Giters

SUSE / Portus

Authorization service and frontend for Docker registry (v2)

Home Page:http://port.us.org/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Running into "insufficient scope" issue.

ravensorb opened this issue · comments

commented

It seems like I am hitting the same issue as #1736 however I am pretty much 100% sure things everything in my configuration match :) Is there something else I am missing?

Screenshot of my web interface
image

env variables for portus

PORTUS_ANONYMOUS_BROWSING_ENABLED=true
PORTUS_BACKGROUND_SYNC_ENABLED=false
PORTUS_BACKGROUND_SYNC_STRATEGY=update-delete
PORTUS_CHECK_SSL_USAGE_ENABLED=false
PORTUS_DB_ADAPTER=mysql2
PORTUS_DB_DATABASE=portusdb
PORTUS_DB_HOST=portusdb
PORTUS_DB_PASSWORD=xxxxxxxx
PORTUS_DB_USERNAME=portusdb
PORTUS_DELETE_CONTRIBUTORS=true
PORTUS_DELETE_ENABLED=true
PORTUS_DELETE_GARBAGE_COLLECTOR_ENABLED=true
PORTUS_DELETE_GARBAGE_COLLECTOR_KEEP_LATEST=5
PORTUS_DELETE_GARBAGE_COLLECTOR_OLDER_THAN=30
PORTUS_DELETE_GARBAGE_COLLECTOR_TAG=
PORTUS_DISPLAY_NAME_ENABLED=true
PORTUS_EMAIL_FROM=portus@home.local
PORTUS_EMAIL_NAME=
PORTUS_EMAIL_REPLY_TO=
PORTUS_GRAVATAR_ENABLED=true
PORTUS_HOST_EXTERNAL=portus.home.local
PORTUS_HOST_INTERNAL=portus
PORTUS_KEY_PATH=/certs/key/portus.key
PORTUS_MACHINE_FQDN_VALUE=portus-registry.home.local
PORTUS_PASSWORD=xxxxxxxx
PORTUS_SECRET_KEY_BASE=xxxxxxxx
PORTUS_SMTP_ADDRESS=smtp.home.local
PORTUS_SMTP_AUTHENTICATION=login
PORTUS_SMTP_DOMAIN=home.local
PORTUS_SMTP_ENABLED=false
PORTUS_SMTP_PASSWORD=
PORTUS_SMTP_PORT=25
PORTUS_SMTP_USER_NAME=
RAILS_SERVE_STATIC_FILES=true

env variables for registry

REGISTRY_AUTH_TOKEN_ISSUER=portus-registry.home.local
REGISTRY_LOG_LEVEL=debug
REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/crt/portus.crt
REGISTRY_AUTH_TOKEN_REALM=http://portus.home.local/v2/token
REGISTRY_NOTIFICATIONS_ENDPOINTS_URL=http://portus:3000/v2/webhooks/events
REGISTRY_LOG_ACCESSLOG_DISABLED=false
REGISTRY_AUTH_TOKEN_SERVICE=portus-registry.home.local
REGISTRY_STORAGE_DELETE_ENABLED=true
REGISTRY_HTTP_SECRET=xxxxxx
REGISTRY_NOTIFICATIONS_ENDPOINTS_NAME=portus
REGISTRY_NOTIFICATIONS_ENDPOINTS_DISABLED=false

and here is the config for portus

sh-4.4# portusctl exec rake portus:info
[schema] Selected the schema for mysql
[Mailer config] Host:     portus.test.lan
[Mailer config] Protocol: https://
Evaluated configuration:
---
email:
  from: portus@home.local
  name: ''
  reply_to: ''
  smtp:
    enabled: false
    address: smtp.example.com
    port: 587
    domain: example.com
    ssl_tls: ''
    enable_starttls_auto: false
    openssl_verify_mode: none
    ca_path: ''
    ca_file: ''
    user_name: ''
    password: "****"
    authentication: login
gravatar:
  enabled: true
delete:
  enabled: true
  contributors: true
  garbage_collector:
    enabled: true
    older_than: 30
    keep_latest: 5
    tag: ''
ldap:
  enabled: false
  hostname: ldap_hostname
  port: 389
  timeout: 5
  encryption:
    method: ''
    options:
      ca_file: ''
      ssl_version: TLSv1_2
  base: ''
  admin_base: ''
  group_base: ''
  filter: ''
  uid: uid
  authentication:
    enabled: false
    bind_dn: ''
    password: "****"
  group_sync:
    enabled: true
    default_role: viewer
  guess_email:
    enabled: false
    attr: ''
oauth:
  local_login:
    enabled: true
  google_oauth2:
    enabled: false
    id: ''
    secret: ''
    domain: ''
    options:
      hd: ''
  open_id:
    enabled: false
    identifier: ''
    domain: ''
  openid_connect:
    enabled: false
    issuer: ''
    identifier: ''
    secret: ''
  github:
    enabled: false
    client_id: ''
    client_secret: ''
    organization: ''
    team: ''
    domain: ''
  gitlab:
    enabled: false
    application_id: ''
    secret: ''
    group: ''
    domain: ''
    server: ''
  bitbucket:
    enabled: false
    key: ''
    secret: ''
    domain: ''
    options:
      team: ''
first_user_admin:
  enabled: true
signup:
  enabled: true
check_ssl_usage:
  enabled: false
registry:
  jwt_expiration_time:
    value: 15
  catalog_page:
    value: 100
  timeout:
    value: 2
  read_timeout:
    value: 120
machine_fqdn:
  value: portus-registry.home.local
display_name:
  enabled: true
user_permission:
  change_visibility:
    enabled: true
  create_team:
    enabled: true
  manage_team:
    enabled: true
  create_namespace:
    enabled: true
  manage_namespace:
    enabled: true
  create_webhook:
    enabled: true
  manage_webhook:
    enabled: true
  push_images:
    policy: allow-teams
security:
  clair:
    server: ''
    health_port: 6061
    timeout: 900
  zypper:
    server: ''
  dummy:
    server: ''
anonymous_browsing:
  enabled: true
background:
  registry:
    enabled: true
  sync:
    enabled: false
    strategy: update-delete
pagination:
  per_page: 10
  before_after: 2

and here is the log entry

portus-registry        | time="2021-01-19T22:53:12.85319284Z" level=warning msg="error authorizing context: insufficient scope" go.version=go1.11.2 http.request.host=portus-registry.home.local http.request.id=16e22790-55ee-4adf-b516-2b1a36941ac0 http.request.method=POST http.request.remoteaddr=172.21.0.1 http.request.uri="/v2/testuser/containerimage"/blobs/uploads/" http.request.useragent="docker/20.10.2 go/go1.13.15 git-commit/8891c58 kernel/5.4.0-1036-azure os/linux arch/amd64 UpstreamClient(Docker-Client/20.10.2 \(linux\))" vars.name="testuser/containerimage"
commented

I had the same problem...

commented

Thanks for all your contributions!
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.