New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for token login Gitlab (Registry crawler) #12
Comments
I think we do something similar for https://github.com/target/portauthority/blob/master/pkg/docker/auth.go#L41-L57 Are you still supplying credentials for the initial login to the registry? |
I'm running it locally on minikube, this is the curl command:
So I just fill in my username in the username field and gitlab access token in the password field. |
Is that how you typically log into your gitlab registry? I took a brief look at their registry docko and it looks like fairly common for a docker v2 registry. Also with the minikube setup you probably need to add the exposed nodeport to your query. like so:
|
I used the nodeport while trying it out, must have deleted it when editing the copy paste. We first authenticate with our jwt service to issue auth tokens for the registry API, then we use that token for all the other requests. I think it is indeed similar to the For example: And then: Which will give me back the list |
Apparently, if using Gitlab, the user provided will need to be an admin user. So now I ran into an error: The get request goes to a deleted repository which is still found in the _catalog list . (Also no https:// in the GET Request) |
We use a private Gitlab Docker registry which uses a JWT authentication service to issue auth tokens for the registry API. Instead of authenticating with a username and password for the registry crawler, is it possible to support the use of an authentication token?
For example we use https://gitlab.xxx/jwt/auth?service=container_registry&scope=repository:xxx/xxx:pull which gives us the token we need to authenticate with the registry.
Is it possible to either just use that token directly or to make an auth request to our JWT service?
The text was updated successfully, but these errors were encountered: