Home > OS >  Docker private registry insufficient_scope when trying to delete image
Docker private registry insufficient_scope when trying to delete image

Time:10-20

I'm trying to delete an image tag from my private docker registry mydockerregistry.com within a bash script. Authentication is done through registry web mydockerregistry.com:8080, so I get the token first using

TOKEN=`curl -s \
    -H "Content-Type: application/json" --user myuser:mypassword \
    "http://mydockerregistry.com:8080/api/auth?service=mydockerregistry.com&scope=repository:my-repo/:*" \
    | jq -r .token`

WIth this token I can browse the registry, get the tag I want to delete, etc. Using the tag number I get the digest using

DIGEST=`curl -vk \
    -H "Authorization:Bearer $TOKEN" \
    -H "Accept:application/vnd.docker.distribution.manifest.v2 json" \
    https://mydockerregistry.com/v2/my-repo/manifests/latest 2>&1 \
    |grep "< Docker-Content-Digest:" |awk '{print $3}'`

But then, when I run

curl \
  -H "Authorization:Bearer $TOKEN" \
  -H "Accept:application/vnd.docker.distribution.manifest.v2 json" \
  -X DELETE \
  https://mydockerregistry.com/v2/my-repo/manifests/$DIGEST

I get the error:

< HTTP/1.1 401 Unauthorized
< Content-Type: application/json; charset=utf-8
< Docker-Distribution-Api-Version: registry/2.0
< Www-Authenticate: Bearer realm="mydockerregistry.com:8080/api/auth",service="mydockerregistry.com",scope="repository:my-repo:*",error="insufficient_scope"
< X-Content-Type-Options: nosniff
< Date: Mon, 18 Oct 2021 21:29:00 GMT
< Content-Length: 160
< 
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"repository","Class":"","Name":"my-repo","Action":"*"}]}]}
* Connection #0 to host mydockerregistry.com left intact

I tried changing scope to pull; pull,push, but I always get the 401 still doing exactly what Www-Authenticate header says.

What am I missing?

CodePudding user response:

Assuming that authentication is not the real issue (you can probably push and pull on that registry), did you enable deletes which are disabled by default?

https://docs.docker.com/registry/configuration/#delete

Also note that once you delete manifests, the filesystem layers are still part of the registry, so your disk space consumption will not go down unless you run garbage collection.

https://docs.docker.com/registry/garbage-collection/

CodePudding user response:

You may be missing spaces after the colons on your headers (not sure if curl would automatically fix that), and there's no Accept header needed for the DELETE api:

curl \
  -H "Authorization: Bearer $TOKEN" \
  -X DELETE \
  https://mydockerregistry.com/v2/my-repo/manifests/$DIGEST

Beyond that, double check the value of the token and digest in the command you're running, and then check the logs on the registry server.

Page link:https//www.codepudding.com/os/158620.html

Prev:Jenkins docker image digest on Docker Hub does not match the local image
Next:How to continuously copy files into docker
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding