Unauthorized push is not detected
See original GitHub issueIssue description
If no credentials have been provided during a push
operation on a secured registry (like the official docker repository), docker-py call is successful (no docker.errors.APIError
is thrown) but the error is reported in output messages.
Environment
This issue has been detected on Ubuntu 17.04 with the latest version of docker-py.
docker==2.5.1
docker-pycreds==0.2.1
Python 3.6.2 :: Anaconda, Inc.
Client:
Version: 1.12.6
API version: 1.24
Go version: go1.7.4
Git commit: 78d1802
Built: Tue Mar 14 09:47:15 2017
OS/Arch: linux/amd64
Server:
Version: 1.12.6
API version: 1.24
Go version: go1.7.4
Git commit: 78d1802
Built: Tue Mar 14 09:47:15 2017
OS/Arch: linux/amd64
Code snippet
import docker
cli = docker.from_env(version='auto')
res = cli.images.push('centos') # No error thrown here...
print(res)
# {"status":"The push refers to a repository [docker.io/library/centos]"}
# {"status":"Preparing","progressDetail":{},"id":"cf516324493c"}
# {"errorDetail":{"message":"unauthorized: authentication required"},"error":"unauthorized: authentication required"}
Issue Analytics
- State:
- Created 6 years ago
- Reactions:11
- Comments:6 (2 by maintainers)
Top Results From Across the Web
Can't git push to Bitbucket: Unauthorized - fatal: Could not ...
I can't push to Bitbucket and this is the error message: > git push origin master:master. Unauthorized fatal: Could not read from remote ......
Read more >unauthorized: access to the requested resource is not ...
Unable to push or pull container images after successful login to Quay Enterprise or Quay.io and encounter following error message:.
Read more >Solved: Unable to push - Atlassian Community
When I try to push through eclipse I'm getting authentication error. Can't connect to any repository: https://bitbucket.org/ (: not authorized).
Read more >Cannot push docker images. 401 unauthorized - Google Groups
It looks like you're trying to push to a group repository. That won't work because group repositories only allow pulls. You'll need to...
Read more >Pulling and Pushing Images in the Docker Client - Harbor docs
If Harbor is configured for HTTP, you must configure your Docker client so that it can connect to insecure registries. In your Docker...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Well, I’ll try to convince you then 😃
docker-cli
. If a docker push fails due to unauthorized access, the command line returns an error exit code (1). It’s therefore safer to use pythonsubprocess.check_call(['docker', 'push', 'centos'])
thandocker-py
API.docker-py
, it’s the job of the caller. But in the future Docker Engine responses can change, who knows… Callers shall in consequence be sure to support all Docker Engine versions. I thought it was the goal ofdocker-py
to solve this kind of problems.For your information, this error is extracted from the JSON message by the HTTP client of docker-cli:
docker/cli
/cli/command/plugin/push.go
:moby/moby
/client/request.go
:I think it might be a good improvement to implement this in
docker-py
.As you said, there is no guarantee
What about unsecured registries? Does it work?
It should work, but it is overkill in my point of view.
If you are off-line with a private registry, this operation fails.
Why not implement the same behaviour as
docker-cli
? We have to parse the response message, detect if an error message has been given by the API and raise it if necessary (and we have to do it for every REST requests, not only the push of an image). Something like:It’s simple and shall cover all cases,and one more time, it is the actual
docker-cli
behaviour, so it’s not an ugly fix 😉