Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Critical
Fix Version/s: None
Affects Version/s: 4.14.0
Component/s: oc / oc-mirror
Labels:

Regression:
No
Sprint:
CLID Sprint 246, CLID Sprint 247, CLID Sprint 248
sprint_count:
3
Blocked:
False
Blocked Reason:

Hide

None

Show
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:
PX Priority Data:

Description of problem:

When executing the oc mirror command with an image that does not exist in the mirror registry specified in the additionalImages of ImageSetConfiguration, the output is 401 Unauthorized.

This implies insufficient authentication credentials, yet the error is displayed even when the credentials are correctly configured. 
This mismatch between the error message and the actual cause hinders users from identifying the root of the issue effectively.

Shouldn't the appropriate error output be 404 Not Found when the specified image in additionalImages of ImageSetConfiguration does not exist in the mirror registry? If this is the case, a program correction would be highly appreciated.

Version-Release number of selected component (if applicable):

4.14.0

How reproducible:

Steps to Reproduce:

1.prepare ImageSetConfiguration like below:

$ cat imageset-config.yaml
kind: ImageSetConfiguration
apiVersion: mirror.openshift.io/v1alpha2
storageConfig:
  local:
    path: /home/mirror/local/meta-data
mirror:
  additionalImages:
  - name: registry.redhat.io/odf4/ocs-must-gather-rhel9:v4.13


2. confirm oc & oc mirror version

$ oc version --client
 oc version --client
Client Version: 4.14.1
Kustomize Version: v5.0.1

$ oc mirror version
Logging to .oc-mirror.log
WARNING: This version information is deprecated and will be replaced with the output from --short. Use --output=yaml|json to get the full version.
Client Version: version.Info{Major:"", Minor:"", GitVersion:"4.14.0-202310201027.p0.g68cf97e.assembly.stream-68cf97e", GitCommit:"68cf97ec715ad2d78fb2bac411a118709c191719", GitTreeState:"clean", BuildDate:"2023-10-20T23:48:14Z", GoVersion:"go1.20.10 X:strictfipsruntime", Compiler:"gc", Platform:"linux/amd64"}


3.execute oc mirror using imageset-config.yaml to local storage

$ oc mirror --config=./imageset-config.yaml file://mirror 
Logging to .oc-mirror.log
Creating directory: mirror/oc-mirror-workspace/src/publish
Creating directory: mirror/oc-mirror-workspace/src/v2
Creating directory: mirror/oc-mirror-workspace/src/charts
Creating directory: mirror/oc-mirror-workspace/src/release-signatures
No metadata detected, creating new workspace
error: pulling from host registry.redhat.io failed with status code [manifests v4.13]: 401 Unauthorized

Actual results:

401 Unauthorized

Expected results:

404 Not Found

Additional info:

$ oc mirror --config=./imageset-config.yaml file://mirror -v 9
Logging to .oc-mirror.log
Creating directory: mirror/oc-mirror-workspace/src/publish
Creating directory: mirror/oc-mirror-workspace/src/v2
Creating directory: mirror/oc-mirror-workspace/src/charts
Creating directory: mirror/oc-mirror-workspace/src/release-signatures
Using local backend at location /home/mmatsuta/OpenShift/mirror/local/meta-data1000
looking for metadata file at "publish/.metadata.json"
No metadata detected, creating new workspace
level=debug msg=resolving host=registry.redhat.io
level=debug msg=do request host=registry.redhat.io request.header.accept=application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, */* request.header.user-agent=opm/alpha request.method=HEAD url=https://registry.redhat.io/v2/odf4/ocs-must-gather-rhel9/manifests/v4.13
level=debug msg=fetch response received host=registry.redhat.io response.header.cache-control=max-age=0, no-cache, no-store response.header.connection=keep-alive response.header.content-length=99 response.header.content-type=application/json response.header.date=Mon, 13 Nov 2023 06:40:56 GMT response.header.docker-distribution-api-version=registry/2.0 response.header.expires=Mon, 13 Nov 2023 06:40:56 GMT response.header.pragma=no-cache response.header.registry-proxy-request-id=1cc16a0c-80dc-42f6-b2f5-1590b5a1cdf4 response.header.www-authenticate=Bearer realm="https://registry.redhat.io/auth/realms/rhcc/protocol/redhat-docker-v2/auth",service="docker-registry",scope="repository:odf4/ocs-must-gather-rhel9:pull" response.status=401 Unauthorized url=https://registry.redhat.io/v2/odf4/ocs-must-gather-rhel9/manifests/v4.13
level=debug msg=Unauthorized header=Bearer realm="https://registry.redhat.io/auth/realms/rhcc/protocol/redhat-docker-v2/auth",service="docker-registry",scope="repository:odf4/ocs-must-gather-rhel9:pull" host=registry.redhat.io
level=debug msg=do request host=registry.redhat.io request.header.accept=application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, */* request.header.user-agent=opm/alpha request.method=HEAD url=https://registry.redhat.io/v2/odf4/ocs-must-gather-rhel9/manifests/v4.13
level=debug msg=fetch response received host=registry.redhat.io response.header.cache-control=max-age=0, no-cache, no-store response.header.connection=keep-alive response.header.content-length=112 response.header.content-type=application/json response.header.date=Mon, 13 Nov 2023 06:40:56 GMT response.header.docker-distribution-api-version=registry/2.0 response.header.expires=Mon, 13 Nov 2023 06:40:56 GMT response.header.pragma=no-cache response.header.server=nginx/1.20.1 response.header.www-authenticate=Bearer realm="https://quay.io/v2/auth",service="quay.io",scope="repository:redhat-prod/odf4----ocs-must-gather-rhel9:pull" response.status=401 Unauthorized url=https://registry.redhat.io/v2/odf4/ocs-must-gather-rhel9/manifests/v4.13
level=debug msg=Unauthorized header=Bearer realm="https://quay.io/v2/auth",service="quay.io",scope="repository:redhat-prod/odf4----ocs-must-gather-rhel9:pull" host=registry.redhat.io
level=debug msg=do request host=registry.redhat.io request.header.accept=application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, */* request.header.user-agent=opm/alpha request.method=HEAD url=https://registry.redhat.io/v2/odf4/ocs-must-gather-rhel9/manifests/v4.13
level=debug msg=fetch response received host=registry.redhat.io response.header.cache-control=max-age=0, no-cache, no-store response.header.connection=keep-alive response.header.content-length=112 response.header.content-type=application/json response.header.date=Mon, 13 Nov 2023 06:40:57 GMT response.header.docker-distribution-api-version=registry/2.0 response.header.expires=Mon, 13 Nov 2023 06:40:57 GMT response.header.pragma=no-cache response.header.server=nginx/1.20.1 response.header.www-authenticate=Bearer realm="https://quay.io/v2/auth",service="quay.io",scope="repository:redhat-prod/odf4----ocs-must-gather-rhel9:pull" response.status=401 Unauthorized url=https://registry.redhat.io/v2/odf4/ocs-must-gather-rhel9/manifests/v4.13
level=debug msg=Unauthorized header=Bearer realm="https://quay.io/v2/auth",service="quay.io",scope="repository:redhat-prod/odf4----ocs-must-gather-rhel9:pull" host=registry.redhat.io
level=debug msg=do request host=registry.redhat.io request.header.accept=application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, */* request.header.user-agent=opm/alpha request.method=HEAD url=https://registry.redhat.io/v2/odf4/ocs-must-gather-rhel9/manifests/v4.13
level=debug msg=fetch response received host=registry.redhat.io response.header.cache-control=max-age=0, no-cache, no-store response.header.connection=keep-alive response.header.content-length=112 response.header.content-type=application/json response.header.date=Mon, 13 Nov 2023 06:40:57 GMT response.header.docker-distribution-api-version=registry/2.0 response.header.expires=Mon, 13 Nov 2023 06:40:57 GMT response.header.pragma=no-cache response.header.server=nginx/1.20.1 response.header.www-authenticate=Bearer realm="https://quay.io/v2/auth",service="quay.io",scope="repository:redhat-prod/odf4----ocs-must-gather-rhel9:pull" response.status=401 Unauthorized url=https://registry.redhat.io/v2/odf4/ocs-must-gather-rhel9/manifests/v4.13
level=debug msg=Unauthorized header=Bearer realm="https://quay.io/v2/auth",service="quay.io",scope="repository:redhat-prod/odf4----ocs-must-gather-rhel9:pull" host=registry.redhat.io
level=debug msg=do request host=registry.redhat.io request.header.accept=application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, */* request.header.user-agent=opm/alpha request.method=HEAD url=https://registry.redhat.io/v2/odf4/ocs-must-gather-rhel9/manifests/v4.13
level=debug msg=fetch response received host=registry.redhat.io response.header.cache-control=max-age=0, no-cache, no-store response.header.connection=keep-alive response.header.content-length=112 response.header.content-type=application/json response.header.date=Mon, 13 Nov 2023 06:40:57 GMT response.header.docker-distribution-api-version=registry/2.0 response.header.expires=Mon, 13 Nov 2023 06:40:57 GMT response.header.pragma=no-cache response.header.server=nginx/1.20.1 response.header.www-authenticate=Bearer realm="https://quay.io/v2/auth",service="quay.io",scope="repository:redhat-prod/odf4----ocs-must-gather-rhel9:pull" response.status=401 Unauthorized url=https://registry.redhat.io/v2/odf4/ocs-must-gather-rhel9/manifests/v4.13
level=debug msg=Unauthorized header=Bearer realm="https://quay.io/v2/auth",service="quay.io",scope="repository:redhat-prod/odf4----ocs-must-gather-rhel9:pull" host=registry.redhat.io
level=debug msg=do request host=registry.redhat.io request.header.accept=application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, */* request.header.user-agent=opm/alpha request.method=HEAD url=https://registry.redhat.io/v2/odf4/ocs-must-gather-rhel9/manifests/v4.13
level=debug msg=fetch response received host=registry.redhat.io response.header.cache-control=max-age=0, no-cache, no-store response.header.connection=keep-alive response.header.content-length=112 response.header.content-type=application/json response.header.date=Mon, 13 Nov 2023 06:40:57 GMT response.header.docker-distribution-api-version=registry/2.0 response.header.expires=Mon, 13 Nov 2023 06:40:57 GMT response.header.pragma=no-cache response.header.server=nginx/1.20.1 response.header.www-authenticate=Bearer realm="https://quay.io/v2/auth",service="quay.io",scope="repository:redhat-prod/odf4----ocs-must-gather-rhel9:pull" response.status=401 Unauthorized url=https://registry.redhat.io/v2/odf4/ocs-must-gather-rhel9/manifests/v4.13
error: pulling from host registry.redhat.io failed with status code [manifests v4.13]: 401 Unauthorized

Assignee:: Luigi Mario Zuccarelli

Reporter:: Masafumi Matsuta

QA Contact:: ying zhou

Need Info From:: Masafumi Matsuta (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2023/11/13 7:07 AM

Updated:: 2024/05/11 6:16 AM

Details

Description

Attachments

Activity

People

Dates

Hide