Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-9121

Support scenario allowing unauthenticated pull and authenticated push for the same Docker repository

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: 4.4.2, 4.5.1
    • Fix Version/s: 4.7.0
    • Component/s: None
    • Labels:
      None

      Description

      Currently when anonymous access is enabled, no challenge is sent to docker client. This is problematic since you want to force authenticated push.

      For that reason the flag of "Force Authentication" was added to the Docker repositories, when set a challenge is sent even when "Allow anonymous" is set to true.
      However to support the use case described you must configure two virtual repositories, one with read only access and "Force Authentication" set to false, and another with write access and "Force Authentication" set to true so any attempt to write to that repo will have to be authenticated. This is somewhat confusing since anonymous users work with one repository and those who have a user and can push work with another.

      Desired behavior is to mimic the behavior in Bintray, so when allow anonymous access is enabled, a fake bearer token will be created with an empty username and password, and so for docker repository a challenge will be sent every time.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                shayy Shay Yaakov (Inactive)
                Reporter:
                royz Roy Zanbel (Inactive)
                Assigned QA:
                Kareem Abu Edris (Inactive)
              • Votes:
                6 Vote for this issue
                Watchers:
                10 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: