Running into "insufficient scope" issue.

[ravensorb]

It seems like I am hitting the same issue as #1736 however I am pretty much 100% sure things everything in my configuration match :) Is there something else I am missing?

Screenshot of my web interface

env variables for portus

PORTUS_ANONYMOUS_BROWSING_ENABLED=true
PORTUS_BACKGROUND_SYNC_ENABLED=false
PORTUS_BACKGROUND_SYNC_STRATEGY=update-delete
PORTUS_CHECK_SSL_USAGE_ENABLED=false
PORTUS_DB_ADAPTER=mysql2
PORTUS_DB_DATABASE=portusdb
PORTUS_DB_HOST=portusdb
PORTUS_DB_PASSWORD=xxxxxxxx
PORTUS_DB_USERNAME=portusdb
PORTUS_DELETE_CONTRIBUTORS=true
PORTUS_DELETE_ENABLED=true
PORTUS_DELETE_GARBAGE_COLLECTOR_ENABLED=true
PORTUS_DELETE_GARBAGE_COLLECTOR_KEEP_LATEST=5
PORTUS_DELETE_GARBAGE_COLLECTOR_OLDER_THAN=30
PORTUS_DELETE_GARBAGE_COLLECTOR_TAG=
PORTUS_DISPLAY_NAME_ENABLED=true
PORTUS_EMAIL_FROM=portus@home.local
PORTUS_EMAIL_NAME=
PORTUS_EMAIL_REPLY_TO=
PORTUS_GRAVATAR_ENABLED=true
PORTUS_HOST_EXTERNAL=portus.home.local
PORTUS_HOST_INTERNAL=portus
PORTUS_KEY_PATH=/certs/key/portus.key
PORTUS_MACHINE_FQDN_VALUE=portus-registry.home.local
PORTUS_PASSWORD=xxxxxxxx
PORTUS_SECRET_KEY_BASE=xxxxxxxx
PORTUS_SMTP_ADDRESS=smtp.home.local
PORTUS_SMTP_AUTHENTICATION=login
PORTUS_SMTP_DOMAIN=home.local
PORTUS_SMTP_ENABLED=false
PORTUS_SMTP_PASSWORD=
PORTUS_SMTP_PORT=25
PORTUS_SMTP_USER_NAME=
RAILS_SERVE_STATIC_FILES=true

env variables for registry

REGISTRY_AUTH_TOKEN_ISSUER=portus-registry.home.local
REGISTRY_LOG_LEVEL=debug
REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/crt/portus.crt
REGISTRY_AUTH_TOKEN_REALM=http://portus.home.local/v2/token
REGISTRY_NOTIFICATIONS_ENDPOINTS_URL=http://portus:3000/v2/webhooks/events
REGISTRY_LOG_ACCESSLOG_DISABLED=false
REGISTRY_AUTH_TOKEN_SERVICE=portus-registry.home.local
REGISTRY_STORAGE_DELETE_ENABLED=true
REGISTRY_HTTP_SECRET=xxxxxx
REGISTRY_NOTIFICATIONS_ENDPOINTS_NAME=portus
REGISTRY_NOTIFICATIONS_ENDPOINTS_DISABLED=false

and here is the config for portus

sh-4.4# portusctl exec rake portus:info
[schema] Selected the schema for mysql
[Mailer config] Host:     portus.test.lan
[Mailer config] Protocol: https://
Evaluated configuration:
---
email:
  from: portus@home.local
  name: ''
  reply_to: ''
  smtp:
    enabled: false
    address: smtp.example.com
    port: 587
    domain: example.com
    ssl_tls: ''
    enable_starttls_auto: false
    openssl_verify_mode: none
    ca_path: ''
    ca_file: ''
    user_name: ''
    password: "****"
    authentication: login
gravatar:
  enabled: true
delete:
  enabled: true
  contributors: true
  garbage_collector:
    enabled: true
    older_than: 30
    keep_latest: 5
    tag: ''
ldap:
  enabled: false
  hostname: ldap_hostname
  port: 389
  timeout: 5
  encryption:
    method: ''
    options:
      ca_file: ''
      ssl_version: TLSv1_2
  base: ''
  admin_base: ''
  group_base: ''
  filter: ''
  uid: uid
  authentication:
    enabled: false
    bind_dn: ''
    password: "****"
  group_sync:
    enabled: true
    default_role: viewer
  guess_email:
    enabled: false
    attr: ''
oauth:
  local_login:
    enabled: true
  google_oauth2:
    enabled: false
    id: ''
    secret: ''
    domain: ''
    options:
      hd: ''
  open_id:
    enabled: false
    identifier: ''
    domain: ''
  openid_connect:
    enabled: false
    issuer: ''
    identifier: ''
    secret: ''
  github:
    enabled: false
    client_id: ''
    client_secret: ''
    organization: ''
    team: ''
    domain: ''
  gitlab:
    enabled: false
    application_id: ''
    secret: ''
    group: ''
    domain: ''
    server: ''
  bitbucket:
    enabled: false
    key: ''
    secret: ''
    domain: ''
    options:
      team: ''
first_user_admin:
  enabled: true
signup:
  enabled: true
check_ssl_usage:
  enabled: false
registry:
  jwt_expiration_time:
    value: 15
  catalog_page:
    value: 100
  timeout:
    value: 2
  read_timeout:
    value: 120
machine_fqdn:
  value: portus-registry.home.local
display_name:
  enabled: true
user_permission:
  change_visibility:
    enabled: true
  create_team:
    enabled: true
  manage_team:
    enabled: true
  create_namespace:
    enabled: true
  manage_namespace:
    enabled: true
  create_webhook:
    enabled: true
  manage_webhook:
    enabled: true
  push_images:
    policy: allow-teams
security:
  clair:
    server: ''
    health_port: 6061
    timeout: 900
  zypper:
    server: ''
  dummy:
    server: ''
anonymous_browsing:
  enabled: true
background:
  registry:
    enabled: true
  sync:
    enabled: false
    strategy: update-delete
pagination:
  per_page: 10
  before_after: 2

and here is the log entry

portus-registry        | time="2021-01-19T22:53:12.85319284Z" level=warning msg="error authorizing context: insufficient scope" go.version=go1.11.2 http.request.host=portus-registry.home.local http.request.id=16e22790-55ee-4adf-b516-2b1a36941ac0 http.request.method=POST http.request.remoteaddr=172.21.0.1 http.request.uri="/v2/testuser/containerimage"/blobs/uploads/" http.request.useragent="docker/20.10.2 go/go1.13.15 git-commit/8891c58 kernel/5.4.0-1036-azure os/linux arch/amd64 UpstreamClient(Docker-Client/20.10.2 \(linux\))" vars.name="testuser/containerimage" 

[miraclecoco]

I had the same problem...

[stale]

Thanks for all your contributions!
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.