Description of problem:
When I try to mirror unreleased operator images from internal registry, it fails with a message "401 Unauthorized: Token is missing the \"aud\" claim".
Version-Release number of selected component (if applicable):
$ oc mirror version Client Version: version.Info{Major:"", Minor:"", GitVersion:"4.13.0-202305091542.p0.gbee629a.assembly.stream-bee629a", GitCommit:"bee629ab1414e77a5f8455e816655355a7f280af", GitTreeState:"clean", BuildDate:"2023-05-09T16:58:42Z", GoVersion:"go1.19.6", Compiler:"gc", Platform:"linux/amd64"}
How reproducible:
kind: ImageSetConfiguration apiVersion: mirror.openshift.io/v1alpha2 storageConfig: registry: imageURL: example.com/ppitonak/oc-mirror-metadata skipTLS: false mirror: operators: - catalog: registry-proxy.engineering.redhat.com/rh-osbs/iib:502018 packages: - name: openshift-pipelines-operator-rh channels: - name: latest
Steps to Reproduce:
1. create imageset 2. verify that image exists and you have permissions download it - podman pull registry-proxy.engineering.redhat.com/rh-osbs/iib:502018 3. oc mirror --config=./imageset-config.yaml docker://example.com/ppitonak --skip-cleanup
Actual results:
Checking push permissions for quay.io Found: oc-mirror-workspace/src/publish Found: oc-mirror-workspace/src/v2 Found: oc-mirror-workspace/src/charts Found: oc-mirror-workspace/src/release-signatures wrote mirroring manifests to oc-mirror-workspace/operators.1685020443/manifests-iib To upload local images to a registry, run: oc adm catalog mirror file://rh-osbs/iib:502018 REGISTRY/REPOSITORY error: GET https://registry-proxy.engineering.redhat.com/v2/rh-osbs/iib/manifests/502018: unexpected status code 401 Unauthorized: {"error": "Token is missing the \"aud\" claim"}
Expected results:
Images are mirrored to the target registry
Additional info:
- is related to
-
CLID-29 As a developer I want to be able to ensure that the v1 flags are respected with functionality in v2 so that I can mirror with the v1 flags used in place
- Closed