Disable auth caching and report better blob upload errors (#223)

* Log more explicit error on blob upload

The message is very, very chatty, but hopefully provides some useful
debugging context.

* Disable auth caching

ACR publishes were failing with 401s, I suspect because we had a cached token with only `pull` scope instead of also `push`.

Disabling entirely for now; if we bring it back we should include scope in the cache key . . . somehow.

Author: rainersigwald

Microsoft.NET.Build.Containers/AuthHandshakeMessageHandler.cs

@@ -20,11 +20,6 @@ public partial class AuthHandshakeMessageHandler : DelegatingHandler
 {
     private record AuthInfo(Uri Realm, string Service, string? Scope);
 
-    /// <summary>
-    /// Cache of most-recently-received token for each server.
-    /// </summary>
-    private static ConcurrentDictionary<string, AuthenticationHeaderValue> HostAuthenticationCache = new();
-
     /// <summary>
     /// the www-authenticate header must have realm, service, and scope information, so this method parses it into that shape if present
     /// </summary>
@@ -115,7 +110,7 @@ private record TokenResponse(string? token, string? access_token, int? expires_i
         if (scheme is "Basic")
         {
             var basicAuth = new AuthenticationHeaderValue("Basic", Convert.ToBase64String(Encoding.ASCII.GetBytes($"{privateRepoCreds.Username}:{privateRepoCreds.Password}")));
-            return HostAuthenticationCache.AddOrUpdate(realm.Host, basicAuth, (previous, current) => current);
+            return basicAuth;
         }
         else if (scheme is "Bearer")
         {
@@ -145,7 +140,7 @@ private record TokenResponse(string? token, string? access_token, int? expires_i
 
             // save the retrieved token in the cache
             var bearerAuth = new AuthenticationHeaderValue("Bearer", token.ResolvedToken);
-            return HostAuthenticationCache.AddOrUpdate(realm.Host, bearerAuth, (previous, current) => current);
+            return bearerAuth;
         }
         else
         {
@@ -160,11 +155,7 @@ protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage
             throw new ArgumentException("No RequestUri specified", nameof(request));
         }
 
-        // attempt to use cached token for the request if available
-        if (HostAuthenticationCache.TryGetValue(request.RequestUri.Host, out AuthenticationHeaderValue? cachedAuthentication))
-        {
-            request.Headers.Authorization = cachedAuthentication;
-        }
+        // TODO: attempt to use cached token for the request if available
 
         var response = await base.SendAsync(request, cancellationToken);
         if (response is { StatusCode: HttpStatusCode.OK })

Microsoft.NET.Build.Containers/Registry.cs

@@ -109,9 +109,14 @@ private readonly async Task UploadBlob(string name, string digest, Stream conten
             return;
         }
 
-        HttpResponseMessage pushResponse = await client.PostAsync(new Uri(BaseUri, $"/v2/{name}/blobs/uploads/"), content: null);
+        Uri pushUri = new Uri(BaseUri, $"/v2/{name}/blobs/uploads/");
+        HttpResponseMessage pushResponse = await client.PostAsync(pushUri, content: null);
 
-        Debug.Assert(pushResponse.StatusCode == HttpStatusCode.Accepted);
+        if (pushResponse.StatusCode != HttpStatusCode.Accepted)
+        {
+            string errorMessage = $"Failed to upload blob to {pushUri}; recieved {pushResponse.StatusCode} with detail {await pushResponse.Content.ReadAsStringAsync()}";
+            throw new ApplicationException(errorMessage);
+        }
 
         UriBuilder x;
         if (pushResponse.Headers.Location is {IsAbsoluteUri: true })

containerize/Properties/launchSettings.json

@@ -2,7 +2,7 @@
   "profiles": {
     "containerize": {
       "commandName": "Project",
-      "commandLineArgs": "S:\\play\\container-demo\\bin\\Debug\\net6.0\\linux-x64\\ --baseregistry https://mcr.microsoft.com --baseimagename dotnet/runtime --outputregistry https://rainercontainer.azurecr.io --imagename donuts --imagetags 6.0 --workingdirectory app/ --entrypoint dotnet --entrypointargs run --labels foo=bar hello=world --ports 1234/tcp"
+      "commandLineArgs": "\"S:\\play\\container-package-test\\obj\\Release\\net7.0\\PubTmp\\Out\" --baseregistry mcr.microsoft.com --baseimagename dotnet/aspnet --baseimagetag 7.0 --outputregistry rainercontainer.azurecr.io --imagename container-package-test --workingdirectory /app --entrypoint /app/container-package-test.exe --labels org.opencontainers.image.created=2022-10-27T14:17:19.9046559Z --imagetags latest --ports 80/tcp --environmentvariables ASPNETCORE_URLS=http://+:80 \r\n"
     }
   }
 }