对于港口注册表，目录列表不适用于Bearer。接收401个未经授权的令牌

Question

在使用Bearer令牌进行目录列表时，我收到了401未经授权的错误。

码头版本: 19.03.11

码头工人撰写版本: 1.26.0

使用港v2.0.0在线安装程序。

下面是我所做的。

获取身份验证详细信息：

[root@localhost ~ ] curl -v -k http://<harbor registry server>/v2/  
About to connect() to <harbor registry server> port 80 (#0)  
Trying **.**.**.**...  
Connected to <harbor registry server> (**.**.**.**) port 80 (#0)  
GET /v2/ HTTP/1.1  
User-Agent: curl/7.29.0  
Host: <harbor registry server>  
Accept: */*  
HTTP/1.1 401 Unauthorized  
Server: nginx  
Date: Wed, 25 Nov 2020 05:01:54 GMT  
Content-Type: application/json; charset=utf-8  
Content-Length: 76  
Connection: keep-alive  
Docker-Distribution-Api-Version: registry/2.0  
Set-Cookie: sid=bc1dfc03bfab8e5802ddf950d1048b37; Path=/; HttpOnly  
**Www-Authenticate: Bearer realm="http://<harbor registry server>/service/token",service="harbor-registry"**  
X-Request-Id: f10c0e6a-4bde-496f-9bd2-897d1d2de0cb  
   
{"errors":[{"code":"UNAUTHORIZED","message":"unauthorized: unauthorized"}]}  

获取令牌的请求：

curl -k -v -u 'admin:Harbor12345' http://<harbor registry server>/service/token?service=harbor-registry&scope=registry:catalog:*  

响应

1] 23529  
[root@localhost ~ ] * About to connect() to <harbor registry server> port 80 (#0)  

Trying ......  
Connected to <harbor registry server> (...) port 80 (#0)  
Server auth using Basic with user 'admin'  
GET /service/token?service=harbor-registry HTTP/1.1  
Authorization: Basic YWRtaW46SGFyYm9yMTIzNDU=  
User-Agent: curl/7.29.0  
Host: <harbor registry server>  
Accept: /  
HTTP/1.1 200 OK  
Server: nginx  
Date: Mon, 23 Nov 2020 08:39:47 GMT  
Content-Type: application/json; charset=utf-8  
Content-Length: 1122  
Connection: keep-alive  
Set-Cookie: sid=d52190099e5a2a55de383e3ec4407aad; Path=/; HttpOnly  
X-Request-Id: a190671a-6d52-4a90-8022-8762b8843d0f  
X-Frame-Options: DENY  
Content-Security-Policy: frame-ancestors 'none'  
  
{  
"token": "zzzz",  
"access_token": "",  
"expires_in": 1800,  
"issued_at": "2020-11-23T08:39:47Z"  
Connection #0 to host <harbor registry server> left intact  

现在将令牌设置为令牌值.

[root@localhost ~ ]  TOKEN=zzzz 

命令来执行目录列表

[root@localhost ~ ] **curl -v -k -H "Authorization: Bearer $TOKEN" http://<harbor registry server>/v2/_catalog***   

About to connect() to <harbor registry server> port 80 (#0)  
Trying ......  
Connected to <harbor registry server> (...) port 80 (#0)  
GET /v2/_catalog HTTP/1.1  
User-Agent: curl/7.29.0  
Host: <harbor registry server>  
Accept: /  
Authorization: Bearer zzzz

HTTP/1.1 401 Unauthorized  
Server: nginx  
Date: Mon, 23 Nov 2020 08:45:52 GMT  
Content-Type: application/json; charset=utf-8  
Content-Length: 108  
Connection: keep-alive  
Docker-Distribution-Api-Version: registry/2.0  
Set-Cookie: sid=7657dcb0d2bdfd962d25995ec4bb11ed; Path=/; HttpOnly  
Www-Authenticate: Basic realm="harbor"  
X-Request-Id: db841f81-a1ff-4498-8387-980de1282433  
{"errors":[{"**code":"UNAUTHORIZED","message":"unauthorized to list catalog: unauthorized to list catalog**"}]}  

知道我错过了什么吗？

Answer 1

所有v2 API都支持港口v2.0中的basic授权。

https://github.com/goharbor/harbor/issues/13573

使用：

TOKEN=$(echo -n '<your username>:<your password>' | base64) 
curl -v -k -H "Authorization: Basic $TOKEN" http://<harbor registry server>/v2/_catalog

Http://：如果您想访问停靠注册中心‘注册表服务器/v2/_’，用户需要是管理员用户。

我尝试使用一个机器人帐户与‘列表库’许可港口v2.5，但失败了。

成功通过使用已被设置为admin的新创建的用户来获得资源目录。

root@harbor:~/bin# TOKEN=$(echo -n 'robot$myuser:<robot myuser's key>' | base64)
root@harbor:~/bin# curl -ikL -X GET -H "Content-Type: application/json" -H "Authorization: Basic ${TOKEN}" https://<my harbor registry server>/v2/_catalog
HTTP/1.1 401 Unauthorized
Server: nginx
Date: Tue, 19 Jul 2022 02:24:48 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 108
Connection: keep-alive
Docker-Distribution-Api-Version: registry/2.0
Set-Cookie: sid=55396cb4252801332505b4cd48fdbf73; Path=/; HttpOnly
Www-Authenticate: Basic realm="harbor"
X-Request-Id: e974235d-75df-49f5-b366-1010933a6cc4

{"errors":[{"code":"UNAUTHORIZED","message":"unauthorized to list catalog: unauthorized to list catalog"}]}

root@harbor:~/bin# TOKEN=$(echo -n 'phanx:<phanx's password>' | base64)
root@harbor:~/bin# curl -ikL -X GET -H "Content-Type: application/json" -H "Authorization: Basic ${TOKEN}" https://<my harbor registry server>/v2/_catalog
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 19 Jul 2022 02:35:27 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: sid=5b3b90706cdf0077695b97286882a397; Path=/; HttpOnly
X-Request-Id: 8734215d-a892-41bc-b531-9ba4e5a7bcfb
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: DENY
Content-Security-Policy: frame-ancestors 'none'

{"repositories":["library/afms-engine","library/nginx"]}