List images in Google Container Registry in Java program

Question

We wanted to list images and tags which names start with certain string. So far, we explored a few java lib (docker-java and spotify ones) and did quite amount of research, but still couldn't find a way out...

docker-java: 'com.github.docker-java', name: 'docker-java', version: '3.2.5'

The follow code lists images from public docker hub, not really the specified GCR. What's the right way to list image from our specified GCR?

DefaultDockerClientConfig config = DefaultDockerClientConfig
                                      .createDefaultConfigBuilder()
                                      .withRegistryUrl("http://eu.gcr.io/data-infrastructure-test-env")
                                      .withDockerConfig("/home/me/.docker/config.json")
                                      .build();

DockerClient dockerClient = DockerClientBuilder.getInstance(config).build();
List<SearchItem> items = dockerClient.searchImagesCmd("daas").exec();
List<String> images = new ArrayList<>();
for (SearchItem searchItem : items){
  images.add(searchItem.getName());
}

Update - some progress

Inspired by this post: How to list images and tags from the gcr.io Docker Registry using the HTTP API?

I tried the following steps with my own google account, which has project owner (w/o firewall) permission:

1. gcloud auth login
2. gcloud auth print-access-token
3. define a function to get string for basic auth:

private String basicAuth(String username, String password) { return "Basic " + Base64.getEncoder().encodeToString((username + ":" + password).getBytes()); }

4, try the following code:

HttpRequest request = HttpRequest.newBuilder().uri(URI.create("https://gcr.io/v2/token?service=eu.gcr.io&scope=registry:my_gcp_project:*"))
    .headers("Accept", "application/json"
          , "Authorization",basicAuth("_token"
                                     ,"the_token_got_from_step_2"))
    .GET()
    .build(); UncheckedObjectMapper objectMapper = new UncheckedObjectMapper(); Map<String, String> response = HttpClient.newHttpClient()
    .sendAsync(request, HttpResponse.BodyHandlers.ofString())
    .thenApply(HttpResponse::body).thenApply(objectMapper::readValue)
    .get();

String token = response.get("token");

request = HttpRequest.newBuilder().uri(URI.create("https://eu.gcr.io/v2/my_gcp_project/my_image/tags/list"))
                                  .header("Authorization","Bearer " + token)
                                   .GET().build(); String response2 = HttpClient.newHttpClient()
    .sendAsync(request, HttpResponse.BodyHandlers.ofString())
    .thenApply(HttpResponse::body)
    .get();

However, the response2 I got was: {"errors":[{"code":"UNAUTHORIZED","message":"Requested repository does not match bearer token resource: data-infrastructure-test-env/daas-master"}]}

Could you help to check what went wrong?

Answer 1

Docker engine API documentation clearly states that the ImageSearch command returns images from the Docker Hub registry: https://docs.docker.com/engine/api/v1.40/#operation/ImageSearch

For searching a GCR registry, you should rather use the Docker registry API.

Answer 2

Finally got it work!

I only need to change the second request uri to be: "https://eu.gcr.io/v2/my_gcp_project/tags/list" instead of "https://eu.gcr.io/v2/my_gcp_project/my_image/tags/list"

and I got some meaningful response back