From cd8c0085b1386a15856ddafc53e19b1250ab622d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 9 Oct 2019 00:19:53 +0200 Subject: [PATCH] Don't critically fail on a 403 when listing tags MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Per a report in https://github.com/containers/skopeo/issues/726 , it can happen if the user is not allowed the ListImages action on AWS ECR. Signed-off-by: Miloslav Trmač --- cmd/skopeo/inspect.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/cmd/skopeo/inspect.go b/cmd/skopeo/inspect.go index b6904fe0..803c1c1a 100644 --- a/cmd/skopeo/inspect.go +++ b/cmd/skopeo/inspect.go @@ -11,7 +11,7 @@ import ( "github.com/containers/image/v5/image" "github.com/containers/image/v5/manifest" "github.com/containers/image/v5/transports" - "github.com/opencontainers/go-digest" + digest "github.com/opencontainers/go-digest" "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/urfave/cli" @@ -177,7 +177,9 @@ func (opts *inspectOptions) run(args []string, stdout io.Writer) (retErr error) // some registries may decide to block the "list all tags" endpoint // gracefully allow the inspect to continue in this case. Currently // the IBM Bluemix container registry has this restriction. - if !strings.Contains(err.Error(), "401") { + // In addition, AWS ECR rejects it with 403 (Forbidden) if the "ecr:ListImages" + // action is not allowed. + if !strings.Contains(err.Error(), "401") && !strings.Contains(err.Error(), "403") { return fmt.Errorf("Error determining repository tags: %v", err) } logrus.Warnf("Registry disallows tag list retrieval; skipping")