docker - 对于 Harbor Registry,目录列表不适用于 Bearer Token。接收 401 未授权令牌
问题描述
在使用 Bearer 令牌进行目录列表时,我收到 401 未经授权的错误。
Docker 版本:19.03.11
Docker Compose 版本:1.26.0
使用了harbor v2.0.0 在线安装程序。
以下是我所做的。
获取身份验证详细信息:
[root@localhost ~ ] curl -v -k http://<harbor registry server>/v2/
About to connect() to <harbor registry server> port 80 (#0)
Trying **.**.**.**...
Connected to <harbor registry server> (**.**.**.**) port 80 (#0)
GET /v2/ HTTP/1.1
User-Agent: curl/7.29.0
Host: <harbor registry server>
Accept: */*
HTTP/1.1 401 Unauthorized
Server: nginx
Date: Wed, 25 Nov 2020 05:01:54 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 76
Connection: keep-alive
Docker-Distribution-Api-Version: registry/2.0
Set-Cookie: sid=bc1dfc03bfab8e5802ddf950d1048b37; Path=/; HttpOnly
**Www-Authenticate: Bearer realm="http://<harbor registry server>/service/token",service="harbor-registry"**
X-Request-Id: f10c0e6a-4bde-496f-9bd2-897d1d2de0cb
{"errors":[{"code":"UNAUTHORIZED","message":"unauthorized: unauthorized"}]}
请求获取令牌:
curl -k -v -u 'admin:Harbor12345' http://<harbor registry server>/service/token?service=harbor-registry&scope=registry:catalog:*
回复
1] 23529
[root@localhost ~ ] * About to connect() to <harbor registry server> port 80 (#0)
Trying ......
Connected to <harbor registry server> (...) port 80 (#0)
Server auth using Basic with user 'admin'
GET /service/token?service=harbor-registry HTTP/1.1
Authorization: Basic YWRtaW46SGFyYm9yMTIzNDU=
User-Agent: curl/7.29.0
Host: <harbor registry server>
Accept: /
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 23 Nov 2020 08:39:47 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 1122
Connection: keep-alive
Set-Cookie: sid=d52190099e5a2a55de383e3ec4407aad; Path=/; HttpOnly
X-Request-Id: a190671a-6d52-4a90-8022-8762b8843d0f
X-Frame-Options: DENY
Content-Security-Policy: frame-ancestors 'none'
{
"token": "zzzz",
"access_token": "",
"expires_in": 1800,
"issued_at": "2020-11-23T08:39:47Z"
Connection #0 to host <harbor registry server> left intact
现在将 TOKEN 设置为令牌值。
[root@localhost ~ ] TOKEN=zzzz
执行目录列表的命令
[root@localhost ~ ] **curl -v -k -H "Authorization: Bearer $TOKEN" http://<harbor registry server>/v2/_catalog***
About to connect() to <harbor registry server> port 80 (#0)
Trying ......
Connected to <harbor registry server> (...) port 80 (#0)
GET /v2/_catalog HTTP/1.1
User-Agent: curl/7.29.0
Host: <harbor registry server>
Accept: /
Authorization: Bearer zzzz
HTTP/1.1 401 Unauthorized
Server: nginx
Date: Mon, 23 Nov 2020 08:45:52 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 108
Connection: keep-alive
Docker-Distribution-Api-Version: registry/2.0
Set-Cookie: sid=7657dcb0d2bdfd962d25995ec4bb11ed; Path=/; HttpOnly
Www-Authenticate: Basic realm="harbor"
X-Request-Id: db841f81-a1ff-4498-8387-980de1282433
{"errors":[{"**code":"UNAUTHORIZED","message":"unauthorized to list catalog: unauthorized to list catalog**"}]}
任何想法我错过了什么?
解决方案
推荐阅读
- awk - 不改变顺序的连续行
- css - 如何像图像中一样排列 div?
- javascript - 如果 URL 包含字符串,则更改页面加载时的输入值
- python - 在 zsh 终端的 Mac 上的 Python 中,xgboost 安装失败
- python - 使用 pandas read_html 迭代创建数据框
- azure - 使用 DataProtectionProvider 连接到 Azure Key Vault
- r - 为什么这个语句附近会出现select错误?
- ios - 过期处理程序从未调用 beginBackgroundTask(withName:expirationHandler:)
- step - STEP的调试器?
- typescript - 如何使这个通用 TypeScript 函数按预期工作?