seem to provide any information about it. Could this possibly be a Harbor-specific problem?

reef garden Oct 17, 2023, 2:51 PM

#

Hey @hybrid pilot could you try using the address formatted as this:

Registry's address to bind the authentication to. Formatted as [host]/[user]/[repo]:[tag] (e.g. docker.io/dagger/dagger:main).

So to be clear, change:

FROM: corporate-harbor-registry.de
TO: corporate-harbor-registry.de/dockerhub/library/golang:latest

This is from our NodeSDK docs, I could not see more info in the go SDK docs on what a proper address value looks like. If this works, can you let me know so I can update the docs to reflect this requirement?

Dagger NodeJS SDK | Dagger

api/client.gen.Container

hybrid pilot Oct 17, 2023, 3:51 PM

#

That unfortunately did not work either. Is it possible to increase the log level of the dagger-engine?

hybrid pilot Oct 18, 2023, 12:11 PM

#

Hello, since we use github actions as our ci tool, I found a solution by running a docker-login action before the Dagger run. This finally made the build work. I was wondering if other Daggernauts have encountered a similar issue.

reef garden Oct 18, 2023, 2:07 PM

#

[Update - please ignore, this is not 100% accurate]

Hey, thanks for giving that a try. I chatted a bit with Kyle yesterday and he mentioned that this actually wont work this way right now and this is a known issue.

The reason is that the from is the part that requires auth so it fails before it even gets to the WithRegistryAuth

This specific function is useful for pushing images if you haven't already authenticated, but its not useful for pulling images.

Using docker login is the current approach that folks should take.

#

Hey @hybrid pilot sorry I am chatting with a few folks internally and I may be giving you bad information. I am going to go try to reproduce this myself using Harbor and get back to you soon with more information.

We were able to get WithRegistryAuth working as expected to pull an image with docker hub.

reef garden Oct 18, 2023, 2:37 PM

#

Hey @hybrid pilot I think we got it now. 🙂

Could you please try to move your WithRegistryAuth to the top of the block. The order matters here.

from:

builder := client.Container().  
    From(golangImage).  
    WithDirectory("/src", project).  
    WithWorkdir("/src").
    WithRegistryAuth("corporate-harbor-registry.de", harborUser, harborPass)

to:

builder := client.Container().  
    WithRegistryAuth("corporate-harbor-registry.de", harborUser, harborPass).
    From(golangImage).  
    WithDirectory("/src", project).  
    WithWorkdir("/src").

Also for future reference, you can run your pipeline with --debug --progress=plain to get more verbose logging.

hybrid pilot Oct 19, 2023, 11:51 AM

#

Hey @reef garden it looks like its working now! Thanks for your support!

#Problems with docker registry authorization