ocm toi required docker login

[dee0sap]

Context
While ocm transfer cv is able to use the credentials found from my .ocmconfig when transferring component versions to/from my OCI registry, ocm bootstrap cv requires that I have used docker login to authenticate with it.

Annoyingly, ocm bootstrap cv does successfully access the registry while fetching the information about the specified toiPackage. The problem is when it tries to use the docker API to pull the executor image. It doesn't provide the docker API with credentials that itself used when asking the registry

Version
v0.20.0

To Reproduce
Steps to reproduce the behavior:
Use ocm bootstrap cv but make sure that your docker config doesn't contain credentials for the OCI registry containing the executor image.

Actual behavior
Execution fails with error like

using executor image #redacted/docker/sac-bootstrap:1.0.35@sha256:ef0fa59ae4943cb30f7ebaabbae2d29716ed87f6fcea954519099876f7e842ec[["name"="bootstrap-image"]] with credentials [kubeconfigMCPOnboarding->kubeconfigMCPOnboarding ociRegistry->ociRegistry]
Unable to find image '#redacted/docker/sac-bootstrap:1.0.35@sha256:ef0fa59ae4943cb30f7ebaabbae2d29716ed87f6fcea954519099876f7e842ec' locally
Error: unable to pull image: Error response from daemon: {"message":"unable to retrieve auth token: invalid username/password: unknown: Authentication is required"}

Expected behavior
If ocm is able to access the registry where my component and its resources are, say when executing ocm transfer then I expect ocm bootstrap cv to not fail due to issues with the above error.

Screenshots (optional)
Redacted output from ocm

ocm bootstrap cv -o outdir9 setup #redacted//com.sap.sac/sac-bootstrap:1.0.36 
using executor config:
  noExecutorConfigRequired: true
  
using ocm config:
  configurations:
  - credentials:
    - credentials:
        kubeconfig: |
		#redacted 
      credentialsName: kubeconfigMCPOnboarding
    - credentials:
	    #redacted 
      credentialsName: ociRegistry
    repoName: default
    type: memory.credentials.config.ocm.software
  - consumers:
    - credentials:
      - credentialsName: kubeconfigMCPOnboarding
        repoName: default
        type: Memory
      identity:
        type: kubeconfigMCPOnboarding
    - credentials:
      - credentialsName: ociRegistry
        repoName: default
        type: Memory
      identity:
        type: OCIRegistry
    - credentials:
      - credentialsName: Credentials
        properties:
		# redacted 
        type: Credentials
      identity:
        hostname: #redacted 
        pathprefix: ""
        type: OCIRegistry
    type: credentials.config.ocm.software
  - contextType: default
    settings:
      defaultLevel: Warn
    type: logging.config.ocm.software
  type: generic.config.ocm.software
  
using package parameters:
:  config:
    setup:
      entrypoint:
        config:
          name: my-sovereign-landscape-0
      gaSubdomain: #redacted 
      mcpName: mcp-0
      mcpProjectName: project-sac-toi-29
      mcpWorkspaceName: workspace-0
      region: europe
      regionDirection: central
      userEmail: #redacted 
  library:
    <<: (( &temporary ))
    getCredentials: (( &temporary( lambda |x,y|->defined(stub(getCredentials)) ? stub(getCredentials)(x,y)
      :getCredentials(x,y) ) ))
  
using executor parameters:
  config:
    setup:
      entrypoint:
        config:
          name: my-sovereign-landscape-0
      gaSubdomain: #redacted 
      mcpName: mcp-0
      mcpProjectName: project-sac-toi-29
      mcpWorkspaceName: workspace-0
      region: europe
      regionDirection: central
      userEmail: #redacted 
  credentials:
    kubeconfigMCPOnboarding: |+
      #redacted 
    oci:
      #redacted 
  
using executor image #redacted/docker/sac-bootstrap:1.0.35@sha256:ef0fa59ae4943cb30f7ebaabbae2d29716ed87f6fcea954519099876f7e842ec[["name"="bootstrap-image"]] with credentials [kubeconfigMCPOnboarding->kubeconfigMCPOnboarding ociRegistry->ociRegistry]
Unable to find image '#redacted/docker/sac-bootstrap:1.0.35@sha256:ef0fa59ae4943cb30f7ebaabbae2d29716ed87f6fcea954519099876f7e842ec' locally
Error: unable to pull image: Error response from daemon: {"message":"unable to retrieve auth token: invalid username/password: unknown: Authentication is required"}

Environment

• windows
• linux
• [] mac

Additional Comments
Looking at api/ocm/tools/toi/drivers/docker/driver.go and the other code involved in ocm bootstrap cv, I don't think this should be hard to resolve.

And... I asked chatgpt to produce code that would provide the docker API with credentials, just to see what it should look like in general. That code is below

package main

import (
    "context"
    "encoding/base64"
    "encoding/json"
    "fmt"
    "log"
    "os"

    "github.com/docker/docker/api/types/image"
    "github.com/docker/docker/api/types/registry"
    "github.com/docker/docker/client"
)

func main() {
    if len(os.Args) != 3 {
        log.Fatal("Usage: ", os.Args[0], " <username> <password>")
    }

    username := os.Args[1]
    password := os.Args[2]
    imageName := "alpine" // Example image to pull

    // Create a new Docker client
    ctx := context.Background()
    cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
    if err != nil {
        panic(err)
    }
    defer cli.Close()

    // Prepare authentication config
    authConfig := registry.AuthConfig{
        Username: username,
        Password: password,
    }

    // Encode authentication config to JSON and then to Base64
    jsonBytes, err := json.Marshal(authConfig)
    if err != nil {
        panic(err)
    }
    authStr := base64.URLEncoding.EncodeToString(jsonBytes)

    // Pull the image with authentication
    out, err := cli.ImagePull(ctx, imageName, image.PullOptions{RegistryAuth: authStr})
    if err != nil {
        panic(err)
    }
    defer out.Close()

    // Print the output of the pull operation
    _, err = io.Copy(os.Stdout, out)
    if err != nil {
        panic(err)
    }
}