The Red Hat docker registry (registry.access.redhat.com) does not set any X-Docker-Token HTTP header in its responses. Change the code so it only passes around this header if it is actually present. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com&gt; --- libvirt-sandbox/image/sources/DockerSource.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/libvirt-sandbox/image/sources/DockerSource.py b/libvirt-sandbox/image/sources/DockerSource.py index f367c8f..78b2a53 100644 --- a/libvirt-sandbox/image/sources/DockerSource.py +++ b/libvirt-sandbox/image/sources/DockerSource.py @@ -83,10 +83,14 @@ class DockerSource(Source): checksums = {} for layer in data: pass + + headers = {} + if token is not None: + headers["Authorization"] = "Token" + token (data, res) = self._get_json(template, registryendpoint, "/v1/repositories" + template.path + "/tags", - { "Authorization": "Token " + token }) + headers) cookie = res.info().getheader('Set-Cookie') @@ -98,7 +102,7 @@ class DockerSource(Source): (data, res) = self._get_json(template, registryendpoint, "/v1/images/" + imagetagid + "/ancestry", - { "Authorization": "Token "+ token }) + headers) if data[0] != imagetagid: raise ValueError(["Expected first layer id '%s' to match image id '%s'", @@ -121,7 +125,7 @@ class DockerSource(Source): res = self._save_data(template, registryendpoint, "/v1/images/" + layerid + "/json", - { "Authorization": "Token " + token }, + headers, jsonfile) createdFiles.append(jsonfile) @@ -134,7 +138,7 @@ class DockerSource(Source): self._save_data(template, registryendpoint, "/v1/images/" + layerid + "/layer", - { "Authorization": "Token "+token }, + headers, datafile, datacsum, layersize) createdFiles.append(datafile)

On Mon, 2015-09-21 at 22:12 +0200, Cedric Bosdonnat wrote: > On Mon, 2015-09-21 at 15:12 +0100, Daniel P. Berrange wrote: > > The Red Hat docker registry (registry.access.redhat.com) does > > not set any X-Docker-Token HTTP header in its responses. Change > > the code so it only passes around this header if it is actually > > present. > > > > Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com&gt; > > --- > > libvirt-sandbox/image/sources/DockerSource.py | 12 ++++++++---- > > 1 file changed, 8 insertions(+), 4 deletions(-) > > > > diff --git a/libvirt-sandbox/image/sources/DockerSource.py b/libvirt-sandbox/image/sources/DockerSource.py > > index f367c8f..78b2a53 100644 > > --- a/libvirt-sandbox/image/sources/DockerSource.py > > +++ b/libvirt-sandbox/image/sources/DockerSource.py > > @@ -83,10 +83,14 @@ class DockerSource(Source): > > checksums = {} > > for layer in data: > > pass > > + > > + headers = {} > > + if token is not None: > > + headers["Authorization"] = "Token" + token > > (data, res) = self._get_json(template, > > registryendpoint, > > "/v1/repositories" + template.path + "/tags", > > - { "Authorization": "Token " + token }) > > + headers) > > > > cookie = res.info().getheader('Set-Cookie') > > > > @@ -98,7 +102,7 @@ class DockerSource(Source): > > (data, res) = self._get_json(template, > > registryendpoint, > > "/v1/images/" + imagetagid + "/ancestry", > > - { "Authorization": "Token "+ token }) > > + headers) > > > > if data[0] != imagetagid: > > raise ValueError(["Expected first layer id '%s' to match image id '%s'", > > @@ -121,7 +125,7 @@ class DockerSource(Source): > > res = self._save_data(template, > > registryendpoint, > > "/v1/images/" + layerid + "/json", > > - { "Authorization": "Token " + token }, > > + headers, > > jsonfile) > > createdFiles.append(jsonfile) > > > > @@ -134,7 +138,7 @@ class DockerSource(Source): > > self._save_data(template, > > registryendpoint, > > "/v1/images/" + layerid + "/layer", > > - { "Authorization": "Token "+token }, > > + headers, > > datafile, datacsum, layersize) > > createdFiles.append(datafile) > > > > ACK Hum, after some real life testing, I'm getting an error from the default docker registry with this patch: Fetching https://registry-1.docker.io/v1/repositories/opensuse/tags...FAIL HTTP Error 401: UNAUTHORIZED