Add support for docker credential helper

[adrien-piquerez-da]

What would you like to be added?

I would like to use oras-java to download containers from Google container registry. Unfortunately oras-java does not seem to support gcloud credential helper.

Here is my ~/.docker/config.json:

{
  "credHelpers": {
    "europe-docker.pkg.dev": "gcloud"
  }
}

When I run:

val registry = Registry.builder().defaults().build()
val ref = ContainerRef.parse("europe-docker.pkg.dev/***")
registry.pullArtifact(ref, Paths.get("."), true)

I get:

18:21:20.538 [main] DEBUG land.oras.auth.AuthStore -- Loaded auth config file: /Users/adrienpiquerez/.docker/config.json
18:21:20.540 [main] DEBUG land.oras.auth.AuthStore -- Loaded auth config file: /Users/adrienpiquerez/.docker/config.json
18:21:20.544 [main] DEBUG land.oras.auth.HttpClient -- Existing scopes: []
18:21:20.544 [main] DEBUG land.oras.auth.HttpClient -- New scopes: [repository:***]
18:21:20.545 [main] DEBUG land.oras.auth.HttpClient -- Executing HEAD request to https://europe-docker.pkg.dev/v2/***/manifests/***
18:21:20.547 [main] DEBUG land.oras.auth.HttpClient -- Headers: {Accept=[application/vnd.oci.image.index.v1+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.artifact.manifest.v1+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.docker.distribution.manifest.v2+json], User-Agent=[ORAS-Java-SDK/0.2.15]}
18:21:20.993 [main] DEBUG land.oras.auth.HttpClient -- Requesting new token...
18:21:20.994 [main] DEBUG land.oras.auth.HttpClient -- WWW-Authenticate header: Bearer realm="https://europe-docker.pkg.dev/v2/token",service="europe-docker.pkg.dev",scope="repository:***:pull"
18:21:20.998 [main] DEBUG land.oras.auth.HttpClient -- New scopes with server: [repository:***:pull]
18:21:20.998 [main] DEBUG land.oras.auth.HttpClient -- WWW-Authenticate header: realm=https://europe-docker.pkg.dev/v2/token, service=europe-docker.pkg.dev, scope=repository:***:pull, error=null
18:21:20.998 [main] DEBUG land.oras.auth.HttpClient -- Existing scopes: [repository:***:pull]
18:21:20.998 [main] DEBUG land.oras.auth.HttpClient -- New scopes: [repository:***:pull]
18:21:20.998 [main] DEBUG land.oras.auth.HttpClient -- Executing GET request to https://europe-docker.pkg.dev/v2/token?scope=repository:***:pull&service=europe-docker.pkg.dev
18:21:20.998 [main] DEBUG land.oras.auth.HttpClient -- Headers: {User-Agent=[ORAS-Java-SDK/0.2.15]}
18:21:21.207 [main] DEBUG land.oras.auth.HttpClient -- Requesting new token...
18:21:21.208 [main] DEBUG land.oras.auth.HttpClient -- WWW-Authenticate header: 
18:21:21.208 [main] ERROR land.oras.auth.HttpClient -- Failed to execute request
land.oras.exception.OrasException: No WWW-Authenticate header found in response
        at land.oras.auth.HttpClient.refreshToken(HttpClient.java:363)
        at land.oras.auth.HttpClient.redoRequest(HttpClient.java:519)
        at land.oras.auth.HttpClient.executeRequest(HttpClient.java:498)
        at land.oras.auth.HttpClient.get(HttpClient.java:151)
        at land.oras.auth.HttpClient.refreshToken(HttpClient.java:387)
        at land.oras.auth.HttpClient.redoRequest(HttpClient.java:519)
        at land.oras.auth.HttpClient.executeRequest(HttpClient.java:498)
        at land.oras.auth.HttpClient.head(HttpClient.java:246)
        at land.oras.Registry.getHeaders(Registry.java:758)
        at land.oras.Registry.getContentType(Registry.java:724)
        at land.oras.Registry.pullArtifact(Registry.java:274)
        at main$package$.app(main.scala:12)
        at app.main(main.scala:9)

Why is this needed for ORAS?

This works using the ORAS CLI:

oras pull europe-docker.pkg.dev/*** -o .

Are you willing to submit PRs to contribute to this feature?

• Yes, I am willing to implement it.