Support sending registry auth

[byrnedo]

I run cron in a container. The cron would run Jaas. In order for the jaas service to pull a private image we'd need to send the registry login via jaas.

Expected Behavior

Accepts registry auth as cli option and allows use of private images

Current Behavior

Can't use private image if run via docker

[alexellis]

Thanks for taking an interest in my JaaS project, you might also like Functions as a Service which is much more complete for running ad-hoc functions on Docker Swarm.

So regarding JaaS - since you can't login interactively through cron, you would need to provide the encoded registry token to the CLI. Here's an example for a new flag I can add -registryAuth:

$ echo admin:admin | base64
YWRtaW46YWRtaW4K
$ jaas -registryAuth=YWRtaW46YWRtaW4K -etc -etc

Does that work for you?

[byrnedo]

Your Faas project looks really interesting, I'll have to set aside some time to read through the setup!

That sounds good if it's that simple. I had a look at the docker client, I guess it's maybe a customer header when you make the client?

[alexellis]

So do you have a password protecting pulls or just push? Is this registry:2 or the Docker Hub you mean by "private"?

[byrnedo]

registry:2 self-hosted, protecting both.

[alexellis]

It'll be something more like this then via docs:

$ jaas -image=myregistrydomain.com:5000/pinger -rm -showlogs=true --registryAuth=$(echo '{"username": "admin", "password": "admin"}'|base64)

You may just want to store the result of $(echo '{"username": "admin", "password": "admin"}'|base64 into a file.

Try pulling from master and re-building.

[byrnedo]

Alternately one could mount in the $HOME/.docker dir if the client automatically reads that like the cli tool does?

…

On 4 August 2017 at 15:51, Alex Ellis ***@***.***> wrote: It'll be something more like this then via docs <https://docs.docker.com/registry/deploying/#more-advanced-authentication> : $ jaas -image=myregistrydomain.com:5000/pinger -rm -showlogs=true --registryAuth=$(echo '{"username": "admin", "password": "admin"}'|base64) You may just want to store the result of $(echo '{"username": "admin", "password": "admin"}'|base64 into a file. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#9 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AFRbqwlRGR3p7MQx53-O2Q8-3rgaBptzks5sUyHegaJpZM4OtqTK> .

[byrnedo]

Actually, I think it's just a header with user:pass, basic auth. My local .docker/config.json has the following for instance:

{
	"auths": {
		"https://index.docker.io/v1/": {
			"auth": "DUMMYBASE64="
		},
		"registry.acme.se": {
			"auth": "DUMMYBASE64="
		}
	}
}

Where registry.acme.se is v2.

EDIT: Ah ok, I see that one can actually login with v2 api: https://success.docker.com/Cloud/Solve/How_do_I_authenticate_with_the_V2_API%3F

[alexellis]

There is the additional flag in the CLI now -registryAuth=. If you want to parse your file with jq and pass it to the CLI that's fine, it would also work. MacOS doesn't use this file anymore but the keychain.

Let me know how you get on with the fix. I'll close the issue for now since there is a way to do this.

[byrnedo]

Thanks very much, @alexellis!