You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am a little bit confused about how clairctl works together with the -iss flag and how clair is working general with the psk auth.
My clair config.yml part with the auth part looks like this currently
# ===== AUTH
...
auth: # Defines ClairV4's external and intra-service JWT based authentication.
psk: # Defines preshared key authentication.
key: 'MTU5Y34563ZkNzJoMQ=='
iss:
- 'scan' # A list of JWT issuers to verify. An empty list will accept any issuer in a JWT claim.
...
Even more.
At the same time, while executing the first scan, the same command from another computer is raising a HTTP 401 Unauthorized.
So at this point I am lost. Why does the scan work at first? Then later it doesn't and from another computer it doesn't work at all?
Is there a misunderstanding how the psk key is working or do I have to change something in the clair config.yml?
Even more. If I take a look at my quay config.yml I don't address the issuer name. Instead, I am using successful the PSK key directly.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I am a little bit confused about how clairctl works together with the -iss flag and how clair is working general with the psk auth.
My clair config.yml part with the auth part looks like this currently
Clair is running successful under https://clair.example.com.
I was able to scan the clair container with the following command, as you can see
but the next day from the same terminal and same command, I got a 401
As is it visible in my access logs
Even more.
At the same time, while executing the first scan, the same command from another computer is raising a HTTP 401 Unauthorized.
So at this point I am lost. Why does the scan work at first? Then later it doesn't and from another computer it doesn't work at all?
Is there a misunderstanding how the psk key is working or do I have to change something in the clair config.yml?
Even more. If I take a look at my quay config.yml I don't address the issuer name. Instead, I am using successful the PSK key directly.
This kind of option is not mentioned with the issuer flag.
I hope I'm not mixing up too much stuff.
Kind regards
Beta Was this translation helpful? Give feedback.
All reactions