Steps to reproduce
- Authenticate to third party registries via the mechanism they recommend, i.e.:
# Amazon AWS Elastic Container Registry:
aws ecr get-login-password --region $region | docker login --username AWS --password-stdin $registryName
# Microsoft Azure Container Registry:
az acr login --name $registryName
# Google Cloud Container Registry
gcloud auth configure-docker
# GitHub Container Registry
echo $personalToken | docker login ghcr.io -u USERNAME --password-stdin
- Use either the Docker Go SDK or the credential helper CLI to output credential info
In Go:
func getCredentials() (map[string]clitypes.AuthConfig, error) {
creds, err := config.Load(config.Dir())
if err != nil {
return nil, err
}
creds.CredentialsStore = credentials.DetectDefaultStore(creds.CredentialsStore)
auths, err := creds.GetAllCredentials()
if err != nil {
return nil, err
}
return auths, nil
}Via CLI:
docker-credential-desktop list
- Attempt to push an image by looking up the auth configuration in the map:
pushAuthConfig = authConfigs[registryServer]
authConfigBytes, err := json.Marshal(pushAuthConfig)
if err != nil {
return "", nil, fmt.Errorf("error parsing authConfig: %v", err)
}
authConfigEncoded := base64.URLEncoding.EncodeToString(authConfigBytes)
pushOpts := types.ImagePushOptions{RegistryAuth: authConfigEncoded}
pushOutput, err := docker.ImagePush(ctx, img.Name, pushOpts)Expected behavior
Auth configuration entries should be consistent across platforms, the push succeeds if the authentication is valid and present.
Actual behavior
On some platforms, all auth entries are prefixed with a scheme (https://), on others, only the legacy Docker registry server configuration is.
# macOS:
map[string]types.AuthConfig{
"https://[redacted].dkr.ecr.us-west-2.amazonaws.com": ...
"https://ghcr.io/": ...
"https://index.docker.io/v1/": ...
"https://registry-1.docker.io/": ...
"https://[redacted].azurecr.io": ...
})
# Linux and Windows:
map[string]types.AuthConfig{
"[redacted].dkr.ecr.us-west-2.amazonaws.com": ...
"ghcr.io": ...
"https://index.docker.io/v1/": ...
"registry-1.docker.io": ...
"[redacted].azurecr.io": ...
})
Steps to reproduce
In Go:
Via CLI:
Expected behavior
Auth configuration entries should be consistent across platforms, the push succeeds if the authentication is valid and present.
Actual behavior
On some platforms, all auth entries are prefixed with a scheme (
https://), on others, only the legacy Docker registry server configuration is.