0ct0pu5/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Default the auth config domain to the target image domain

Browse source 
When server address is not provided with the auth configuration,
use the domain from the image provided with the auth.

Signed-off-by: Derek McGowan <derek@mcg.dev>
This commit is contained in:
Derek McGowan 2023-11-06 17:02:18 -08:00
parent 796da163f9
commit 755f008c1e
No known key found for this signature in database
GPG key ID: F58C5D0A4405ACDB
3 changed files with 12 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
daemon/containerd/image_pull.go
View file

@ -67,7 +67,7 @@ func (i *ImageService) pullTag(ctx context.Context, ref reference.NamedTagged, p
opts = append(opts, containerd.WithPlatform(platforms.Format(*platform)))
}
resolver, _ := i.newResolverFromAuthConfig(ctx, authConfig)
resolver, _ := i.newResolverFromAuthConfig(ctx, authConfig, ref)
opts = append(opts, containerd.WithResolver(resolver))
old, err := i.resolveDescriptor(ctx, ref.String())

2
daemon/containerd/image_push.go
View file

@ -102,7 +102,7 @@ func (i *ImageService) pushRef(ctx context.Context, targetRef reference.Named, m
target := img.Target
store := i.client.ContentStore()
resolver, tracker := i.newResolverFromAuthConfig(ctx, authConfig)
resolver, tracker := i.newResolverFromAuthConfig(ctx, authConfig, targetRef)
pp := pushProgress{Tracker: tracker}
jobsQueue := newJobs()
finishProgress := jobsQueue.showProgress(ctx, out, combinedProgress([]progressUpdater{

16
daemon/containerd/resolver.go
View file

@ -11,16 +11,17 @@ import (
"github.com/containerd/containerd/remotes/docker"
"github.com/containerd/containerd/version"
"github.com/containerd/log"
"github.com/distribution/reference"
registrytypes "github.com/docker/docker/api/types/registry"
"github.com/docker/docker/dockerversion"
"github.com/docker/docker/pkg/useragent"
"github.com/docker/docker/registry"
)
func (i *ImageService) newResolverFromAuthConfig(ctx context.Context, authConfig *registrytypes.AuthConfig) (remotes.Resolver, docker.StatusTracker) {
func (i *ImageService) newResolverFromAuthConfig(ctx context.Context, authConfig *registrytypes.AuthConfig, ref reference.Named) (remotes.Resolver, docker.StatusTracker) {
tracker := docker.NewInMemoryTracker()
hosts := hostsWrapper(i.registryHosts, authConfig, i.registryService)
hosts := hostsWrapper(i.registryHosts, authConfig, ref, i.registryService)
headers := http.Header{}
headers.Set("User-Agent", dockerversion.DockerUserAgent(ctx, useragent.VersionInfo{Name: "containerd-client", Version: version.Version}, useragent.VersionInfo{Name: "storage-driver", Version: i.snapshotter}))
@ -31,10 +32,10 @@ func (i *ImageService) newResolverFromAuthConfig(ctx context.Context, authConfig
}), tracker
}
func hostsWrapper(hostsFn docker.RegistryHosts, optAuthConfig *registrytypes.AuthConfig, regService registryResolver) docker.RegistryHosts {
func hostsWrapper(hostsFn docker.RegistryHosts, optAuthConfig *registrytypes.AuthConfig, ref reference.Named, regService registryResolver) docker.RegistryHosts {
var authorizer docker.Authorizer
if optAuthConfig != nil {
authorizer = authorizerFromAuthConfig(*optAuthConfig)
authorizer = authorizerFromAuthConfig(*optAuthConfig, ref)
}
return func(n string) ([]docker.RegistryHost, error) {
@ -56,9 +57,12 @@ func hostsWrapper(hostsFn docker.RegistryHosts, optAuthConfig *registrytypes.Aut
}
}
func authorizerFromAuthConfig(authConfig registrytypes.AuthConfig) docker.Authorizer {
func authorizerFromAuthConfig(authConfig registrytypes.AuthConfig, ref reference.Named) docker.Authorizer {
cfgHost := registry.ConvertToHostname(authConfig.ServerAddress)
if cfgHost == "" || cfgHost == registry.IndexHostname {
if cfgHost == "" {
cfgHost = reference.Domain(ref)
}
if cfgHost == registry.IndexHostname || cfgHost == registry.IndexName {
cfgHost = registry.DefaultRegistryHost
}