Bug 1304239 - [platformmanagement_public_435] Got "Unable to find a secret to match https://auth.docker.io/token" when import a private image from docker hub via a secret generated without docker-server flag
[platformmanagement_public_435] Got "Unable to find a secret to match https:/...
Status: CLOSED CURRENTRELEASE
Product: OpenShift Origin
Classification: Red Hat
Component: Image Registry (Show other bugs)
3.x
Unspecified Unspecified
medium Severity medium
: ---
: ---
Assigned To: Clayton Coleman
Wei Sun
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-02-03 01:32 EST by weiwei jiang
Modified: 2016-10-30 18:54 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-05-12 13:12:26 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description weiwei jiang 2016-02-03 01:32:45 EST
Description of problem:
Got "Unable to find a secret to match https://auth.docker.io/token" when import a private from docker hub via a secret generated without docker-server flag

When generate the secret with the --docker-server=https://auth.docker.io, import pass without error.

Version-Release number of selected component (if applicable):
devenv-rhel7_3313

How reproducible:
always

Steps to Reproduce:
1. Generate a dockercfg type secrets for dockerhub without docker-server flag

2. Tag a dockerhub private images
 oc tag --source=docker wjiang/origin-ruby-sample:latest wjiang/test:latest 
3. Check the imagestream 

Actual results:
# oc describe is test
Name:                   test
Created:                23 minutes ago
Labels:                 <none>
Annotations:            openshift.io/image.dockerRepositoryCheck=2016-02-03T05:36:49Z
Docker Pull Spec:       172.30.130.207:5000/wjiang/test

Tag     Spec                                    Created         PullSpec                                                                Image
latest  wjiang/origin-ruby-sample:latest        22 minutes ago                                                                          import failed: you may not have access to the Docker image "wjiang/...

------
MASTER LOG:
I0203 00:40:09.884111    6708 credentials.go:108] Unable to find a secret to match https://auth.docker.io/token (auth.docker.io/token)                         [41/9844]
I0203 00:40:09.917351    6708 importer.go:426] unable to access tag "latest" for repository &importer.importRepository{Ref:api.DockerImageReference{Registry:"", Namespa
ce:"wjiang", Name:"origin-ruby-sample", Tag:"latest", ID:""}, Registry:(*url.URL)(0xc213d56680), Name:"wjiang/origin-ruby-sample", Insecure:false, Tags:[]importer.impor
tTag{importer.importTag{Name:"latest", Image:(*api.Image)(nil), Err:error(nil)}}, Digests:[]importer.importDigest(nil), MaximumTags:0, AdditionalTags:[]string(nil), Err
:error(nil)}: errcode.Errors{errcode.Error{Code:1002, Message:"access to the requested resource is not authorized", Detail:[]interface {}{map[string]interface {}{"Type"
:"repository", "Name":"wjiang/origin-ruby-sample", "Action":"pull"}}}}


Expected results:
3. should import successfully 

Additional info:
Comment 1 Clayton Coleman 2016-02-04 14:16:42 EST
Ah, we're not adding the token handler.  Will fix.
Comment 2 Clayton Coleman 2016-02-04 14:16:47 EST
Ah, we're not adding the token handler.  Will fix.
Comment 3 Clayton Coleman 2016-02-04 16:34:56 EST
Hrm - this looks like some magic behavior the docker client does.  Going to work around this for now with a check in our credential lookup.
Comment 4 Clayton Coleman 2016-02-04 17:08:14 EST
Fixed in https://github.com/openshift/origin/pull/7047.  Docker daemon has special behavior for this URL.
Comment 5 weiwei jiang 2016-02-14 22:04:14 EST
Checked with devenv-rhel7_3422, this issue has been fixed.

Note You need to log in before you can comment on or make changes to this bug.