registry.Auth: try next endpoints on non-auth failures

Allow falling back to non-TLS endpoints if present.

Signed-off-by: Sebastiaan van Stijn <[email protected]>
Upstream-commit: 80cc1f1d6fb1d03014f7ef5d3a1e216538ddb855
Component: engine

Author: thaJeztah

components/engine/registry/service.go

@@ -131,7 +131,15 @@ func (s *DefaultService) Auth(ctx context.Context, authConfig *types.AuthConfig,
 	}
 
 	for _, endpoint := range endpoints {
-		return loginV2(authConfig, endpoint, userAgent)
+		status, token, err = loginV2(authConfig, endpoint, userAgent)
+		if err == nil {
+			return
+		}
+		if errdefs.IsUnauthorized(err) {
+			// Failed to authenticate; don't continue with (non-TLS) endpoints.
+			return status, token, err
+		}
+		logrus.WithError(err).Infof("Error logging in to endpoint, trying next endpoint")
 	}
 
 	return "", "", err