docker rest api compatibility not honored for error responses.

[Alex-Izquierdo]

Issue Description

It seems that the compatibility with the api rest of docker is not met for error responses. According to the docker docs, the response should include a field "message" but podman has a different schema.
This can be reproduced easily running a request to pull an image, for example. As consequence, clients like the official python library for docker doesn't work because the response has a different schema (the message is inside "errordetail") and the library expects to have a "message" key at the root level as is described in the docs.

Docker docs ref: https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageCreate
Example of podman response

curl -XPOST "http://localhost:8888/images/create?fromImage=quay.io/idonotexist/idonotexist:dummy" | jq
{
  "progressDetail": {},
  "errorDetail": {
    "message": "initializing source docker://quay.io/idonotexist/idonotexist:dummy: reading manifest dummy in quay.io/idonotexist/idonotexist: unauthorized: access to the requested resource is not authorized"
  },
  "error": "initializing source docker://quay.io/idonotexist/idonotexist:dummy: reading manifest dummy in quay.io/idonotexist/idonotexist: unauthorized: access to the requested resource is not authorized"
}

Tested with latest podman container 4.6.1

Steps to reproduce the issue

curl -XPOST "http://localhost:8888/images/create?fromImage=quay.io/idonotexist/idonotexist:dummy"

Describe the results you received

The response doesn't meet the spec of docker api response, don't have a "message" key in the root level

Describe the results you expected

a "message" key in the root level with the reason of the error.

podman info output

podman v4.6.1

Podman in a container

Yes

Privileged Or Rootless

Privileged

Upstream Latest Release

Yes

Additional environment details

No response

Additional information

No response

[rhatdan]

Do you have an example of the Docker response?

Interested in opening a PR to fix this issue?

[Alex-Izquierdo]

Hi @rhatdan thanks for your quick response.
This is how looks the response from docker:

root@ubuntu:/var/run# curl --unix-socket /var/run/docker.sock -XPOST "http://localhost/images/create?fromImage=quay.io/idonotexist/idonotexist:dummy"
{"message":"unauthorized: access to the requested resource is not authorized"}

Interested in opening a PR to fix this issue?

It would be my first attempt to contribute to the Podman code, but I'm happy to give it a try. What would be the best approach to fix it? Should we move the "message" field up one level, duplicate it, or rename the current error field?

[rhatdan]

I would move the message field up one level, or just return the message field instead of the entire report message.

[jackgris]

Hi, after reading this issue I found where the message was created I changed the message to return the error response in the way that Alex commented {"message":"unauthorized: access to the requested resource is not authorized"}. But I was not sure if modifying a type in a vendor package is right for this. I only added a Message field with a json omitempty option.

[github-actions]

A friendly reminder that this issue had no activity for 30 days.

[rhatdan]

@jackgris could you open a PR to fix this issue?

[rhatdan]

Actually after looking at the code it looks like @jackgris fix is in Podman, so I am going to assume this is fixed. Reopen if I am mistaken.

[jackgris]

Yes, I forgot to add another comment here mentioning this: #20239