Bug 1304239 - [platformmanagement_public_435] Got "Unable to find a secret to match https://auth.docker.io/token" when import a private image from docker hub via a secret generated without docker-server flag
Summary: [platformmanagement_public_435] Got "Unable to find a secret to match https:/...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OKD
Classification: Red Hat
Component: Image Registry
Version: 3.x
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: ---
Assignee: Clayton Coleman
QA Contact: Wei Sun
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-02-03 06:32 UTC by weiwei jiang
Modified: 2016-10-30 22:54 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-05-12 17:12:26 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description weiwei jiang 2016-02-03 06:32:45 UTC 
Description of problem:
Got "Unable to find a secret to match https://auth.docker.io/token" when import a private from docker hub via a secret generated without docker-server flag

When generate the secret with the --docker-server=https://auth.docker.io, import pass without error.

Version-Release number of selected component (if applicable):
devenv-rhel7_3313

How reproducible:
always

Steps to Reproduce:
1. Generate a dockercfg type secrets for dockerhub without docker-server flag

2. Tag a dockerhub private images
 oc tag --source=docker wjiang/origin-ruby-sample:latest wjiang/test:latest 
3. Check the imagestream 

Actual results:
# oc describe is test
Name:                   test
Created:                23 minutes ago
Labels:                 <none>
Annotations:            openshift.io/image.dockerRepositoryCheck=2016-02-03T05:36:49Z
Docker Pull Spec:       172.30.130.207:5000/wjiang/test

Tag     Spec                                    Created         PullSpec                                                                Image
latest  wjiang/origin-ruby-sample:latest        22 minutes ago                                                                          import failed: you may not have access to the Docker image "wjiang/...

------
MASTER LOG:
I0203 00:40:09.884111    6708 credentials.go:108] Unable to find a secret to match https://auth.docker.io/token (auth.docker.io/token)                         [41/9844]
I0203 00:40:09.917351    6708 importer.go:426] unable to access tag "latest" for repository &importer.importRepository{Ref:api.DockerImageReference{Registry:"", Namespa
ce:"wjiang", Name:"origin-ruby-sample", Tag:"latest", ID:""}, Registry:(*url.URL)(0xc213d56680), Name:"wjiang/origin-ruby-sample", Insecure:false, Tags:[]importer.impor
tTag{importer.importTag{Name:"latest", Image:(*api.Image)(nil), Err:error(nil)}}, Digests:[]importer.importDigest(nil), MaximumTags:0, AdditionalTags:[]string(nil), Err
:error(nil)}: errcode.Errors{errcode.Error{Code:1002, Message:"access to the requested resource is not authorized", Detail:[]interface {}{map[string]interface {}{"Type"
:"repository", "Name":"wjiang/origin-ruby-sample", "Action":"pull"}}}}


Expected results:
3. should import successfully 

Additional info:
Comment 1 Clayton Coleman 2016-02-04 19:16:42 UTC 
Ah, we're not adding the token handler.  Will fix.
Comment 2 Clayton Coleman 2016-02-04 19:16:47 UTC 
Ah, we're not adding the token handler.  Will fix.
Comment 3 Clayton Coleman 2016-02-04 21:34:56 UTC 
Hrm - this looks like some magic behavior the docker client does.  Going to work around this for now with a check in our credential lookup.
Comment 4 Clayton Coleman 2016-02-04 22:08:14 UTC 
Fixed in https://github.com/openshift/origin/pull/7047.  Docker daemon has special behavior for this URL.
Comment 5 weiwei jiang 2016-02-15 03:04:14 UTC 
Checked with devenv-rhel7_3422, this issue has been fixed.
Note You need to log in before you can comment on or make changes to this bug.