Details
-
Bug
-
Resolution: Done
-
Minor
-
None
-
False
-
False
-
Undefined
-
0
Description
I deployed the upstream version of the quay operator using the direcions on the github page. All of the pods come up. I can log into the quay web interface and create a repository. When I try to podman login to the registry from a cluster external node I get
```
unicorn-registry stdout | 2020-11-11 22:50:42,160 [360] [ERROR] [auth.registry_jwt_auth] Invalid bearer token: Unknown service key
gunicorn-registry stdout | Traceback (most recent call last):
gunicorn-registry stdout | File "/quay-registry/auth/registry_jwt_auth.py", line 91, in identity_from_bearer_token
gunicorn-registry stdout | payload = decode_bearer_header(bearer_header, instance_keys, app.config)
gunicorn-registry stdout | File "/quay-registry/util/security/registry_jwt.py", line 54, in decode_bearer_header
gunicorn-registry stdout | return decode_bearer_token(encoded_jwt, instance_keys, config)
gunicorn-registry stdout | File "/quay-registry/util/security/registry_jwt.py", line 70, in wrapper
gunicorn-registry stdout | raise e
gunicorn-registry stdout | File "/quay-registry/util/security/registry_jwt.py", line 67, in wrapper
gunicorn-registry stdout | rv = func(*args, **kwargs)
gunicorn-registry stdout | File "/quay-registry/util/security/registry_jwt.py", line 105, in decode_bearer_token
gunicorn-registry stdout | raise InvalidBearerTokenException("Unknown service key")
gunicorn-registry stdout | util.security.registry_jwt.InvalidBearerTokenException: Unknown service key
gunicorn-registry stdout | 2020-11-11 22:50:42,162 [360] [ERROR] [util.http] Error 401: Unknown service key; Arguments: {'url': 'https://fipsmode-quay-quay-enterprise.apps.dan.danclark.io/v2/', 'status_code': 401, 'message': 'Unknown service key'}
```
After the above error, the podman login reports invalid username/password
I also installed the same version of the operator on a non-FIPS enabled cluster and podman login works successfully.