mayflower / docker-ls Goto Github PK

Tools for browsing and manipulating docker registries.

License: MIT License

Go 97.51% Shell 1.69% Dockerfile 0.80%

docker-ls's Introduction

What is it?

Docker-ls is a set of CLI tools for browsing and manipulating docker registries. In particular, docker-ls can handle authentication and display the sha256 content digests associated with tags.

What registries are supported

Only V2 registries are supported. Both HTTP Basic auth and Docker style token authentication are supported for authentication.

Installation

Six ways there are to attain enlightenment.

Precompiled binaries

Just download precompiled binaries for your platform from GitHub.

MacOS / Homebrew

You can install docker-ls directly from Homebrew:

brew install docker-ls

Gentoo / portage

emerge docker-ls

NixOS

nix-env -iA nixos.docker-ls

Arch Linux

Package in the AUR available.

Docker

If you have Docker installed, you may want to try this option. Clone the repository and do:

docker build -t docker-ls .

Example of running container:

$ docker run -it docker-ls docker-ls tags library/consul
requesting list . done
repository: library/consul
tags:
- latest
- v0.6.4

Or create aliases:

$ alias docker-ls='docker run -it docker-ls docker-ls'
$ alias docker-rm='docker run -it docker-ls docker-rm'

So you can do:

$ docker-ls tags library/consul
requesting list . done
repository: library/consul
tags:
- latest
- v0.6.4

and:

$ docker-rm | head -n 3
usage: docker-rm [options] <repository:reference>

Delete a tag in a given repository.

Go get

Provided that you sport an installation of golang, the latest version from master can be installed via

go get -d github.com/mayflower/docker-ls/cli/...
go generate github.com/mayflower/docker-ls/lib/...
go install github.com/mayflower/docker-ls/cli/...

Isn't a simple go get github.com/mayflower/docker-ls/cli/... sufficient, you ask? Indeed it is, but including the generate step detailed above will encode verbose version information in the binaries.

Usage

Docker-ls contains two CLI tools: docker-ls and docker-rm .

docker-ls

docker-ls is a browser for docker registries. Output is either encoded as YAML or as JSON.

Several subcommands are available

docker-ls repositories Obtains a list of repositories on the server. This is not supported by the official docker hub.
docker-ls tags Lists all tags in a a particular repository.
docker-ls tag Inspect a particular tag. This command displays a condensed version of the corresponding manifest by default, but the --raw-manifest option can be used to dump the full manifest. The --parse-history option can be used to display the JSON-encoded history within the manifest.

Authentication and credentials

docker-ls supports the following authentication methods:

"Classic" docker registry token authentication. This is the default if credentials are supplied on the command line. If credentials are taken from a previous docker login, this is the default unless the credentials contains an identity token.
OAuth2 authentication. This is used if the credentials are taken from a previous docker login and contain an identity token.
Basic auth. This needs to be requested explicitly on the CLI.

Credentials are automatically taken from a previous docker login or specified on the command line. docker-ls implicitly uses the same credential store and helpers used by docker.

Logging into Amazon ECR requires Basic auth, the same goes for Google GCR.

Important command line flags

This list is not exhaustive; please consult the command line (-h) help for all options.

--registry <url> (-r) Connect to the registry at <url>. The URL must include the protocol (http / https). By default, docker-ls targets the official docker hub.
--user <user> (-u) Username for authentication.
--password <password> (-p) Password for authentication.
--user-agent <agent string> Use a custom user agent.
--interactive-password(-i) Read the password from an interactive prompt.
--level <depth> (-l) The repositories and tags subcommands support this option for recursive output. Depths 0 (default) and 1 are supported. Please note recursion means more API requests and may be slow.
--json (-j) Switch output format from YAML to JSON.
--template (-t) Use a named golang template from the configuration for output (see below)
--template-source Use the specified template for output (see below)
--basic-auth Use HTTP basic auth for authentication (instead of token authentication).
--allow-insecure Do not validate SSL certificates (useful for registries secured with a self-signed certificate).
--manifest-version Request either manifest version V2.1 (--manifest-version 1 or manifest version V2.2 (--manifest-version 2, default) from the registry. Please note that deleting manifests from registry version >= 2.3 will work only with content digests from a V2.2 manifest.
--debug Enable debug output.

WARNING: This is exactly what the name suggests: debugging output. It contains raw data structures, may include your credentials in verbatim and may or may not help you. Use with care.

Examples

List all repositories in a custom registry:

docker-ls repositories --registry https://my.registry.org --user hanni --password hanni123

List all repositories in a custom registry, including their tags:

docker-ls repositories --registry https://my.registry.org --user hanni --password hanni123 --level 1

List all tags in stuff/busybox using HTTP basic auth

docker-ls tags --registry https://my.registry.org --user hanni --password hanni123 --basic-auth stuff/busybox

Inspect tag stuff/busybox:latest, no authentication, JSON output.

docker-ls tag --registry https://my.registry.org --json stuff/busybox:latest

Inspect tag stuff/busybox:latest, no authentication, dump the raw manifest with parsed history as JSON.

docker-ls tag --registry https://my.registry.org --json --raw-manifest --parse-history stuff/busybox:latest

Notes considering the offical registry

If no registry is specified, docker-ls will target the official registry server at https://index.docker.io. Please note that:

The official registry does not support repository listing via docker-ls repositories
Official repositories must be prefixed with library/, e.g. docker-ls tags library/debian

docker-rm

docker-rm can delete particular tags. Example:

docker-rm --registry https://my.registry.org --user someuser --password somepass busybox:sha256:51fef[...]

(the digest has been truncated for brevity). Please consult the command line help for a full list of all arguments.

Some remarks:

The tag must be specified as a sha256 content digest.
While tags can be deleted, the current registry implementation will (to the best of my knowledge) not free the space associated with any resulting unused layers
Deleting stuff is currently disabled by default in the official registry and needs to be enabled explicitly — check out this issue for details.
Content digests obtained with --manifest-version 1 will not work with registry version >= 2.3.
BE CAREFUL! The API does not implement undelete :)

Using a proxy

docker-ls supports HTTP / HTTPS proxies configured via the corresponding canonical environment variables. Check out the corresponding documentation for details.

Configuration via config files and environment variables

All options that can be specified via CLI flags can be read from a config file or from an environment variables. The priority is CLI flag > environment variable > config file.

Config files

By default, both tools try to read ~/.docker-ls.[yaml|json|toml|...] (please check the Viper documentation for a full list of the supported formats). The names of the keys in the file are the long names of the CLI flags. For example, the following YAML file would configure registry URL and username

registry: https://foo.bar.com
user: foo

Other config files can be specified via the --config option.

Template Output

Output of the various docker-ls subcommands can be further customized by using golang templates.

Predefined templates

Named templates can be configured in the templates section of the configuration file. When docker-ls is invoked, the -t parameter (see above) can be used to select a named template for formatting the output.

Example: The following YAML section defines a template that outputs the list of tags in a repository as a simple HTML document.

templates:
  taglist_html: |
    <head></head>
    <body>
        <h1>Tags for repository {{ html .Repository }}</h1>
        <ul>
            {{- range .Tags }}
            <li>{{ html . }}</li>
            {{- end }}
        </ul>
    </body>

It can be invoked by running i.e.

docker-ls tags -t taglist_html /library/debian

Inline templates

Simple templates can also be passed directly on the command line using the --template-source parameter:

docker-ls tag --template-source '{{ .TagName }}: {{ .Digest }}'  /library/debian:wheezy

Template variables

Inside templates, all fields of the corresponding JSON / YAML output can be accessed in pipeline expressions. The first letter of all field names is capitalized, with the exception of manifests that are directly returned from the registry by using docker-ls tag --raw-manifest: for those, the JSON / YAML field names are unchanged.

Environment variables

In addition to config files and CLI flags, environment variables can be used to specify options globally. The name is determined by taking the long CLI name, uppercasing replacing hyphens "-" with underscores "_" and prefixing the result with "DOCKER_LS_". For example, the following would enable interactive password prompts for all consecutive invocations:

export DOCKER_LS_INTERACTIVE_PASSWORD=1

Shell autocompletion

Both docker-ls and docker-rm support shell autocompletion for subcommands and options. To enable this, source the output of docker-ls autocomplete bash|zsh and docker-rm autocomplete bash|zsh in the running shell. In case of bash, this can be achieved with

$ source <(docker-ls autocomplete bash)

License

Docker-ls is distributed under the terms of the MIT license.

docker-ls's People

Contributors

Stargazers

Watchers

docker-ls's Issues

no such repository error from `tags` command

using private gitlab server, i get repository from docker-ls repositories listing, but querying individual tags tells no such repository error:

+ docker-ls repositories
advertising/ads-video-converter/test
+ docker-ls tags advertising/ads-video-converter/test
advertising/ads-video-converter/test: no such repository

i believe it happens the way gitlab deletes docker images:

$ docker pull glen/scratch
$ docker tag glen/scratch registry.gitlab.com/glensc/test-docker-ls/builds:build-1
$ docker push registry.gitlab.com/glensc/test-docker-ls/builds:build-1

$ docker-ls tags glensc/test-docker-ls/builds
requesting list . done
repository: glensc/test-docker-ls/builds
tags:
- build-1

i hit delete for the tag:

-> still ok

i hit delete for the image:

$ docker-ls tags glensc/test-docker-ls/builds
requesting list . done
glensc/test-docker-ls/builds: no such repository

docker-ls return wrong digest value DockerRegistry>2.3

Note When deleting a manifest from a registry version 2.3 or later, the following header must be used when HEAD or GET-ing the manifest to obtain the correct digest to delete:

Accept: application/vnd.docker.distribution.manifest.v2+json

Autocompletion got "bad option: -t" in zsh

Environmentz

macOS 10.15.7 (19H2)
zsh 5.8 (x86_64-apple-darwin19.6.0)
docker-ls version: 0.5.0 (git:0eb4c9a) (go1.15.5 darwin amd64)

Error message

docker-ls

source <(docker-ls autocomplete bash)

stdout:

/dev/fd/14:type:795: bad option: -t

docker-rm

source <(docker-rm autocomplete bash)

stdout

/dev/fd/14:type:569: bad option: -t

Feature request: repo:tag list

Hi,

I am using docker-ls to list the registry, but I would like to have a feature which is very useful for scripting, which is a list with one repo:tag per line.

I have done it with a shell script around docker-ls in the following form:

#!/bin/bash
for repo in `docker-ls repositories -table -level 0 -progress-indicator=false | grep -v REPOSITORY`; do
	TAGS="$(docker-ls tags -progress-indicator=false -json $repo | jq -r '.Tags[]')"
	for tag in `echo $TAGS`; do
		echo $repo:$tag
	done
done

Would it be hard to implement?

can't delete an image

I don't succeed to delete an image

Get tags::

$ docker run -it docker-ls docker-ls tags --registry http://docker.corp.com proj-prod/proj_mix-app
requesting list . done
repository: proj-prod/proj_mix-app
tags:
- latest
$

Get tag::

$ docker run -it docker-ls docker-ls tag --registry http://docker.corp.com proj-prod/proj_mix-app:latest
requesting manifest . done
repository: proj-prod/proj_mix-app
tagName: latest
digest: sha256:dabcbeaebfb1b230476e064e5e9ee8cb4f09c3b839cde9336e5462b205744f8f
layers:
- sha256:4e6d082eb9bac6200504f37b1899dde47e14b668ef958ac6fdcd4faaa15eca0c
- sha256:1d90a4de5d4e86a91d02da42bd8dd98d41b875f4d4a8549bd213318b33f9b0fa
- sha256:0803109b66d66d3324bbd943d9824674fa5cce3ab8dd5b47c1301ce2f75de9ab
- sha256:...
- sha256:469ff7b80a96f039346871094fa359fc3c7a31e13ac317fa47fb96fa7155e8fb
- sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
- sha256:43c265008fae5d1f3cbee0dac9697235320b174d85acbed002a4fe44236adec0
(venv)luis@spinoza:~/lab/sandbox/docker-ls$

from the above I get the dabcbeaebfb1b230476e064e5e9ee8cb4f09c3b839cde9336e5462b205744f8f but Delete does not work on my side::

$ docker run -it docker-ls docker-rm --registry http://docker.corp.com proj_mix-app:sha256:dabcbeaebfb1b230476e064e5e9ee8cb4f09c3b839cde9336e5462b205744f8f
ERROR: invalid API response status 301
$

the registry has a true value for REGISTRY_STORAGE_DELETE_ENABLED is set to true::

# cat docker-compose.yml 
version: '2'
services:
  docker-registry:
    container_name: docker-registry
    image: registry:2
    restart: unless-stopped
    ports:
      - 5000:5000
    environment:
      REGISTRY_STORAGE_DELETE_ENABLED: "true"
    volumes:
      - docker-registry-volume:/var/lib/registry
      - /root/docker.corp.com/registry/docker.corp.com.auth:/auth
 
volumes:
  docker-registry-volume:
    driver: local

Feature request: docker-rm an entire repo

Hi,

I am using docker-rm to delete tags, but when I delete all the tags, there is still a repo without tags in there.

Any idea how to delete that repo? Would that be something that docker-rm could do?

Best,

Add option set http_user_agent

docker-ls --set-agent=docker

Change agent
"GET /v2/_catalog?n=100 HTTP/1.1" 404 764 "-" "Go-http-client/1.1"

https://stackoverflow.com/questions/13263492/set-useragent-in-http-request
req.Header.Set("User-Agent", "Golang_Spider_Bot/3.0")

Reference is not a content digest

Hi all,

Thanks for the library, it's quite useful. However, I have a problem removing the images from the registry. Here is the command and output:

docker run -it docker-ls docker-rm --registry https://[myurl] --user [username] --password [password] walnut-project/walnut/big_nut:94805918c838241ea1d29c434965dc1ea8a2b84613d9748b0da42614703de1c3
invalid request --- make sure that your reference is a content digest

I have also tried with the small sha hash, but with the same result.

Am I doing something wrong or is it a bug?

Doesn't seem to work with aws ecr registries

Get this with ecr registries, and yet skopio can access the registry fine based on credentials in ~/.docker/config.json:

$ docker-ls repositories  --registry https://111111111111.dkr.ecr.us-east-1.amazonaws.com
requesting list . done
malformed challenge header: 'Basic realm="https://111111111111.dkr.ecr.us-east-1.amazonaws.com/",service="ecr.amazonaws.com"' Are you shure that you are using the correct (token) auth scheme?

$ docker-ls tags  --registry https://111111111111.dkr.ecr.us-east-1.amazonaws.com myrepo/images
requesting list . done
malformed challenge header: 'Basic realm="https://111111111111.dkr.ecr.us-east-1.amazonaws.com/",service="ecr.amazonaws.com"' Are you shure that you are using the correct (token) auth scheme?

$ skopeo inspect docker://111111111111.dkr.ecr.us-east-1.amazonaws.com/myrepo/image
{
    "Name": "111111111111.dkr.ecr.us-east-1.amazonaws.com/myrepo/image",
    "Digest": "sha256:5340a616e7de2e75f3a18f1bac69abc9605c5ad2e795ed3f06c61de3d12667e6",

We can also do this (from aws docs):

$ TOKEN=$(aws ecr get-authorization-token --registry-ids 111111111111 --profile foo --region us-east-1 --output text --query authorizationData[].authorizationToken)
$ curl -ns -H "Authorization: Basic $TOKEN" https://111111111111.dkr.ecr.us-east-1.amazonaws.com/v2/_catalog|jq '.'
{
  "repositories": [
    "myrepo/image"

Any thoughts, suggestions? Is docker-ls still being actively developed, or should we use something else?

can docker-rm be used to delete images from a private registry on docker.com?

I can list the tag manifest for a particular tag, but when I try to docker-rm the tag I get:
docker-rm --user myid -p passwd myid/repo:sha256:c32132207f45c924f1f1aab8b607ca9bbb085896a2f88c86c791cf2b3ef99e8e
invalid API response status 405

Should I be able to delete tags from docker.com? Is there some other way to do this?
tks

bogus error from option parsing

# ./docker-ls '--registry=https://gitlab.example.net:4567'
Error: unknown flag: --registry
Usage:
  docker-ls [command]

Available Commands:
  autocomplete Generate autocompletion snippet
  help         Help about any command
  repositories List repostiories
  tag          Show tag details
  tags         List tags
  version      Show version

Flags:
  -c, --config string   read config from specified file (default: look for config in home directory)
  -h, --help            help for docker-ls

Use "docker-ls [command] --help" for more information about a command.

unknown flag: --registry

the flag is not unknown, i just didn't specify command yet.

Docker build failing

Running docker build from the published docker file fails:

FROM golang:latest AS build
ENV CGO_ENABLED=0
ENV GOOS=linux
ENV GOARCH=amd64
ADD . /go/src/github.com/mayflower/docker-ls
WORKDIR /go/src/github.com/mayflower/docker-ls
RUN set -ex \
  && go generate  github.com/mayflower/docker-ls/lib/... \
  && go build     github.com/mayflower/docker-ls/cli/docker-ls \
  && go build     github.com/mayflower/docker-ls/cli/docker-rm

# Target container that is produced by docker build
FROM alpine:latest
RUN set -ex \
  && apk add --no-cache ca-certificates
LABEL MAINTAINER="Mayflower GmbH"
COPY --from=build /go/src/github.com/mayflower/docker-ls/docker-* /bin/

docker build -t docker-ls .

docker build -t docker-ls .
Sending build context to Docker daemon  10.63MB
Step 1/11 : FROM golang:latest AS build
latest: Pulling from library/golang
dc65f448a2e2: Pull complete 
346ffb2b67d7: Pull complete 
dea4ecac934f: Pull complete 
8ac92ddf84b3: Pull complete 
7ca605383307: Pull complete 
f47e6cebc512: Pull complete 
530350156010: Pull complete 
Digest: sha256:9295ba678e3764d79ac0aeabdbcf281a91933c81c8de29387d8a2f557e256cdb
Status: Downloaded newer image for golang:latest
 ---> 297e5bf50f50
Step 2/11 : ENV CGO_ENABLED=0
 ---> Running in bb131905e4f6
Removing intermediate container bb131905e4f6
 ---> 9798cd8f76eb
Step 3/11 : ENV GOOS=linux
 ---> Running in 5531b79310b1
Removing intermediate container 5531b79310b1
 ---> 458cf27faa3d
Step 4/11 : ENV GOARCH=amd64
 ---> Running in 94fb08ce6468
Removing intermediate container 94fb08ce6468
 ---> 2493eda020b0
Step 5/11 : ADD . /go/src/github.com/mayflower/docker-ls
 ---> efbe9610db9e
Step 6/11 : WORKDIR /go/src/github.com/mayflower/docker-ls
 ---> Running in 418c21db6709
Removing intermediate container 418c21db6709
 ---> 6a3a0c2a2292
Step 7/11 : RUN set -ex   && go generate  github.com/mayflower/docker-ls/lib/...   && go build     github.com/mayflower/docker-ls/cli/docker-ls   && go build     github.com/mayflower/docker-ls/cli/docker-rm
 ---> Running in 24e8a7cd5878
+ go generate github.com/mayflower/docker-ls/lib/...
go: warning: "github.com/mayflower/docker-ls/lib/..." matched no packages
+ go build github.com/mayflower/docker-ls/cli/docker-ls
can't load package: package github.com/mayflower/docker-ls/cli/docker-ls: cannot find package "github.com/mayflower/docker-ls/cli/docker-ls" in any of:
	/usr/local/go/src/github.com/mayflower/docker-ls/cli/docker-ls (from $GOROOT)
	/go/src/github.com/mayflower/docker-ls/cli/docker-ls (from $GOPATH)
The command '/bin/sh -c set -ex   && go generate  github.com/mayflower/docker-ls/lib/...   && go build     github.com/mayflower/docker-ls/cli/docker-ls   && go build     github.com/mayflower/docker-ls/cli/docker-rm' returned a non-zero code: 1

docker-rm results in "The operation is unsupported" error

If I use docker-rm to delete a tag, I get:

$ docker-rm --registry http://docker.au.ivc test-image/sha256:09de1cdf2a26692e344cdf4a5265c11760689ec32176405e996d16a0089ff02e
ERROR: invalid API response status 405

The private Docker registry responds with:

registry_1 | time="2016-03-15T02:40:12Z" level=error msg="response completed with error" err.code=unsupported err.message="The operation is unsupported." go.version=go1.5.3 http.request.host=docker.au.ivc http.request.id=c10f5fa1-5858-4824-ba4f-99cbd66c08e0 http.request.method=DELETE http.request.remoteaddr=192.168.12.171 http.request.uri="/v2/test-image/sha256/manifests/09de1cdf2a26692e344cdf4a5265c11760689ec32176405e996d16a0089ff02e" http.request.useragent="Go-http-client/1.1" http.response.contenttype="application/json; charset=utf-8" http.response.duration=2.512954ms http.response.status=405 http.response.written=78 instance.id=0b1cd77a-b90f-457e-808d-c5db2c49fb03 vars.name="test-image/sha256" vars.reference=09de1cdf2a26692e344cdf4a5265c11760689ec32176405e996d16a0089ff02e version=v2.3.1 
registry_1 | 172.17.0.4 - - [15/Mar/2016:02:40:12 +0000] "DELETE /v2/test-image/sha256/manifests/09de1cdf2a26692e344cdf4a5265c11760689ec32176405e996d16a0089ff02e HTTP/1.0" 405 78 "" "Go-http-client/1.1"
nginx_1    | 192.168.12.171 - - [15/Mar/2016:02:40:12 +0000] "DELETE /v2/test-image/sha256/manifests/09de1cdf2a26692e344cdf4a5265c11760689ec32176405e996d16a0089ff02e HTTP/1.1" 405 78 "-" "Go-http-client/1.1" "-"

The registry consists off:

data/docker/registry/v2/repositories/test-image
data/docker/registry/v2/repositories/test-image/_layers
data/docker/registry/v2/repositories/test-image/_layers/sha256
data/docker/registry/v2/repositories/test-image/_layers/sha256/a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
data/docker/registry/v2/repositories/test-image/_layers/sha256/a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4/link
data/docker/registry/v2/repositories/test-image/_layers/sha256/5a132a7e7af11f304041e93efb9cb2a0a7839bccaec5a03cfbdc9a3f5d0eb481
data/docker/registry/v2/repositories/test-image/_layers/sha256/5a132a7e7af11f304041e93efb9cb2a0a7839bccaec5a03cfbdc9a3f5d0eb481/link
data/docker/registry/v2/repositories/test-image/_layers/sha256/fd2731e4c50ce221d785d4ce26a8430bca9a95bfe4162fafc997a1cc65682cce
data/docker/registry/v2/repositories/test-image/_layers/sha256/fd2731e4c50ce221d785d4ce26a8430bca9a95bfe4162fafc997a1cc65682cce/link
data/docker/registry/v2/repositories/test-image/_layers/sha256/1dce7048719ecd644166c00185a7b0fe19bdf5a4b6367d88a56a266943fe3fae
data/docker/registry/v2/repositories/test-image/_layers/sha256/1dce7048719ecd644166c00185a7b0fe19bdf5a4b6367d88a56a266943fe3fae/link
data/docker/registry/v2/repositories/test-image/_layers/sha256/946af08b283ebe2bc30755934b6b2acee29c211eb1ee32e3500fe1ef6dc08090
data/docker/registry/v2/repositories/test-image/_layers/sha256/946af08b283ebe2bc30755934b6b2acee29c211eb1ee32e3500fe1ef6dc08090/link
data/docker/registry/v2/repositories/test-image/_layers/sha256/28a2f68d1120598986362662445c47dce7ec13c2662479e7aab9f0ecad4a7416
data/docker/registry/v2/repositories/test-image/_layers/sha256/28a2f68d1120598986362662445c47dce7ec13c2662479e7aab9f0ecad4a7416/link
data/docker/registry/v2/repositories/test-image/_uploads
data/docker/registry/v2/repositories/test-image/_manifests
data/docker/registry/v2/repositories/test-image/_manifests/revisions
data/docker/registry/v2/repositories/test-image/_manifests/revisions/sha256
data/docker/registry/v2/repositories/test-image/_manifests/revisions/sha256/09de1cdf2a26692e344cdf4a5265c11760689ec32176405e996d16a0089ff02e
data/docker/registry/v2/repositories/test-image/_manifests/revisions/sha256/09de1cdf2a26692e344cdf4a5265c11760689ec32176405e996d16a0089ff02e/link
data/docker/registry/v2/repositories/test-image/_manifests/tags
data/docker/registry/v2/repositories/test-image/_manifests/tags/latest
data/docker/registry/v2/repositories/test-image/_manifests/tags/latest/index
data/docker/registry/v2/repositories/test-image/_manifests/tags/latest/index/sha256
data/docker/registry/v2/repositories/test-image/_manifests/tags/latest/index/sha256/09de1cdf2a26692e344cdf4a5265c11760689ec32176405e996d16a0089ff02e
data/docker/registry/v2/repositories/test-image/_manifests/tags/latest/index/sha256/09de1cdf2a26692e344cdf4a5265c11760689ec32176405e996d16a0089ff02e/link
data/docker/registry/v2/repositories/test-image/_manifests/tags/latest/current
data/docker/registry/v2/repositories/test-image/_manifests/tags/latest/current/link

Am I using the incorrect digest or is there something wrong.

I used docker-rm from zipfile docker-ls-linux-amd64.zip (sha256:9e397140baf7d6aaac46af3141957e02b8c46854aa616f3ff1cc93190f912c9a)

support official image form

https://docs.docker.com/engine/reference/run/#general-form

the form is:

IMAGE[:TAG|@DIGEST]

but this does not work:

$ docker-rm ed/gitlab-runner/builds@sha256:82ff0936da09b40393c21cda464312907449aef7069aeebd1ee4fe4938ff2de5
ed/gitlab-runner/builds@sha256:82ff0936da09b40393c21cda464312907449aef7069aeebd1ee4fe4938ff2de5 : no such repository or reference

and afaik the tag could be specified too, but it's just ignored, but visually looking better:

ed/gitlab-runner/builds:some_tag@sha256:82ff0936da09b40393c21cda464312907449aef7069aeebd1ee4fe4938ff2de5

can't find the blog post right now about that.

quiet option to avoid "requesting list . done" in the output

Hi,

I have written a small shell script around docker-ls, and I would love to have a quiet -q option to avoid those characters "requesting list . done" in the ouput.

Thanks for the tool.

read auth info from docker config

.dockercfg and .docker/config.json contain registry auth info ("encrypted" with base64)
it would be nice if docker-ls could pull it automatically

Issue with token cache

I seem to be having an issue with the token cache when accessing a Docker private registry behind a Gitlab CE installation. At first it works fine after some time it results in 403 responses from the Gitlab OAuth service. If I try a new server to connect from it works again, and after some time it doesnt.

Seems like the docker-ls is caching a token and not clearing it correctly on token check fail.

List tags by digest

Hi.

Is there a way to get all the tags that point to the exact same image?
I mean listing tags associated with a particular digest or maybe another tag.

Build is failed

Hi
Is these any specific prerequisites ? When I run
docker build -t docker-ls .
I get error
Step 5/5 : RUN make clean && make install && cp /go/src/github.com/mayflower/docker-ls/build/bin/* /usr/local/bin/
---> Running in 89eec4f7eb7f
rm -fr ./build ./docker-ls.debug
mkdir -p ././build/src/github.com/mayflower/docker-ls
for srcdir in cli lib;
do
ln -s pwd/$srcdir ././build/src/github.com/mayflower/docker-ls/$srcdir;
done
if test -n "gopkg.in/yaml.v2 golang.org/x/crypto/ssh/terminal"; then GOPATH=pwd/./build go get gopkg.in/yaml.v2 golang.org/x/crypto/ssh/terminal; fi
package gopkg.in/yaml.v2: unrecognized import path "gopkg.in/yaml.v2" (https fetch: Get https://gopkg.in/yaml.v2?go-get=1: dial tcp: i/o timeout)
^Tpackage golang.org/x/crypto/ssh/terminal: unrecognized import path "golang.org/x/crypto/ssh/terminal" (https fetch: Get https://golang.org/x/crypto/ssh/terminal?go-get=1: dial tcp: i/o timeout)
Makefile:67: recipe for target 'build' failed
make: *** [build] Error 1
The command '/bin/sh -c make clean && make install && cp /go/src/github.com/mayflower/docker-ls/build/bin/* /usr/local/bin/' returned a non-zero code: 2

support unlimited paging

The repositories command needs unlimited paging support. I run this fragment daily and suddenly the found repositories count became 100:

    printf "Fetching repositories..."
    repos=$(docker-ls repositories | jq -r '.Repositories[]')
    printf "%d repositories found\n" "$(echo "$repos" | wc -l)"

... which is weird as command usage says the default is 100, and i have made no code changes, why it found 515 before?

# less /var/log/cronlogs/gitlab-delete-build-images |grep Fetching.rep
2019-02-15 16:58:27.450820467+02:00 O: Fetching repositories...525 repositories found
2019-02-16 02:05:47.290234647+02:00 O: Fetching repositories...525 repositories found
2019-02-17 02:05:52.705250692+02:00 O: Fetching repositories...525 repositories found
2019-02-18 02:04:31.973095461+02:00 O: Fetching repositories...100 repositories found
2019-02-19 02:04:41.782786956+02:00 O: Fetching repositories...100 repositories found
2019-02-20 02:04:35.441645254+02:00 O: Fetching repositories...100 repositories found
2019-02-21 02:04:44.042338783+02:00 O: Fetching repositories...100 repositories found
2019-02-22 02:04:41.641497521+02:00 O: Fetching repositories...100 repositories found

Insecure Registry

Please can you confirm whether this is supported on a insecure registry i.e. without having to pass authentication details?

Thanks

Offer an alternative interface for specifying registy/repo/tag triple with docker-style syntax

When listing tags of official repository results in error.

> docker-ls tags redis
ERROR: authorization rejected by registry

Listing it with library/ prefix works.

> docker-ls tags library/redis
requesting list . done
repository: library/redis
tags:
- "2"
...

Would it make sense to prepend library/ for images without <vendor>/?

docker-ls and registry.gitlab.com

Hey, as you might know Gitlab.com has a powerful CI and also supplies a private docker registry (per repo). So, pushing images to the registry works like a charm from the CI after a

$ DOCKER_REGISTRY=registry.gitlab.com/${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}
$ echo "$REGISTRY_API_TOKEN" | docker login "$CI_REGISTRY" --username "$CI_PROJECT_NAMESPACE" --password-stdin

Locally I can even pull my built images after issuing the commands above... but I cant docker-ls the tags in the repo... I tried may combination like:

$ docker-ls tags --registry https://registry.gitlab.com --user <gilab user> --password "$REGISTRY_API_TOKEN"
requesting list . done
authorization rejected by registry
$ docker-ls tags --registry https://<gitlab user>:$REGISTRY_API_TOKEN@registry.gitlab.com/<gitlab user> ${CI_PROJECT_NAME}
requesting list . done
authentication against auth server failed with code 403
$ docker-ls tags --registry https://registry.gitlab.com --user <gilab user> --password $REGISTRY_API_TOKEN <gilab user>/${CI_PROJECT_NAME}
requesting list . done
<gilab user>/${CI_PROJECT_NAME}: no such repository

Could you help me out?

`respository` typo?

Is respository instead of repository in code intentional or just typo?

> docker-ls tags # show me help please 
usage: docker-ls tags [options] <respository>
...

Local name servers are not used

Hi,
when used with a local private registry, docker-ls tries to resolve the host name via Google DNS servers (8.8.8.8) and hence doesn't see locally configured DNS names. Is there a way to not enforce Google DNS and just use the default system-defined name servers?

$ docker-ls repositories --registry https://registry.mydomain.org:5000
requesting list . done
ERROR: Get https://registry.mydomain.org:5000/v2/_catalog?n=100: dial tcp: lookup registry.mydomain.org on 8.8.8.8:53: no such host

Tested with most recent master branch, commit 3c5e2de, and installation through Docker.

Authorization issue for tags on GCR

When attempting docker-ls tags gcr.io/.../..., on a repository I can push and pull to, I get:

requesting list . done
authorization rejected by registry

Without verbose output, I'm unclear on how to debug this.

Unable to docker-ls repositories as non-admin user

From the command line running the following command as a non-admin user outputs "authorization rejected by registry".

$ docker-ls repositories --registry https://my.registry.org --user myuser --password mypassword

Running the same command as admin user outputs ALL repos as expected.

Is this as designed? If so, why aren't users that are able to log-in to Harbor, not able to list the repositories from the command line.

Passwords on the command line are bad

The password should be prompted for upon run, or used from the ~/.docker/config.json file. Passing a password on the command line is very insecure.

mayflower / docker-ls Goto Github PK

docker-ls's Introduction

What is it?

What registries are supported

Installation

Precompiled binaries

MacOS / Homebrew

Gentoo / portage

NixOS

Arch Linux

Docker

Go get

Usage

docker-ls

Authentication and credentials

Important command line flags

Examples

Notes considering the offical registry

docker-rm

Using a proxy

Configuration via config files and environment variables

Config files

Template Output

Predefined templates

Inline templates

Template variables

Environment variables

Shell autocompletion

License

docker-ls's People

Contributors

Stargazers

Watchers

Forkers

docker-ls's Issues

Environmentz

Error message

docker-ls

docker-rm

Recommend Projects

Recommend Topics

Recommend Org

Jobs