Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for POST /service/token in readonly mode #18243

Closed
stonezdj opened this issue Feb 19, 2023 · 3 comments · Fixed by #19556
Closed

Add support for POST /service/token in readonly mode #18243

stonezdj opened this issue Feb 19, 2023 · 3 comments · Fixed by #19556
Assignees
@stonezdj
Labels
target/1.10.0 target/2.8.5 target/2.9.2

Comments

@stonezdj
Copy link
Contributor

Usually, docker client sent GET request to /service/token. it seems that some other tools such as finch use POST
When Harbor is in readonly mode, the middleware will ban the POST/PUT method except readonlySkippers but it seems that the /service/token is not in the list, actually the POST method to /service/token is supported.
@stonezdj stonezdj changed the title Add support for POST method when harbor is in readonly mode Add support for POST /service/token when harbor is in readonly mode Feb 19, 2023
@stonezdj stonezdj changed the title Add support for POST /service/token when harbor is in readonly mode Add support for POST /service/token in readonly mode Feb 19, 2023
@github-actions
Copy link

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.

@github-actions github-actions bot added the Stale label Apr 21, 2023
@github-actions
Copy link

This issue was closed because it has been stalled for 30 days with no activity. If this issue is still relevant, please re-open a new issue.

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale May 22, 2023
@stonezdj stonezdj reopened this Oct 11, 2023
@github-actions github-actions bot removed the Stale label Oct 11, 2023
@stonezdj
Copy link
Contributor Author

stonezdj commented Nov 9, 2023

This issue could be reproduced by deploy the image pulling from a read-only instance with secret, the output is

  Normal   Scheduled  23s   default-scheduler  Successfully assigned default/my-dep-74d57f54b5-lgzkr to kind-control-plane
  Normal   Pulling    22s   kubelet            Pulling image "xxxx/library/nginx:latest"
  Warning  Failed     13s   kubelet            Failed to pull image "xxx/library/nginx:latest": rpc error: code = Unknown desc = failed to pull and unpack image "xxxx/library/nginx:latest": failed to resolve reference "xxxx/library/nginx:latest": failed to authorize: failed to fetch oauth token: unexpected status from POST request to https://xxxx/service/token: 403 Forbidden
  Warning  Failed     13s   kubelet            Error: ErrImagePull
  Normal   BackOff    12s   kubelet            Back-off pulling image "xxxx/library/nginx:latest"
  Warning  Failed     12s   kubelet            Error: ImagePullBackOff

stonezdj pushed a commit to stonezdj/harbor that referenced this issue Nov 9, 2023
Allow POST method to request service/token in readonly mode
b5f2b10 
  fixes goharbor#18243

Signed-off-by: stonezdj <[email protected]>
@stonezdj stonezdj mentioned this issue Nov 9, 2023
Merged
5 tasks
@stonezdj stonezdj assigned stonezdj and unassigned wy65701436 Nov 9, 2023
stonezdj pushed a commit to stonezdj/harbor that referenced this issue Nov 10, 2023
Allow POST method to request service/token in readonly mode
e461b87 
  fixes goharbor#18243

Signed-off-by: stonezdj <[email protected]>
stonezdj pushed a commit to stonezdj/harbor that referenced this issue Nov 10, 2023
Allow POST method to request service/token in readonly mode
01b2030 
  fixes goharbor#18243

Signed-off-by: stonezdj <[email protected]>
stonezdj pushed a commit to stonezdj/harbor that referenced this issue Nov 10, 2023
@stonezdj
Allow POST method to request service/token in readonly mode
c5d0f82 
  fixes goharbor#18243

Signed-off-by: stonezdj <[email protected]>
stonezdj added a commit that referenced this issue Nov 10, 2023
@stonezdj
Allow POST method to request service/token in readonly mode (#19556)
3a9d68a 
fixes #18243

Signed-off-by: stonezdj <[email protected]>
stonezdj pushed a commit to stonezdj/harbor that referenced this issue Nov 10, 2023
Allow POST method to request service/token in readonly mode
63fc27f 
  fixes goharbor#18243

Signed-off-by: stonezdj <[email protected]>
stonezdj pushed a commit to stonezdj/harbor that referenced this issue Nov 10, 2023
Allow POST method to request service/token in readonly mode
a8342d3 
  fixes goharbor#18243

Signed-off-by: stonezdj <[email protected]>
This was referenced Nov 10, 2023
Merged
Merged
stonezdj added a commit that referenced this issue Nov 13, 2023
@stonezdj
[cherry-pick] Allow POST method to request service/token in readonly …
d85ebd7 
…mode (#19563)

Allow POST method to request service/token in readonly mode

  fixes #18243

Signed-off-by: stonezdj <[email protected]>
stonezdj added a commit that referenced this issue Nov 13, 2023
@stonezdj
[cherry-pick] Allow POST method to request service/token in readonly …
10286c7 
…mode (#19562)

Allow POST method to request service/token in readonly mode

  fixes #18243

Signed-off-by: stonezdj <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stonezdj stonezdj

Labels
target/1.10.0 target/2.8.5 target/2.9.2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Allow POST method to request service/token in readonly mode stonezdj/harbor
2 participants
@stonezdj @wy65701436