fix: fallback to unauthenticated pull (#1774)

* fix: fallback to unauthenticated pull * move logger def * fixup * add import * . --------- Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2023-05-03 18:44:26 +02:00 · 2023-05-03 18:44:26 +02:00 · aa21277380
commit aa21277380
parent 4721abfa6d
1 changed files with 10 additions and 1 deletions
--- a/pkg/container/docker_pull.go
+++ b/pkg/container/docker_pull.go
@ -7,6 +7,7 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
+	"strings"

 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
@ -59,6 +60,13 @@ func NewDockerPullExecutor(input NewDockerPullExecutorInput) common.Executor {

 		_ = logDockerResponse(logger, reader, err != nil)
 		if err != nil {
+			if imagePullOptions.RegistryAuth != "" && strings.Contains(err.Error(), "unauthorized") {
+				logger.Errorf("pulling image '%v' (%s) failed with credentials %s retrying without them, please check for stale docker config files", imageRef, input.Platform, err.Error())
+				imagePullOptions.RegistryAuth = ""
+				reader, err = cli.ImagePull(ctx, imageRef, imagePullOptions)
+
+				_ = logDockerResponse(logger, reader, err != nil)
+			}
 			return err
 		}
 		return nil
@ -69,9 +77,9 @@ func getImagePullOptions(ctx context.Context, input NewDockerPullExecutorInput)
 	imagePullOptions := types.ImagePullOptions{
 		Platform: input.Platform,
 	}
+	logger := common.Logger(ctx)

 	if input.Username != "" && input.Password != "" {
-		logger := common.Logger(ctx)
 		logger.Debugf("using authentication for docker pull")

 		authConfig := types.AuthConfig{
@ -93,6 +101,7 @@ func getImagePullOptions(ctx context.Context, input NewDockerPullExecutorInput)
 		if authConfig.Username == "" && authConfig.Password == "" {
 			return imagePullOptions, nil
 		}
+		logger.Info("using DockerAuthConfig authentication for docker pull")

 		encodedJSON, err := json.Marshal(authConfig)
 		if err != nil {