Description of problem: Per https://github.com/openshift/oc/pull/893 When ${XDG_RUNTIME_DIR}/containers/auth.json exists but doesn't contain target auth, oc command won't query ${XDG_CONFIG_HOME}/containers/auth.json, ~/.docker/config.json in turn, just return 401 unauth error. Version-Release number of selected component (if applicable): Build oc from https://github.com/openshift/oc/pull/893 How reproducible: always Steps to Reproduce: 1.Set ${XDG_RUNTIME_DIR},and create a empty file ${XDG_RUNTIME_DIR}/containers/auth.json $ ll ${XDG_RUNTIME_DIR}/containers/auth.json -rw-r--r--. 1 wxj docker 3 8月 11 15:21 /run/user/1000/containers/auth.json 2. Ensure the quay.io auth are in ~/.docker/config.json 3. Check a quay.io image using oc image info cmd. $oc image info quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b2387eba6081b9feb57fd84751789cb1f5ea915ca061895e29949f6d3b60515e --loglevel=5 4. Delete ${XDG_RUNTIME_DIR}/containers/auth.json 5. repeat step 3 Could get image info Actual results: step 3: I0811 15:23:30.697626 13959 client_mirrored.go:169] Attempting to connect to quay.io/openshift-release-dev/ocp-v4.0-art-dev I0811 15:23:31.831879 13959 credentials.go:105] Unable to find a secret to match https://quay.io/v2/auth (quay.io/auth) I0811 15:23:32.410903 13959 client_mirrored.go:378] get manifest for sha256:b2387eba6081b9feb57fd84751789cb1f5ea915ca061895e29949f6d3b60515e served from registryclient.retryManifest{ManifestService:registryclient.manifestServiceVerifier{ManifestService:(*client.manifests)(0xc000cf2e70)}, repo:(*registryclient.retryRepository)(0xc000d00880)}: unauthorized: access to the requested resource is not authorized I0811 15:23:32.410991 13959 workqueue.go:143] about to send work queue error: unable to read image quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b2387eba6081b9feb57fd84751789cb1f5ea915ca061895e29949f6d3b60515e: unauthorized: access to the requested resource is not authorized I0811 15:23:32.411030 13959 workqueue.go:54] worker 0 stopping error: unable to read image quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b2387eba6081b9feb57fd84751789cb1f5ea915ca061895e29949f6d3b60515e: unauthorized: access to the requested resource is not authorized Expected results: Should query auth of ${XDG_RUNTIME_DIR}/containers/auth.json, ${XDG_CONFIG_HOME}/containers/auth.json, ~/.docker/config.json in turn Additional info:
Thanks for the feedback. I have reassessed the logic we have in oc and decided to use the same logic as podman uses. The logic itself is quite complex and is fortunately shared via github.com/containers/image library. Although bear in mind that even podman doesn't fallback to other locations when REGISTRY_AUTH_FILE or --authfile is specified. So the oc is using the same convention.
*** This bug has been marked as a duplicate of bug 1982498 ***