I’m not sure, if I’m missing sth. or if there is a bug or regression, but I can’t use a project access token to pull from the container registry.
I created a token with role guest and read_registry permission, used podman login -u test registry.my.domain (as far as I understand the docs, the username can be anything: “Any non-blank value as a username.”) and ran podman pull registry.my.domain/group/project/image:tag and it gave me
# podman pull registry.my/domain/group/project/image:tag
Trying to pull registry.my/domain/group/project/image:tag...
Error: initializing source docker://registry.my/domain/group/project/image:tag: reading manifest tag in registry.my/domain/group/project/image: errors:
denied: requested access to the resource is denied
unauthorized: authentication required
Same result with using role owner and all available scopes.
Using a personal access token instead works.
Related: Project access token: interaction between role and scope for registry