Bug Description
harbor-cli login appears to incorrectly fail for valid robot account credentials during authentication validation.
From investigation, the login flow validates credentials using GetCurrentUserInfo(). However, robot accounts are not regular Harbor user principals, and the endpoint may return 403 Forbidden (or SDK deserialization-related failures) even when authentication itself succeeds successfully at the transport/API level.
As a result, valid robot account logins can fail with errors similar to:
(*models.UserResp) is not supported by the TextConsumer
or other unexpected validation failures during login.
This affects CI/CD and automation workflows where robot accounts are the recommended authentication mechanism.
Expected Behavior
harbor-cli login should successfully authenticate valid robot account credentials without failing on user-specific validation behavior.
Current Behavior
Valid robot account credentials may fail during login validation due to GetCurrentUserInfo() behavior.
Possible Root Cause
Current login validation appears to rely on a user-oriented endpoint:
which may not apply to robot account principals.
The failure may be related to:
- endpoint-specific authorization behavior (
403)
- SDK deserialization behavior
- or false-negative validation logic in the login flow
Environment
- harbor-cli version: latest main branch
- Harbor version: affected versions need confirmation
- Authentication type: robot account
Additional Notes
I’ve been investigating the login flow in:
and would be happy to work on a targeted fix after validating the exact Harbor API / SDK behavior more carefully.
The goal would be:
- minimal localized fix
- no behavioral regressions
- preserving existing authentication semantics
- and avoiding broad error suppression.
Bug Description
harbor-cli loginappears to incorrectly fail for valid robot account credentials during authentication validation.From investigation, the login flow validates credentials using
GetCurrentUserInfo(). However, robot accounts are not regular Harbor user principals, and the endpoint may return403 Forbidden(or SDK deserialization-related failures) even when authentication itself succeeds successfully at the transport/API level.As a result, valid robot account logins can fail with errors similar to:
or other unexpected validation failures during login.
This affects CI/CD and automation workflows where robot accounts are the recommended authentication mechanism.
Expected Behavior
harbor-cli loginshould successfully authenticate valid robot account credentials without failing on user-specific validation behavior.Current Behavior
Valid robot account credentials may fail during login validation due to
GetCurrentUserInfo()behavior.Possible Root Cause
Current login validation appears to rely on a user-oriented endpoint:
GetCurrentUserInfo()which may not apply to robot account principals.
The failure may be related to:
403)Environment
Additional Notes
I’ve been investigating the login flow in:
and would be happy to work on a targeted fix after validating the exact Harbor API / SDK behavior more carefully.
The goal would be: