Fail to download images from tanzu.packages.broadcom.com with an error, "The client does not have permission for manifest"
Article ID: 373602
Updated On:
Products
VMware Tanzu Application Platform
Issue/Introduction
When installing Tanzu Application Platform in an air-gapped environment, we need to relocate images to a registry. The following error might happen when copying the images into a .tar file from tanzu.packages.broadcom.com.
UNAUTHORIZED:
The client does not have permission for manifest; map[manifest:tanzu-application-platform/tap-packages/latest/manifest.jsonCause
This message means the either IMGPKG_REGISTRY_USERNAME_0 or IMGPKG_REGISTRY_PASSWORD_0 is not set properly.
Resolution
The following steps can be leveraged to narrow down this issue and then are used for a fix.
1. Follow the Relocate images to a registry to retrieve the access token.
2. Decrypt your access token. Verify that the corresponding username is correct and its access scope is related.
Here is an example,
davidz@Y67G92THQK Downloads % echo 'eyJ2Z######'| jq -R 'split(".") | .[0], .[1] | @base64d | fromjson'
{
"ver": "2",
"typ": "JWT",
"alg": "######",
"kid": "MRj89######"
}
{
"sub": "jfrt@######/users/[email protected]",
"scp": "member-of-groups:######",
"aud": "jfrt@######",
"iss": "jfrt@######/users/csp-token-grantor",
"exp": 1738258491,
"iat": 1722476091,
"jti": "30f7b56c-######"
}3. Make sure the following environment variables are set up correctly.
IMGPKG_REGISTRY_HOSTNAME_0=tanzu.packages.broadcom.com
[email protected]
IMGPKG_REGISTRY_PASSWORD_0=eyJ2Z######
TAP_VERSION=1.##.#Feedback
Yes
No
Powered by
