A better error message describing general class of auth problems
vlada-shubina opened this issue · comments
Vlada Shubina commented
Current error message is as following:
/opt/azure_repos/home_dir_tgw_user/.nuget/packages/microsoft.net.build.containers/0.4.0/build/Microsoft.NET.Build.Containers.targets(195,5): error CONTAINER1013: Failed to push to the output registry: System.ApplicationException: CONTAINER1001: Failed to upload blob to POST****
Consider improving it and providing possible generic CTA.
A message like the following should be emitted instead:
- No credentials found for registry:
Unable to authenticate to registry <REGISTRYNAME>. No credentials were found locally - you may need to login to the registry using `docker login <REGISTRYNAME> -u <USERNAME> -p <PASSWORD>.`
- Credentials present, but incorrect when a
Token
was used:
Unable to authenticate to registry <REGISTRYNAME>. Credentials were found locally but were not accepted by the registry. Check the permissions for the Bearer token associated with the registry.
- Credentials present, but incorrect when a
Basic
(username/password) was used:
Unable to authenticate to registry <REGISTRYNAME>. Credentials were found locally but were not accepted by the registry. Check the permissions for the user <USERNAME> associated with the registry.
Potential questions:
- Is it ok to expose
<USERNAME>
in the message? - Is it ok to try to find the
sub
claim in the Bearer token and emit it, since tokens are often tracked/inventoried by the 'subject' (user id) that they were created for?