hub-tool icon indicating copy to clipboard operation
hub-tool copied to clipboard
verified publisher icon docker

Feature Request: authenticated api/https request

Open rpkak opened this issue 4 years ago • 5 comments

This function would include a new cli command that has arguments similar to curl or wget and sends an authenticated http request to a selected registry host.

Use case:

Using the docker hub api (e.g. delete images) or using other endpoints of other registries.

Proposal:

In order to be able to use this feature, you must of course first log in to the registration if you are not yet.

$ docker login [options] [registry]

After that you would be able to run:

$ docker api [options] [registry]<endpoint>

options: similar to curl; e.g for changing the method, add headers or specify the body registry+endpoint: The url of the request; registry is optional and by default dockerhub.

For example:

$ docker api /v2/namespaces/redisqueue/repositories/worker/images-summary

sould be equivalent to:

$ curl -H 'Authorization: Bearer TOKEN' https://hub.docker.com/v2/namespaces/redisqueue/repositories/worker/images-summary

rpkak avatar Sep 06 '21 11:09 rpkak

Thanks for reporting; as this is for commands interacting with the registry, this may be more appropriate in the https://github.com/docker/hub-tool repository, which is a (still beta / preview) cli to interact with Docker Hub.

Let me transfer this ticket to that repository.

thaJeztah avatar Sep 06 '21 13:09 thaJeztah

FWIW, if you're specifically looking for ways to remove tags; that's already provided by this tool;

hub-tool tag --help
Manage tags

Usage:
  hub-tool tag [flags]
  hub-tool tag [command]

Available Commands:
  inspect     Show the details of an image in the registry
  ls          List all the images in a repository
  rm          Delete a tag in a repository

Flags:
  -h, --help   help for tag

Global Flags:
      --verbose   Print logs

Use "hub-tool tag [command] --help" for more information about a command.

thaJeztah avatar Sep 06 '21 13:09 thaJeztah

I didn't know that this repo existed, but this repo only solves the problem if you are using dockerhub, but not if you are using a different registry.

rpkak avatar Sep 07 '21 05:09 rpkak

Yes, this tool is primarily to interact with Docker Hub. Authentication with registries unfortunately can be somewhat tricky (as not all parts of that are part of the distribution specification, so can be implementation specific). You may be interested in https://github.com/regclient/regclient, which is written by Docker Captain @sudo-bmitch, and a more generic tool.

thaJeztah avatar Sep 07 '21 10:09 thaJeztah

Most registries are good and follow the HTTP specs for the WWW-Authenticate/Authorization headers for Basic and Bearer tokens. However, there are exceptions that require you to impersonate a docker client and build the authorization scope yourself. I think you're quickly getting into territory where you'll want to write your own client if you aren't calling the registry/2.0 or OCI distribution-spec APIs.

sudo-bmitch avatar Sep 07 '21 13:09 sudo-bmitch