readOnly operations fail against registries that require basic auth #1525
Assignees
Comments
|
Any update on this issue? |
yoheiueda
added a commit
to yoheiueda/notary
that referenced
this issue
Jun 29, 2021
Fixes notaryproject#1525. authRoundTripper.RountTrip first tries to access a server anonymously. This attempt fails if fetching a token requires basic authentication, but t.RoundTrip returns a non-nil error even if fetching a token fails due to http.StatusUnauthorized(401). This change fixes the issue by checking whether the non-nil error is actually caused by http.StatusUnauthorized(401) or not. Signed-off-by: Yohei Ueda <yohei@jp.ibm.com>
yoheiueda
added a commit
to yoheiueda/notary
that referenced
this issue
Jun 29, 2021
Fixes notaryproject#1525. authRoundTripper.RountTrip first tries to access a server anonymously. This attempt fails if fetching a token requires basic authentication, but t.RoundTrip returns a non-nil error even if fetching a token fails due to http.StatusUnauthorized(401). This change fixes the issue by checking whether the non-nil error is actually caused by http.StatusUnauthorized(401) or not. Signed-off-by: Yohei Ueda <yohei@jp.ibm.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For private registries, one must be able to provide basic auth creds, via
NOTARY_AUTHenv var or interactively. However, the code assumes that allreadOnlyoperations can be anonymous, which in turn suppresses sending the auth header.We discovered this problem because #1315 made lookup a
readOnlyoperation, so nownotary lookupcannot be used with private registries even ifNOTARY_AUTHis set.Reverting ad8b0a7 fixes the problem for us, though I believe the real issue is that
readOnlyis synonymous with "anonymous".The text was updated successfully, but these errors were encountered: