Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-14080

oc mirror: token missing aud claim

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Normal Normal
    • None
    • 4.13.0
    • oc-mirror
    • No
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      When I try to mirror unreleased operator images from internal registry, it fails with a message "401 Unauthorized: Token is missing the \"aud\" claim".
      

      Version-Release number of selected component (if applicable):

      $ oc mirror version
      Client Version: version.Info{Major:"", Minor:"", GitVersion:"4.13.0-202305091542.p0.gbee629a.assembly.stream-bee629a", GitCommit:"bee629ab1414e77a5f8455e816655355a7f280af", GitTreeState:"clean", BuildDate:"2023-05-09T16:58:42Z", GoVersion:"go1.19.6", Compiler:"gc", Platform:"linux/amd64"}
      

      How reproducible:

      kind: ImageSetConfiguration
      apiVersion: mirror.openshift.io/v1alpha2
      storageConfig:
        registry:
          imageURL: example.com/ppitonak/oc-mirror-metadata
          skipTLS: false
      mirror:
        operators:
        - catalog: registry-proxy.engineering.redhat.com/rh-osbs/iib:502018
          packages:
          - name: openshift-pipelines-operator-rh
            channels:
            - name: latest
      

      Steps to Reproduce:

      1. create imageset
      2. verify that image exists and you have permissions download it - podman pull registry-proxy.engineering.redhat.com/rh-osbs/iib:502018
      3. oc mirror --config=./imageset-config.yaml docker://example.com/ppitonak --skip-cleanup
      

      Actual results:

      Checking push permissions for quay.io
      Found: oc-mirror-workspace/src/publish
      Found: oc-mirror-workspace/src/v2
      Found: oc-mirror-workspace/src/charts
      Found: oc-mirror-workspace/src/release-signatures
      wrote mirroring manifests to oc-mirror-workspace/operators.1685020443/manifests-iib
      
      To upload local images to a registry, run:
      
              oc adm catalog mirror file://rh-osbs/iib:502018 REGISTRY/REPOSITORY
      error: GET https://registry-proxy.engineering.redhat.com/v2/rh-osbs/iib/manifests/502018: unexpected status code 401 Unauthorized: {"error": "Token is missing the \"aud\" claim"}
      

      Expected results:

      Images are mirrored to the target registry
      

      Additional info:

      
      

              luzuccar@redhat.com Luigi Mario Zuccarelli
              ppitonak Pavol Pitoňák
              ying zhou ying zhou
              Pavol Pitoňák
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: