Description of problem: Ran into an auth problem doing oc adm release new but the default error output didn't clarify what exactly was failing. ❯ oc adm release new --from-release registry.svc.ci.openshift.org/ocp/release:4.5.0-0.nightly-2020-08-06-050650 cloud-credential-operator=quay.io/dgoodwin/cloud-credential-operator:latest --to-image quay.io/dgoodwin/origin-release:latest [snip] info: Loading sha256:725ac6e4957036d8d85d6f9ae8fb4fe93b0fb8008fc12c81d72459bb4e1f866b operator-marketplace info: Loading sha256:d908715bc7102d256dc4c00bb99db860d57c85a2c6a61928ded208b2fb63a00b service-ca-operator error: unauthorized: access to the requested resource is not authorized With loglevel 9 it turned out this was actually MY repo the auth was failing on. Version-Release number of selected component (if applicable): 4.4.3 How reproducible: Steps to Reproduce: 1. oc adm release new with a --to-image you do not have auth for. Actual results: Unauthorized error but unclear what or where. Expected results: Indicate this was the auth to the --to-image that failed. Additional info:
Right, this error message can/should be clarified so user knows which registry/repo and/or image caused the failure. In this case, 'oc adm release new' requires 2 auths, one for pulling and one for the push, and this isn't possible with the same-registry/different-repo (quay.io/openshift-release-dev for the pull and quay.io/dgoodwin for the push) in a single auth file. This is a limitation of docker, podman, and oc -these tools cannot authenticate with a single auth file that holds creds for registry/repo1 and registry/repo2. In such a scenario, only the first listed auth will be used. With 'oc adm release new' the workaround is to mirror the nightly to disk, then `oc adm release new` from disk to quay.io/anyrepo OR, instead of pushing the release to your quay account, you can push to docker hub. For this bz, I'll clarify the error message.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196