Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Compose build doesn't respect credential helpers #5854

Closed
laszlocph opened this issue Apr 6, 2018 · 13 comments
Closed

Compose build doesn't respect credential helpers #5854

laszlocph opened this issue Apr 6, 2018 · 13 comments
Labels
area/build kind/bug status/0-triage

Comments

@laszlocph
Copy link

laszlocph commented Apr 6, 2018
edited
Loading

When I'm running docker-compose build it's not able to pull private base images.

WHAT I EXPERIENCE
I use docker-credential-gcr and my ~/.docker/config.json is correctly set up.

  • I'm able to do docker pull myprivaterepo/myimage
  • I'm able to do docker-compose pull if the image is used as a service image
  • I'm not able to do docker-compose build as the private base image cannot be pulled.

ERROR: Service 'hello' failed to build: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication

WHAT I EXPECT
Since I'm able to pull the image with docker pull, Compose should be able to pull too even in a build phase.

REPRO CASE

Dockerfile

From myprivaterepo/myimage

docker-compose.yml

version: '3.2'

services:
  hello:
    build: &build
      context: .

ENV

cat ~/.docker/config.json 
{
        "auths": {},
        "credHelpers": {
                "asia.gcr.io": "gcr",
                "eu.gcr.io": "gcr",
                "gcr.io": "gcr",
                "staging-k8s.gcr.io": "gcr",
                "us.gcr.io": "gcr"
        }
}

$ docker --version
Docker version 18.03.0-ce, build 0520e24
$ docker-compose --version
docker-compose version 1.20.1, build 5d8c71b
@shin-
Copy link

shin- commented Apr 9, 2018

does using the CLI (docker build) to build that same image work? You mention that pull works in both cases, but I'm curious to know whether the build behavior is different or not.

@laszlocph
Copy link
Author

Yes it works. Starts by pulling the image.

@shin-
Copy link

shin- commented Apr 25, 2018

@laszlocph Was this on Windows by any chance?

@laszlocph
Copy link
Author

Ubuntu 17.10 :(

@hiddeco
Copy link

hiddeco commented May 31, 2018

Same issue here.

❯ uname -a                                                                                                                  
Linux 4.14.44-1-MANJARO #1 SMP PREEMPT Fri May 25 18:35:59 UTC 2018 x86_64 GNU/Linux

❯ docker -v        
Docker version 18.05.0-ce, build f150324782

❯ docker-compose -v
docker-compose version 1.21.2, build unknown

@mklinke
Copy link

mklinke commented Oct 8, 2018

Possibly related: #5950

@lmapii
Copy link

lmapii commented Nov 27, 2018

same here on macos

> uname -a
Darwin talentix.local 18.0.0 Darwin Kernel Version 18.0.0: Wed Aug 22 20:13:40 PDT 2018; root:xnu-4903.201.2~1/RELEASE_X86_64 x86_64

> docker -v
Docker version 18.06.1-ce, build e68fc7a

> docker-compose -v
docker-compose version 1.23.1, build b02f130

and linux

> uname -a
Linux 123-test 4.18.0-11-generic #12-Ubuntu SMP Tue Oct 23 19:22:37 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

> docker -v
Docker version 18.06.1-ce, build e68fc7a

> docker-compose -v
docker-compose version 1.21.0, build unknown

build passes if all images are retrieved using docker pull docker-compose build

rnorth pushed a commit to testcontainers/testcontainers-java that referenced this issue Sep 9, 2019
Upgrade docker-compose image to latest version and perform direct ima…
e55080c 
…ge pull

Together with using Compose file 2.1 syntax, this is a solution to network cleanup issue described in:
 * #1767
 * #739
 * testcontainers/moby-ryuk#2
 * docker/compose#6636

Solution to general credential helper authenticated pull issues in:
 * docker/compose#5854

Tangentially should add support for v3 syntax (not yet tested) re #531
@rnorth rnorth mentioned this issue Sep 9, 2019
Merged
@stale
Copy link

stale bot commented Oct 9, 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Oct 9, 2019
@laszlocph
Copy link
Author

Satisfying the stale bot with this comment. The above linked PR has promising work aiming to solve this.

@stale
Copy link

stale bot commented Oct 10, 2019

This issue has been automatically marked as not stale anymore due to the recent activity.

@stale stale bot removed the stale label Oct 10, 2019
@glours
Copy link
Contributor

glours commented Oct 10, 2019

Can't reproduce your issue with the last version of compose

> docker-compose version
docker-compose version 1.24.1, build 4667896
docker-py version: 3.7.3
CPython version: 3.7.4
OpenSSL version: OpenSSL 1.1.1d  10 Sep 2019

&

> gcloud --version
Google Cloud SDK 266.0.0
bq 2.0.48
core 2019.10.04
docker-credential-gcr
gsutil 4.44

Can you give a try & let me know ?

@laszlocph
Copy link
Author

laszlocph commented Oct 21, 2019
edited
Loading

I cannot reporoduce the issue anymore 👍

➜  docker-compose version
docker-compose version 1.21.0, build 5920eb0
docker-py version: 3.2.1
CPython version: 3.6.5
OpenSSL version: OpenSSL 1.0.1t  3 May 2016
➜  docker version
Client:
 Version:           18.09.6
 API version:       1.39
 Go version:        go1.10.8
 Git commit:        481bc77156
 Built:             Sat May  4 02:35:29 2019
 OS/Arch:           linux/amd64
 Experimental:      false
➜  gcloud version
Google Cloud SDK 263.0.0

@glours
Copy link
Contributor

glours commented Oct 21, 2019

Cool 👍
So I close the issue, thanks for your feedback

@glours glours closed this as completed Oct 21, 2019
rnorth added a commit to testcontainers/testcontainers-java that referenced this issue Nov 23, 2019
@rnorth
Upgrade docker-compose image to latest version and perform dire… (#1847)
b756527 
* Upgrade docker-compose image to latest version and perform direct image pull

Together with using Compose file 2.1 syntax, this is a solution to network cleanup issue described in:
 * #1767
 * #739
 * testcontainers/moby-ryuk#2
 * docker/compose#6636

Solution to general credential helper authenticated pull issues in:
 * docker/compose#5854

Tangentially should add support for v3 syntax (not yet tested) re #531
@agcom agcom mentioned this issue Jun 27, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/build kind/bug status/0-triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@glours @mklinke @shin- @laszlocph @lmapii @hiddeco