From 80cc1f1d6fb1d03014f7ef5d3a1e216538ddb855 Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Mon, 7 Dec 2020 16:09:05 +0100
Subject: [PATCH] registry.Auth: try next endpoints on non-auth failures

Allow falling back to non-TLS endpoints if present.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 registry/service.go | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/registry/service.go b/registry/service.go
index 37f6ed51fd..7e55923c11 100644
--- a/registry/service.go
+++ b/registry/service.go
@@ -131,7 +131,15 @@ func (s *DefaultService) Auth(ctx context.Context, authConfig *types.AuthConfig,
 	}
 
 	for _, endpoint := range endpoints {
-		return loginV2(authConfig, endpoint, userAgent)
+		status, token, err = loginV2(authConfig, endpoint, userAgent)
+		if err == nil {
+			return
+		}
+		if errdefs.IsUnauthorized(err) {
+			// Failed to authenticate; don't continue with (non-TLS) endpoints.
+			return status, token, err
+		}
+		logrus.WithError(err).Infof("Error logging in to endpoint, trying next endpoint")
 	}
 
 	return "", "", err