Push Authentication configuration in pom not working

[heapifyman]

Description

I'm trying to build my image based on a public docker image and then push my image to my private registry (gitlab), which requires authentication.

The push fails with

Unable to push 'gitlab.comp.de:5555/proj/docker-images/alpine:3.4' from registry 'gitlab.comp.de:5555' : denied: access forbidden

when defining <authConfig><push> in pom.xml as described in documentation https://dmp.fabric8.io/#authentication

The push works when specifying -Ddocker.push.username and -Ddocker.push.password on command line.

It also works if I login to registry with docker login gitlab.comp.de:5555 first

It also works if I omit <push> and provide <username> and <password> directly under <authConfig>. Obviously, in this case the image has to be locally available already, otherwise the pull will fail with unauthorized: incorrect username or password.

Info

• d-m-p version : tried with 0.22.1 and 0.18.1
• Maven version (mvn -v) :

Apache Maven 3.5.0 (NON-CANONICAL_2017-04-10T13:56:20+03:00_root; 2017-04-10T12:56:20+02:00)
Maven home: /opt/maven
Java version: 1.8.0_144, vendor: Oracle Corporation
Java home: /usr/lib/jvm/java-8-openjdk/jre
Default locale: de_DE, platform encoding: UTF-8
OS name: "linux", version: "4.12.10-1-arch", arch: "amd64", family: "unix"

• Docker version : 17.05.0-ce, build 89658be
• If it's a bug, how to reproduce :
  pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>org.heapifyman</groupId>
    <artifactId>docker-push-test</artifactId>
    <version>1.0-SNAPSHOT</version>

    <build>
        <plugins>
            <plugin>
                <groupId>io.fabric8</groupId>
                <artifactId>docker-maven-plugin</artifactId>
                <version>0.22.1</version>
                <configuration>
                    <authConfig>
                        <push>
                            <username>user</username>
                            <password>secret</password>
                        </push>
                    </authConfig>
                    <images>
                        <image>
                            <alias>alpine:3.4</alias>
                            <name>gitlab.comp.de:5555/proj/docker-images/alpine:3.4</name>
                            <build>
                                <from>alpine:3.4</from>
                                <maintainer>ME</maintainer>
                            </build>
                        </image>
                    </images>
                </configuration>
                <executions>
                    <execution>
                        <id>build-image</id>
                        <phase>install</phase>
                        <goals>
                            <goal>build</goal>
                        </goals>
                    </execution>
                    <execution>
                        <id>push-image</id>
                        <phase>deploy</phase>
                        <goals>
                            <goal>push</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>
        </plugins>
    </build>
</project>

[rhuss]

Have you tried to use an entry in ~/.m2/settings.xml like

<servers>
  <server>
    <id>gitlab.comp.de</id>
    <username>user</username>
    <password>secret</password>
  </server>
  ....
</servers>

? Would be interesting if this works for you. (btw, this way is recommended over using an <auth> section as it avoid leaking credentials to the pom.xml)

[heapifyman]

Yes, using <server> in settings.xml works. I had to specify the port in <id>, probably because I am not using the standard port 5000.

I know settings.xml is preferred to using credentials in pom.xml, but the documentation says that <authConfig><push> should also work, but unfortunately it doesn't.

[rhuss]

Agreed, it should work of course. 'will have a look asap (not sure when time permits).

[heapifyman]

It appears that the authConfig is never actually read/created?
Wherever I put a log statement, authconfig ist always null. For example in RegistryService.createAuthConfig

[rhuss]

Fancy to have a look and send a PR ? I'm currently really flooded and will tackle this issue, but probably not very soon.

[heapifyman]

I would like to try. But I'm new to maven plugin dev.

Could you point me to the class / package that handles reading the pom configuration? The general direction would be ok, I guess.

And is there some documentation how to debug the plugin, so I can see how it works with my pom?