Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Allow authorization also against insecure registries (at least for testing)
See original GitHub issueDescription of the issue: Currently if registry offers only insecure access, there’s no way to authenticate against it (https://github.com/GoogleContainerTools/jib/blob/master/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryEndpointCaller.java#L165). It would be good for testing to be able to authenticate over http (partly because of #543).
Expected behavior: Parameter where user acknowledges that it’s very bad idea to send credentials over http, but still allowing that.
Steps to reproduce: Create local registry with authentication and without TLS.
Environment: Apache Maven 3.5.0 (ff8f5e7444045639af65f6095c62210b5713f426; 2017-04-03T22:39:06+03:00) Java version: 1.8.0_131, vendor: Oracle Corporation Default locale: en_US, platform encoding: Cp1252 OS name: “windows 7”, version: “6.1”, arch: “amd64”, family: “windows” jib-plugin version: 0.9.6
jib-maven-plugin Configuration:
<plugin>
<groupId>com.google.cloud.tools</groupId>
<artifactId>jib-maven-plugin</artifactId>
<version>${jib.version}</version>
<configuration>
<from>
<image>${jib.fromImage}</image>
</from>
<to>
<image>${jib.toImage}</image>
</to>
<container>
<ports>
<port>${jib.applicationPort}</port>
</ports>
</container>
<allowInsecureRegistries>${jib.allowInsecureRegistries}</allowInsecureRegistries>
</configuration>
<executions>
<execution>
<phase>compile</phase>
<goals>
<goal>build</goal>
</goals>
</execution>
</executions>
</plugin>
Log output: Without allowInsecureRegitstries:
[ERROR] Failed to execute goal com.google.cloud.tools:jib-maven-plugin:0.9.6:build (default) on project jib-demo-project: Build image failed, perhaps you should use a registry that supports HTTPS or set the configuration parameter 'allowInsecureRegistries': Only secure connections are allowed, but tried to reach URL http://artifactory/project/baseImage/manifests/latest -> [Help 1]
With allowInsecureRegitstries:
[ERROR] Failed to execute goal com.google.cloud.tools:jib-maven-plugin:0.9.6:build (default) on project jib-demo-project: Build image failed, perhaps you should make sure your credentials for 'artifactory' are set up correctly: Unauthorized for http://artifactory/project/baseImage: 401 Unauthorized
[ERROR] {"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":null}]}
Additional Information: If this is not possible, at least error message should state that authentication (username+password) was not even used, because connection was made with http instead of https.
Issue Analytics
- State:
- Created 5 years ago
- Comments:12 (9 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
0.9.8 seems have fixed this, so now authentication is sent to both directions correctly.
It seems worth having a discussion to sort out things around HTTP, HTTPS, and
allowInsecureRegistries. For example about the behavior ofallowInsecureRegistries,curl --insecuredoes. For example, if a port is explicitly given likelocalhost:5000that accepts HTTPS, the 5000 port won’t accept HTTP at all.sendCredentialsOverHttpmight make things more confusing when combined with the current behavior ofallowInsecureRegistries.