From 42305a8526781b2e9dce384c564f8b0738f3639a Mon Sep 17 00:00:00 2001
From: Tim Schrodi <tim.schrodi@sap.com>
Date: Wed, 10 Mar 2021 16:36:05 +0100
Subject: [PATCH] fix logging issue for registries that require a
 authentication even for public images

also passed down the logging level to the containerd lib so that debugging is easier
---
 ociclient/client.go              | 11 +++++++++++
 ociclient/credentials/keyring.go |  8 ++++++--
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/ociclient/client.go b/ociclient/client.go
index 1016fc13..cb5e694e 100644
--- a/ociclient/client.go
+++ b/ociclient/client.go
@@ -16,10 +16,12 @@ import (
 
 	"github.com/containerd/containerd/content"
 	"github.com/containerd/containerd/errdefs"
+	containerdlog "github.com/containerd/containerd/log"
 	"github.com/containerd/containerd/remotes"
 	"github.com/go-logr/logr"
 	"github.com/opencontainers/go-digest"
 	ocispecv1 "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/sirupsen/logrus"
 	"k8s.io/apimachinery/pkg/util/sets"
 
 	"github.com/gardener/component-cli/ociclient/cache"
@@ -77,6 +79,15 @@ func NewClient(log logr.Logger, opts ...Option) (Client, error) {
 		options.HTTPClient = http.DefaultClient
 	}
 
+	cLogger := logrus.New()
+	if log.V(5).Enabled() {
+		cLogger.SetLevel(logrus.DebugLevel)
+	}
+	if log.V(7).Enabled() {
+		cLogger.SetLevel(logrus.TraceLevel)
+	}
+	containerdlog.L = logrus.NewEntry(cLogger)
+
 	return &client{
 		log:             log,
 		allowPlainHttp:  options.AllowPlainHttp,
diff --git a/ociclient/credentials/keyring.go b/ociclient/credentials/keyring.go
index 3b6eed55..3deae37e 100644
--- a/ociclient/credentials/keyring.go
+++ b/ociclient/credentials/keyring.go
@@ -6,7 +6,6 @@ package credentials
 
 import (
 	"context"
-	"fmt"
 	"net/http"
 	"net/url"
 	"path"
@@ -166,7 +165,12 @@ func (o *GeneralOciKeyring) GetCredentials(hostname string) (username, password
 		if hostname == dockerHubDomain {
 			return o.GetCredentials(dockerHubLegacyDomain)
 		}
-		return "", "", fmt.Errorf("authentication for %s cannot be found", hostname)
+		// try authentication with no username and password.
+		// this is needed by some registries like ghcr that require a auth token flow even for public images.
+		return "", "", nil
+
+		// todo: add log for the error if now authentication can be found
+		//return "", "", fmt.Errorf("authentication for %s cannot be found", hostname)
 	}
 
 	return auth.Username, auth.Password, nil