For Docker images that come straight from Docker Hub, I can retrieve the current list of tags for an image by hitting their repository API. For example, https://registry.hub.docker.com/v1/repositories/python/tags
will give me a list of tags that can be used with docker pull python:<tag>
.
For Elastic Search, I'm using their official repository and can pull an image using something like docker pull docker.elastic.co/elasticsearch/elasticsearch:6.4.0
However, I can't figure out how to pull a list of tags from that repository. I've tried
https://docker.elastic.co/elasticsearch/elasticsearch/tags
https://docker.elastic.co/v1/repositories/elasticsearch
https://docker.elastic.co/v2/repositories/elasticsearch/elasticsearch/_manifests/tags
..and several other variations. What URL/API endpoints is the docker command line tool translating that repository/image name into on the backend request?
It turns out that docker.elastic.co
is running a V2 docker registry, so it requires V2 API commands and token authentication. Trying to initially get the tags results in a 401 with information on how to get the token:
http https://docker.elastic.co/v2/elasticsearch/elasticsearch/tags/list (566ms)
HTTP/1.1 401 Unauthorized
Connection: keep-alive
Content-Length: 170
Content-Type: application/json; charset=utf-8
Date: Thu, 09 May 2019 15:24:42 GMT
Docker-Distribution-Api-Version: registry/2.0
Www-Authenticate: Bearer realm="https://docker-auth.elastic.co/auth",service="token-service",scope="repository:elasticsearch/elasticsearch:pull"
X-Content-Type-Options: nosniff
{
"errors": [
{
"code": "UNAUTHORIZED",
"detail": [
{
"Action": "pull",
"Class": "",
"Name": "elasticsearch/elasticsearch",
"Type": "repository"
}
],
"message": "authentication required"
}
]
}
Use the information in the WWW-Authenticate
to request a token for the given service
and scope
:
http "https://docker-auth.elastic.co/auth?service=token-service&scope=repository:elasticsearch/elasticsearch:pull" (567ms)
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 790
Content-Type: application/json
Date: Thu, 09 May 2019 15:25:37 GMT
{
"token": "some-long-token"
}
Finally, make the request using the token:
http -v https://docker.elastic.co/v2/elasticsearch/elasticsearch/tags/list 'Authorization: Bearer some-long-token'
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1765
Content-Type: application/json; charset=utf-8
Date: Thu, 09 May 2019 15:26:18 GMT
Docker-Distribution-Api-Version: registry/2.0
X-Content-Type-Options: nosniff
{
"name": "elasticsearch/elasticsearch",
"tags": [
"5.0.0-731e78df",
"5.0.0-86a0b164",
"5.0.0-alpha5",
"5.0.0-beta1",
"5.0.0-ccd69424",
"5.0.0-rc1",
"5.0.0",
...
...
...