Normal Description of problem:
When I try to mirror unreleased operator images from internal registry, it fails with a message "401 Unauthorized: Token is missing the \"aud\" claim".
Version-Release number of selected component (if applicable):
$ oc mirror version
Client Version: version.Info{Major:"", Minor:"", GitVersion:"4.13.0-202305091542.p0.gbee629a.assembly.stream-bee629a", GitCommit:"bee629ab1414e77a5f8455e816655355a7f280af", GitTreeState:"clean", BuildDate:"2023-05-09T16:58:42Z", GoVersion:"go1.19.6", Compiler:"gc", Platform:"linux/amd64"}
How reproducible:
kind: ImageSetConfiguration
apiVersion: mirror.openshift.io/v1alpha2
storageConfig:
registry:
imageURL: example.com/ppitonak/oc-mirror-metadata
skipTLS: false
mirror:
operators:
- catalog: registry-proxy.engineering.redhat.com/rh-osbs/iib:502018
packages:
- name: openshift-pipelines-operator-rh
channels:
- name: latest
Steps to Reproduce:
1. create imageset 2. verify that image exists and you have permissions download it - podman pull registry-proxy.engineering.redhat.com/rh-osbs/iib:502018 3. oc mirror --config=./imageset-config.yaml docker://example.com/ppitonak --skip-cleanup
Actual results:
Checking push permissions for quay.io
Found: oc-mirror-workspace/src/publish
Found: oc-mirror-workspace/src/v2
Found: oc-mirror-workspace/src/charts
Found: oc-mirror-workspace/src/release-signatures
wrote mirroring manifests to oc-mirror-workspace/operators.1685020443/manifests-iib
To upload local images to a registry, run:
oc adm catalog mirror file://rh-osbs/iib:502018 REGISTRY/REPOSITORY
error: GET https://registry-proxy.engineering.redhat.com/v2/rh-osbs/iib/manifests/502018: unexpected status code 401 Unauthorized: {"error": "Token is missing the \"aud\" claim"}
Expected results:
Images are mirrored to the target registry
Additional info:
- is related to
-
CLID-29 As a developer I want to be able to ensure that the v1 flags are respected with functionality in v2 so that I can mirror with the v1 flags used in place
-
- Closed
-
