阿里云 registry 401 UNAUTHORIZED

需求：请求阿里云的镜像仓库，读取镜像的信息，直接读取肯定返回错误，毕竟仓库是私有的嘛。
既然是私有的，请求的时候，肯定要带上账号密码或者Token等这样的信息才可以。那么如何携带这些内容呢？

几经周折，过程不在赘述，下面直接给出方法：
一、现状（问题）
1、请求目标

https://registry.cn-shanghai.aliyuncs.com/v2/nuggets/nuggets-docker/tags/list

2、获得错误的结果

{
	errors: [
		{
			code: "UNAUTHORIZED",
			message: "authentication required",
			detail: [
				{
					Type: "repository",
					Class: "",
					Name: "nuggets/nuggets-docker",
					Action: "pull"
				}
			]
		}
	]
}

二、处理方法
1、获得auth地址、service参数、scope参数

[root@test run]# curl -v -X GET https://registry.cn-shanghai.aliyuncs.com/v2/nuggets/nuggets-docker/tags/list
* About to connect() to registry.cn-shanghai.aliyuncs.com port 443 (#0)
*   Trying 139.196.71.17...
* Connected to registry.cn-shanghai.aliyuncs.com (139.196.71.17) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* 	subject: CN=*.registry.aliyuncs.com,O="Alibaba (China) Technology Co., Ltd.",L=HangZhou,ST=ZheJiang,C=CN
* 	start date: Jan 28 03:01:05 2019 GMT
* 	expire date: Jan 29 03:01:05 2020 GMT
* 	common name: *.registry.aliyuncs.com
* 	issuer: CN=GlobalSign Organization Validation CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE
> GET /v2/nuggets/nuggets-docker/tags/list HTTP/1.1
> User-Agent: curl/7.29.0
> Host: registry.cn-shanghai.aliyuncs.com
> Accept: */*
> 
< HTTP/1.1 401 Unauthorized
< Content-Type: application/json; charset=utf-8
< Docker-Distribution-Api-Version: registry/2.0
< Www-Authenticate: Bearer realm="https://dockerauth.cn-hangzhou.aliyuncs.com/auth",service="registry.aliyuncs.com:cn-shanghai:26842",scope="repository:nuggets/nuggets-docker:pull"
< Date: Wed, 05 Jun 2019 07:52:10 GMT
< Content-Length: 165
< 
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"repository","Class":"","Name":"nuggets/nuggets-docker","Action":"pull"}]}]}
* Connection #0 to host registry.cn-shanghai.aliyuncs.com left intact

记下输出内容中的 Www-Authenticate 后面的内容，获得Token时使用。

2、获得Token

curl -u clientId:clientSecret -X POST -d "username=[你的账号]&password=[图上设置的密码]&service=registry.aliyuncs.com:cn-shanghai:26842&scope=repository:nuggets/nuggets-docker:pull" https://dockerauth.cn-hangzhou.aliyuncs.com/auth

记下输出的 token（token和access_token值一样），下一步使用。

3、可以请求接口了

curl -u clientId:clientSecret -v -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -H "Authorization: Bearer [你上一步获得Token]" "https://registry.cn-shanghai.aliyuncs.com/v2/nuggets/nuggets-docker/tags/list"

这样就可以看到正确的结果了，例如我的示例的结果是：

{"name":"nuggets/nuggets-docker","tags":["0.0.1","4121a0c58eba2a077e9c05bfcaba56f04306c554","4121a0c58eba2a077e9c05bfcaba56f04306c554_develop","develop_4121a0c58eba2a077e9c05bfcaba56f04306c554","latest"]}

（END）