Merge pull request #21159 from runcom/fix-retry-push-bug
distribution: errors: do not retry if no credentials provided
This commit is contained in:
Aaron Lehmann
commit
0b962f72a9
3 changed files with 32 additions and 0 deletions
|
|
@ -8,6 +8,7 @@ import (
|
|||
"github.com/docker/distribution/registry/api/errcode"
|
||||
"github.com/docker/distribution/registry/api/v2"
|
||||
"github.com/docker/distribution/registry/client"
|
||||
"github.com/docker/distribution/registry/client/auth"
|
||||
"github.com/docker/docker/distribution/xfer"
|
||||
)
|
||||
|
||||
|
|
@ -90,6 +91,9 @@ func retryOnError(err error) error {
|
|||
return xfer.DoNotRetry{Err: err}
|
||||
}
|
||||
case *url.Error:
|
||||
if v.Err == auth.ErrNoBasicAuthCredentials {
|
||||
return xfer.DoNotRetry{Err: v.Err}
|
||||
}
|
||||
return retryOnError(v.Err)
|
||||
case *client.UnexpectedHTTPResponseError:
|
||||
return xfer.DoNotRetry{Err: err}
|
||||
|
|
|
|||
|
|
@ -254,3 +254,12 @@ func (s *DockerHubPullSuite) TestPullClientDisconnect(c *check.C) {
|
|||
_, err = s.CmdWithError("inspect", repoName)
|
||||
c.Assert(err, checker.NotNil, check.Commentf("image was pulled after client disconnected"))
|
||||
}
|
||||
|
||||
func (s *DockerRegistryAuthSuite) TestPullNoCredentialsNotFound(c *check.C) {
|
||||
// we don't care about the actual image, we just want to see image not found
|
||||
// because that means v2 call returned 401 and we fell back to v1 which usually
|
||||
// gives a 404 (in this case the test registry doesn't handle v1 at all)
|
||||
out, _, err := dockerCmdWithError("pull", privateRegistryURL+"/busybox")
|
||||
c.Assert(err, check.NotNil, check.Commentf(out))
|
||||
c.Assert(out, checker.Contains, "Error: image busybox not found")
|
||||
}
|
||||
|
|
|
|||
|
|
@ -527,3 +527,22 @@ func (s *DockerTrustSuite) TestTrustedPushWithReleasesDelegation(c *check.C) {
|
|||
c.Assert(err, check.IsNil, check.Commentf("Unable to read targets/releases metadata"))
|
||||
c.Assert(string(contents), checker.Contains, `"latest"`, check.Commentf(string(contents)))
|
||||
}
|
||||
|
||||
func (s *DockerRegistryAuthSuite) TestPushNoCredentialsNoRetry(c *check.C) {
|
||||
repoName := fmt.Sprintf("%s/busybox", privateRegistryURL)
|
||||
dockerCmd(c, "tag", "busybox", repoName)
|
||||
out, _, err := dockerCmdWithError("push", repoName)
|
||||
c.Assert(err, check.NotNil, check.Commentf(out))
|
||||
c.Assert(out, check.Not(checker.Contains), "Retrying")
|
||||
c.Assert(out, checker.Contains, "no basic auth credentials")
|
||||
}
|
||||
|
||||
// This may be flaky but it's needed not to regress on unauthorized push, see #21054
|
||||
func (s *DockerSuite) TestPushToCentralRegistryUnauthorized(c *check.C) {
|
||||
testRequires(c, Network)
|
||||
repoName := "test/busybox"
|
||||
dockerCmd(c, "tag", "busybox", repoName)
|
||||
out, _, err := dockerCmdWithError("push", repoName)
|
||||
c.Assert(err, check.NotNil, check.Commentf(out))
|
||||
c.Assert(out, checker.Contains, "unauthorized: access to the requested resource is not authorized")
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue