How can I use Docker Registry HTTP API V2 to obtain a list of all repositories in a docker registry?
Here is an example program to read repositories from a registry. I used it as a learning aid with Docker Hub.
#!/bin/bashset -e# set username and passwordUNAME="username"UPASS="password"# get token to be able to talk to Docker HubTOKEN=$(curl -s -H "Content-Type: application/json" -X POST -d '{"username": "'${UNAME}'", "password": "'${UPASS}'"}' https://hub.docker.com/v2/users/login/ | jq -r .token)# get list of repos for that user accountREPO_LIST=$(curl -s -H "Authorization: JWT ${TOKEN}" https://hub.docker.com/v2/repositories/${UNAME}/?page_size=10000 | jq -r '.results|.[]|.name')# build a list of all images & tagsfor i in ${REPO_LIST}do # get tags for repo IMAGE_TAGS=$(curl -s -H "Authorization: JWT ${TOKEN}" https://hub.docker.com/v2/repositories/${UNAME}/${i}/tags/?page_size=10000 | jq -r '.results|.[]|.name') # build a list of images from tags for j in ${IMAGE_TAGS} do # add each tag to list FULL_IMAGE_LIST="${FULL_IMAGE_LIST} ${UNAME}/${i}:${j}" donedone# output list of all docker imagesfor i in ${FULL_IMAGE_LIST}do echo ${i}done
(this comes from an article on Docker site that describes how to use the API.)
In essence...
- get a token
- pass the token as a header
Authorization: JWT <token>
with any API calls you make - the api call you want to use to list repositories is
https://hub.docker.com/v2/repositories/<username>/
This site says we cannot :(
Dockerhub hosts a mix of public and private repositories, but does not expose a catalog endpoint to programmatically list them.
First thing first, Docker is a protocol, DockerHub is product that implements the Docker protocol but is not limited to it.
hub.docker.com
has the rich DockerHub specific APIs.
index.docker.io
is the generic Docker API V2 implementation for DockerHub that is used in majority of clients that support multiple docker registries.
DockerHub implements the generic Docker HTTP API V2 but it doesn't implement _catalog
API from the generic API set.
DockerHub Docker API V2 Usage
In order to use the Docker V2 API, a JWT auth token needs to be generated and that token has to be used as Bearer token in the DockerHub calls at index.docker.io
When you hit the DockerHub APIs like this:
https://index.docker.io/v2/library/alpine/tags/list
and it returns 401,
Look for the response header
www-authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="repository:library/alpine:pull",error="invalid_token"
This means, you need to explicitly call
https://auth.docker.io/token?service=registry.docker.io&scope=repository:library/alpine:pull
Which will get you the bearer token that you can use in the original index.docker.io
request.
The https://auth.docker.io/token
works without any auth token but only for public repos.
In case you want to access a private repo, you need to add basic auth header to the request.
curl -u username:password https://auth.docker.io/token?service=registry.docker.io&scope=repository:<repo>:pull
NOTE: auth.docker.io
will generate a token anyway even if the request is not valid (reds or scope or anything). To validate the token, if you put the token to jwt.io, you should see the access
field in the payload containing requested scope references.