如何使用HTTP API从gcr.io Docker Registry列出图像和标签? [英] How to list images and tags from the gcr.io Docker Registry using the HTTP API?
问题描述
我尝试从Node.js中的Google Container Registry(gcr.io)中获取可用图像及其标签的列表。
我首先使用 google-auto-auth 来调用范围 https://www.googleapis.com/auth/devstorage.read_write ,
,然后我将这个标记换成 gcr.io 标记,如下所示:
axios.get('https://gcr.io/v2/token?service=gcr.io',{
auth:{
username:'_token',
密码:令牌//令牌,我从`google-auto-auth`获得
}
})
然后我尝试用它来调用 v2 / _catalog 端点:
axios.get('https://gcr.io/v2/_catalog',{
headers:{
授权:`Bearer $ {gcrToken}`
})
我得到以下错误:
{
errors:[{code:'DENIED',message:'无法检索项目。'}]
}
很公平的,它必须要求我的项目ID,但我应该在哪里提供它?
为了看看我能否得到其他的工作,我试过:
axios.get('https://gcr.io/v2/my-project-id/my-image/tags/list',{
标题:{
授权: `Bearer $ {gcrToken}`
}
})
以下回:
{
错误:[
{
code:'NAME_INVALID' ,
message:'请求的存储库与不记名令牌资源不匹配:my-project-id / my-image'
}
]
}
解决方案在与GCR的Jon Johnson广泛沟通后,我们终于找出了错误。如果你喜欢这个答案,那么请高举Jon的话,他会超越这个问题来解决这个问题。
大部分东西在撰写本文时都没有记录。 / p>
- 需要使用
注册表:catalog:* scope。
- 我的图片被推送到
us.gcr.io ,他们将它们视为单独的注册表 - 我认为它们是镜像。
- 服务帐户必须在Google Cloud IAM中具有
Project Viewer 角色。
- 您可以使用GCR标记,以及Google Cloud令牌。但是,尽管GCR标记不能与
基本base64(_token:<标记>)一起使用,Google Cloud标记可以。
取得GCR标记
//更新主机
axios.get('https://us.gcr.io/v2/token?service=gcr.io',{
params:{
service:'us.gcr。 io',
scope:`registry:catalog:*`
},
auth:{
username:'_token',
password:token // token I来自`google-auto-auth`
},
})
使用令牌列出存储库
const client = axios.create({
baseURL :`https:// us.gcr.io / v2`,
标题:{
授权:`持有者$ {令牌}`
}
})
client.get('/ _ catalog')。then((response)=> {
console.log(response.data.repositories)
})
I'm trying to fetch a list of available images and their tags from Google Container Registry (gcr.io) in Node.js.
I first use google-auto-auth to optain a token with scope https://www.googleapis.com/auth/devstorage.read_write,
and I exchange that token for a gcr.io token like so:
axios.get('https://gcr.io/v2/token?service=gcr.io', {
auth: {
username: '_token',
password: token // token I got from `google-auto-auth`
}
})
I then try to use this to call the v2/_catalog endpoint:
axios.get('https://gcr.io/v2/_catalog', {
headers: {
Authorization: `Bearer ${gcrToken}`
}
})
And I get the following error:
{
errors: [ { code: 'DENIED', message: 'Failed to retrieve projects.' } ]
}
Fair enough, it must require my project ID, but where am I supposed to provide it?
Just to see if I could get anything else working, I tried:
axios.get('https://gcr.io/v2/my-project-id/my-image/tags/list', {
headers: {
Authorization: `Bearer ${gcrToken}`
}
})
And I get the following back:
{
errors: [
{
code: 'NAME_INVALID',
message: 'Requested repository does not match bearer token resource: my-project-id/my-image'
}
]
}
How can I read image info from gcr.io?
解决方案 After extensive communication with Jon Johnson from GCR, we finally figured out what was wrong. If you upvote this answer, please upvote Jon's as well, he went above and beyond to get this issue resolved.
Most of this stuff is undocumented as of this writing.
- need to use the
registry:catalog:* scope.
- my images were pushed to
us.gcr.io, and they treat them as separate registries — I thought they were mirrors.
- the service account must have the
Project Viewer role in Google Cloud IAM.
- you can use a GCR token, as well as a Google Cloud token. However while the GCR token cannot be used with
Basic base64(_token:<token>), the Google Cloud token can.
Getting the GCR token
// Updated host
axios.get('https://us.gcr.io/v2/token?service=gcr.io', {
params: {
service: 'us.gcr.io',
scope: `registry:catalog:*`
},
auth: {
username: '_token',
password: token // token I got from `google-auto-auth`
},
})
Using the token to list repositories
const client = axios.create({
baseURL: `https://us.gcr.io/v2`,
headers: {
Authorization: `Bearer ${token}`
}
})
client.get('/_catalog').then((response) => {
console.log(response.data.repositories)
})
这篇关于如何使用HTTP API从gcr.io Docker Registry列出图像和标签?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
