Running into "insufficient scope" issue.
ravensorb opened this issue · comments
Shawn commented
It seems like I am hitting the same issue as #1736 however I am pretty much 100% sure things everything in my configuration match :) Is there something else I am missing?
Screenshot of my web interface
env variables for portus
PORTUS_ANONYMOUS_BROWSING_ENABLED=true
PORTUS_BACKGROUND_SYNC_ENABLED=false
PORTUS_BACKGROUND_SYNC_STRATEGY=update-delete
PORTUS_CHECK_SSL_USAGE_ENABLED=false
PORTUS_DB_ADAPTER=mysql2
PORTUS_DB_DATABASE=portusdb
PORTUS_DB_HOST=portusdb
PORTUS_DB_PASSWORD=xxxxxxxx
PORTUS_DB_USERNAME=portusdb
PORTUS_DELETE_CONTRIBUTORS=true
PORTUS_DELETE_ENABLED=true
PORTUS_DELETE_GARBAGE_COLLECTOR_ENABLED=true
PORTUS_DELETE_GARBAGE_COLLECTOR_KEEP_LATEST=5
PORTUS_DELETE_GARBAGE_COLLECTOR_OLDER_THAN=30
PORTUS_DELETE_GARBAGE_COLLECTOR_TAG=
PORTUS_DISPLAY_NAME_ENABLED=true
PORTUS_EMAIL_FROM=portus@home.local
PORTUS_EMAIL_NAME=
PORTUS_EMAIL_REPLY_TO=
PORTUS_GRAVATAR_ENABLED=true
PORTUS_HOST_EXTERNAL=portus.home.local
PORTUS_HOST_INTERNAL=portus
PORTUS_KEY_PATH=/certs/key/portus.key
PORTUS_MACHINE_FQDN_VALUE=portus-registry.home.local
PORTUS_PASSWORD=xxxxxxxx
PORTUS_SECRET_KEY_BASE=xxxxxxxx
PORTUS_SMTP_ADDRESS=smtp.home.local
PORTUS_SMTP_AUTHENTICATION=login
PORTUS_SMTP_DOMAIN=home.local
PORTUS_SMTP_ENABLED=false
PORTUS_SMTP_PASSWORD=
PORTUS_SMTP_PORT=25
PORTUS_SMTP_USER_NAME=
RAILS_SERVE_STATIC_FILES=true
env variables for registry
REGISTRY_AUTH_TOKEN_ISSUER=portus-registry.home.local
REGISTRY_LOG_LEVEL=debug
REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/crt/portus.crt
REGISTRY_AUTH_TOKEN_REALM=http://portus.home.local/v2/token
REGISTRY_NOTIFICATIONS_ENDPOINTS_URL=http://portus:3000/v2/webhooks/events
REGISTRY_LOG_ACCESSLOG_DISABLED=false
REGISTRY_AUTH_TOKEN_SERVICE=portus-registry.home.local
REGISTRY_STORAGE_DELETE_ENABLED=true
REGISTRY_HTTP_SECRET=xxxxxx
REGISTRY_NOTIFICATIONS_ENDPOINTS_NAME=portus
REGISTRY_NOTIFICATIONS_ENDPOINTS_DISABLED=false
and here is the config for portus
sh-4.4# portusctl exec rake portus:info
[schema] Selected the schema for mysql
[Mailer config] Host: portus.test.lan
[Mailer config] Protocol: https://
Evaluated configuration:
---
email:
from: portus@home.local
name: ''
reply_to: ''
smtp:
enabled: false
address: smtp.example.com
port: 587
domain: example.com
ssl_tls: ''
enable_starttls_auto: false
openssl_verify_mode: none
ca_path: ''
ca_file: ''
user_name: ''
password: "****"
authentication: login
gravatar:
enabled: true
delete:
enabled: true
contributors: true
garbage_collector:
enabled: true
older_than: 30
keep_latest: 5
tag: ''
ldap:
enabled: false
hostname: ldap_hostname
port: 389
timeout: 5
encryption:
method: ''
options:
ca_file: ''
ssl_version: TLSv1_2
base: ''
admin_base: ''
group_base: ''
filter: ''
uid: uid
authentication:
enabled: false
bind_dn: ''
password: "****"
group_sync:
enabled: true
default_role: viewer
guess_email:
enabled: false
attr: ''
oauth:
local_login:
enabled: true
google_oauth2:
enabled: false
id: ''
secret: ''
domain: ''
options:
hd: ''
open_id:
enabled: false
identifier: ''
domain: ''
openid_connect:
enabled: false
issuer: ''
identifier: ''
secret: ''
github:
enabled: false
client_id: ''
client_secret: ''
organization: ''
team: ''
domain: ''
gitlab:
enabled: false
application_id: ''
secret: ''
group: ''
domain: ''
server: ''
bitbucket:
enabled: false
key: ''
secret: ''
domain: ''
options:
team: ''
first_user_admin:
enabled: true
signup:
enabled: true
check_ssl_usage:
enabled: false
registry:
jwt_expiration_time:
value: 15
catalog_page:
value: 100
timeout:
value: 2
read_timeout:
value: 120
machine_fqdn:
value: portus-registry.home.local
display_name:
enabled: true
user_permission:
change_visibility:
enabled: true
create_team:
enabled: true
manage_team:
enabled: true
create_namespace:
enabled: true
manage_namespace:
enabled: true
create_webhook:
enabled: true
manage_webhook:
enabled: true
push_images:
policy: allow-teams
security:
clair:
server: ''
health_port: 6061
timeout: 900
zypper:
server: ''
dummy:
server: ''
anonymous_browsing:
enabled: true
background:
registry:
enabled: true
sync:
enabled: false
strategy: update-delete
pagination:
per_page: 10
before_after: 2
and here is the log entry
portus-registry | time="2021-01-19T22:53:12.85319284Z" level=warning msg="error authorizing context: insufficient scope" go.version=go1.11.2 http.request.host=portus-registry.home.local http.request.id=16e22790-55ee-4adf-b516-2b1a36941ac0 http.request.method=POST http.request.remoteaddr=172.21.0.1 http.request.uri="/v2/testuser/containerimage"/blobs/uploads/" http.request.useragent="docker/20.10.2 go/go1.13.15 git-commit/8891c58 kernel/5.4.0-1036-azure os/linux arch/amd64 UpstreamClient(Docker-Client/20.10.2 \(linux\))" vars.name="testuser/containerimage"
可可大人 commented
I had the same problem...
stale commented
Thanks for all your contributions!
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.