Merge pull request #19733 from calavera/auth_error_on_post_create

Respond with 401 when there is an unauthorized error from the registry.
This commit is contained in:
Brian Goff 2016-01-28 13:44:58 -05:00
commit 0b7acaf4b9
3 changed files with 25 additions and 4 deletions

View file

@ -7,9 +7,11 @@ import (
"fmt"
"io"
"net/http"
"net/url"
"strings"
"github.com/docker/distribution/digest"
"github.com/docker/distribution/registry/api/errcode"
"github.com/docker/docker/api/server/httputils"
"github.com/docker/docker/builder/dockerfile"
derr "github.com/docker/docker/errors"
@ -137,6 +139,12 @@ func (s *router) postImagesCreate(ctx context.Context, w http.ResponseWriter, r
err = s.daemon.PullImage(ref, metaHeaders, authConfig, output)
}
}
// Check the error from pulling an image to make sure the request
// was authorized. Modify the status if the request was
// unauthorized to respond with 401 rather than 500.
if err != nil && isAuthorizedError(err) {
err = errcode.ErrorCodeUnauthorized.WithMessage(fmt.Sprintf("Authentication is required: %s", err))
}
} else { //import
var newRef reference.Named
if repo != "" {
@ -373,3 +381,16 @@ func (s *router) getImagesSearch(ctx context.Context, w http.ResponseWriter, r *
}
return httputils.WriteJSON(w, http.StatusOK, query.Results)
}
func isAuthorizedError(err error) bool {
if urlError, ok := err.(*url.Error); ok {
err = urlError.Err
}
if dError, ok := err.(errcode.Error); ok {
if dError.ErrorCode() == errcode.ErrorCodeUnauthorized {
return true
}
}
return false
}

View file

@ -28,7 +28,6 @@ var (
// ErrAlreadyExists is an error returned if an image being pushed
// already exists on the remote side
ErrAlreadyExists = errors.New("Image already exists")
errLoginRequired = errors.New("Authentication is required.")
)
func init() {

View file

@ -19,6 +19,7 @@ import (
"strings"
"github.com/Sirupsen/logrus"
"github.com/docker/distribution/registry/api/errcode"
"github.com/docker/docker/pkg/httputils"
"github.com/docker/docker/pkg/ioutils"
"github.com/docker/docker/pkg/stringid"
@ -213,7 +214,7 @@ func (r *Session) GetRemoteHistory(imgID, registry string) ([]string, error) {
defer res.Body.Close()
if res.StatusCode != 200 {
if res.StatusCode == 401 {
return nil, errLoginRequired
return nil, errcode.ErrorCodeUnauthorized.WithArgs()
}
return nil, httputils.NewHTTPRequestError(fmt.Sprintf("Server error: %d trying to fetch remote history for %s", res.StatusCode, imgID), res)
}
@ -427,7 +428,7 @@ func (r *Session) GetRepositoryData(name reference.Named) (*RepositoryData, erro
}
defer res.Body.Close()
if res.StatusCode == 401 {
return nil, errLoginRequired
return nil, errcode.ErrorCodeUnauthorized.WithArgs()
}
// TODO: Right now we're ignoring checksums in the response body.
// In the future, we need to use them to check image validity.
@ -661,7 +662,7 @@ func (r *Session) PushImageJSONIndex(remote reference.Named, imgList []*ImgData,
defer res.Body.Close()
if res.StatusCode == 401 {
return nil, errLoginRequired
return nil, errcode.ErrorCodeUnauthorized.WithArgs()
}
var tokens, endpoints []string