Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Getting an error when trying to pull from an oci registry unauthenticated #1677

Closed
MxNxPx opened this issue May 5, 2023 · 0 comments · Fixed by #1678
Closed

Getting an error when trying to pull from an oci registry unauthenticated #1677

MxNxPx opened this issue May 5, 2023 · 0 comments · Fixed by #1678
Assignees
@Noxsios
Labels
possible-bug 🐛

Comments

@MxNxPx
Copy link
Contributor

MxNxPx commented May 5, 2023

Environment

Device and OS: Ubuntu & Mac
App version: Zarf v0.26.2
Kubernetes distro being used: N/A
Other:

Steps to reproduce

  1. ensure you are not logged into ghcr.io
# grep ghcr ~/.docker/config.json
  1. try to pull a public oci package with zarf
# zarf package pull oci://ghcr.io/defenseunicorns/packages/big-bang-distro-k3d/big-bang-distro-k3d:0.0.1-amd64 --oci-concurrency=15 -l debug

Expected result

it should pull the package same as the oras cli does:

# oras pull ghcr.io/defenseunicorns/packages/big-bang-distro-k3d/big-bang-distro-k3d:0.0.1-amd64

Actual Result

getting this error:

# zarf package pull oci://ghcr.io/defenseunicorns/packages/big-bang-distro-k3d/big-bang-distro-k3d:0.0.1-amd64 --oci-concurrency=15 -l debug

Using config file /root/mpenv/zarf-package-big-bang/k3d/zarf-config.yaml
  DEBUG   2023-05-05T10:07:12-04:00  -  Log level set to debug

Saving log file to /tmp/zarf-2023-05-05-10-07-12-2976797980.log
  DEBUG   2023-05-05T10:07:12-04:00  -  json: unsupported type: func(context.Context, v1.Descriptor) error ERROR marshalling json
  DEBUG   2023-05-05T10:07:12-04:00  -  packager.New()
  DEBUG   2023-05-05T10:07:12-04:00  -  packager.createPaths()
  DEBUG   2023-05-05T10:07:12-04:00  -  Using temp path: '/tmp/zarf-165361633'
  DEBUG   2023-05-05T10:07:12-04:00  -  packager.handleOciPackage()
  DEBUG   2023-05-05T10:07:12-04:00  -  Pulling ghcr.io/defenseunicorns/packages/big-bang-distro-k3d/big-bang-distro-k3d:0.0.1-amd64
  •  Pulling Zarf package from
       ghcr.io/defenseunicorns/packages/big-bang-distro-k3d/big-bang-distro-k3d:0.0.1-amd64
  DEBUG   2023-05-05T10:07:12-04:00  -  Loading docker config file from default config location: /root/.docker
  DEBUG   2023-05-05T10:07:13-04:00  -  HEAD "https://ghcr.io/v2/defenseunicorns/packages/big-bang-distro-k3d/big-bang-distro-k3d/manifests/0.0.1-amd64": GET "https://ghcr.io/token?scope=repository%3Adefenseunicorns%2Fpackages%2Fbig-bang-distro-k3d%2Fbig-bang-distro-k3d%3Apull%2Cpush&service=ghcr.io": response status code 403: denied: requested access to the resource is denied
     ERROR:  Failed to pull package: HEAD
             "https://ghcr.io/v2/defenseunicorns/packages/big-bang-distro-k3d/big-bang-distro-k3d/manifests/0.0.1-amd64":
             GET
             "https://ghcr.io/token?scope=repository%3Adefenseunicorns%2Fpackages%2Fbig-bang-distro-k3d%2Fbig-bang-distro-k3d%3Apull%2Cpush&service=ghcr.io":
             response status code 403: denied: requested access to the resource is denied
  DEBUG   2023-05-05T10:07:13-04:00  -  goroutine 1 [running]:
          runtime/debug.Stack()
          	/opt/hostedtoolcache/go/1.19.8/x64/src/runtime/debug/stack.go:24 +0x65
          github.com/defenseunicorns/zarf/src/pkg/message.Fatal({0x35f2360?, 0xc0009bae40?}, {0xc00113a780, 0x16b})
          	/home/runner/work/zarf/zarf/src/pkg/message/message.go:150 +0x18a
          github.com/defenseunicorns/zarf/src/pkg/message.Fatalf({0x35f2360, 0xc0009bae40}, {0x3bb5f2f?, 0x0?}, {0xc001527d38?, 0x0?, 0x0?})
          	/home/runner/work/zarf/zarf/src/pkg/message/message.go:157 +0x51
          github.com/defenseunicorns/zarf/src/cmd.glob..func20(0x7532420?, {0xc001003140?, 0x1, 0x4})
          	/home/runner/work/zarf/zarf/src/cmd/package.go:245 +0x195
          github.com/spf13/cobra.(*Command).execute(0x7532420, {0xc001003100, 0x4, 0x4})
          	/home/runner/go/pkg/mod/github.com/spf13/cobra@v1.7.0/command.go:944 +0x847
          github.com/spf13/cobra.(*Command).ExecuteC(0x7533b20)
          	/home/runner/go/pkg/mod/github.com/spf13/cobra@v1.7.0/command.go:1068 +0x3bd
          github.com/spf13/cobra.(*Command).Execute(...)
          	/home/runner/go/pkg/mod/github.com/spf13/cobra@v1.7.0/command.go:992
          github.com/defenseunicorns/zarf/src/cmd.Execute()
          	/home/runner/work/zarf/zarf/src/cmd/root.go:68 +0x25
          main.main()
          	/home/runner/work/zarf/zarf/main.go:23 +0x6f

Visual Proof (screenshots, videos, text, etc)

Severity/Priority

Additional Context
@MxNxPx MxNxPx added the oci label May 5, 2023
@Noxsios Noxsios self-assigned this May 5, 2023
@Noxsios Noxsios linked a pull request May 5, 2023 that will close this issue
1677 getting an error when trying to pull from an oci registry unauthenticated #1678
Merged
5 tasks
This was referenced May 5, 2023
Merged
Closed
Noxsios added a commit that referenced this issue May 5, 2023
@Noxsios
1677 getting an error when trying to pull from an oci registry unauth…
191e6f2 
…enticated (#1678)

## Description

tldr; Current ORAS client will query for scoped access to repo,
regardless if credentials exist, resulting in a credential handshake
attempt for public, non-authenticated resources, resulting in a failure.

> This behavior __must__ be tested in nightly, linking to the nightly
issue

## Related Issue

Fixes #1677 

## Type of change

- [x] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Other (security config, docs update, etc)

## Checklist before merging

- [ ] Test, docs, adr added or updated as needed
- [x] [Contributor Guide
Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow)
followed

---------

Signed-off-by: razzle <harry@razzle.cloud>
@mjnagel mjnagel mentioned this issue Jul 5, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Noxsios Noxsios

Labels
possible-bug 🐛
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

1677 getting an error when trying to pull from an oci registry unauthenticated zarf-dev/zarf
2 participants
@MxNxPx @Noxsios