Nomad Docker driver silently discards auth when no key found

[evan2645]

Nomad version

0.4.1-rc1

Operating system and Environment details

Ubuntu 16.04
Docker 1.12.0

Issue

When Nomad is configured to use docker authentication credentials through the use of the docker.auth.config driver option, but no auth key exists for the requested image, it silently falls back.

Expected Behavior

A debug message is logged.

I ran into this while trying to debug why my private repo credentials were not working under Nomad. They worked when interacting Docker directly. It seems that Docker does not mandate the use of the https:// prefix in the auths config for SSL repos, but Nomad does. In addition to debug logging, an update to the docker documentation for docker.auth.config driver option to specify the requirement would have saved a lot of time.

[evan2645]

Perhaps another option might be to mirror native docker behavior in auth key selection, since the lack of parity there was one of the other unexpected results

[dadgar]

Can you expand on how they are treated differently?

[evan2645]

When using the docker binary and passing the auths config file, it uses the quay.io auth configuration key even though it is https under the hood. Nomad consumes this file directly, and requires the use of https:// prefix on the auth key. In this way, an auth config with key quay.io works with the docker binary but not nomad.

[evan2645]

Here is an example of a configuration file which worked with docker binary but not nomad:

{
 "quay.io": {
  "auth": "REDACTED",
  "email": ""
 }
}

[gliptak]

Would an else DEBUG log at https://github.com/hashicorp/nomad/blob/master/client/driver/docker.go#L910 be an acceptable change? Thanks

[dadgar]

I think we can do a bit better job parsing the key in the docker driver

[gliptak]

@dadgar So would it need to be prefixed with https:// if protocol wasn't specified (to match Docker's behaviour)?

[dadgar]

@gliptak Yep that would be the first thought. I want to see how docker does it itself too

[dadgar]

@evan2645 This PR makes Nomad behave the same as docker: #2190

[evan2645]

WooHoo!! Thank you @dadgar

[github-actions]

I'm going to lock this issue because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.