Harbor cleanup: Robot account doesn't have enough rights for cleanup images

[ivanov-danil]

Before proceeding

• I didn't find a similar issue

Version

v1.2.219+fix3

How to reproduce

1. Create a robot account with full grants in exact project
2. werf cr login -u $USERNAME -p $PASSWORD (with robot account credentials)
3. werf cleanup

Result

Error: unable to remove repo image. DELETE https:/example.com/v2/example/example-operator/manifests/sha256:xxx: UNAUTHORIZED: unauthorized to access repository: example/example-operator, action: delete: unauthorized to access repository: example/example-operator, action: delete

Expected result

Successful cleanup

Additional information

From Harbor docs about robot accounts:
https://goharbor.io/docs/1.10/working-with-projects/project-configuration/create-robot-accounts/

You can create robot accounts to run automated operations. Robot accounts have the following limitations:
Robot Accounts cannot log in to the Harbor interface.
Robot Accounts can only perform operations by using the Docker and Helm CLIs.

[alexey-igrychev]

@ivanov-danil ❤️

Using a robot token to clean up the container registry with werf is not supported yet. To untag images with the token werf should use Harbor API instead Docker Registry HTTP API V2 for Harbor. Nevertheless, a regular token with delete permissions works well.

For now, this is not a priority task, but we strongly encourage and help with contributions from the community. Implementation is not difficult and similar to deleting the repository in Harbor.