distribution: un-export ImageTypes, make ImagePullConfig.Schema2Types optional

Use the default list of accepted mediaTypes if none were passed. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-27 20:33:52 +01:00 · 2022-02-27 20:33:52 +01:00 · fb5485f5d0
commit fb5485f5d0
parent e78f6f9c68
6 changed files with 50 additions and 40 deletions
--- a/daemon/images/image_pull.go
+++ b/daemon/images/image_pull.go
@ -122,7 +122,6 @@ func (i *ImageService) pullImageWithReference(ctx context.Context, ref reference
 			ReferenceStore:   i.referenceStore,
 		},
 		DownloadManager: i.downloadManager,
-		Schema2Types:    distribution.ImageTypes,
 		Platform:        platform,
 	}

--- a/distribution/config.go
+++ b/distribution/config.go
@ -57,8 +57,9 @@ type ImagePullConfig struct {

 	// DownloadManager manages concurrent pulls.
 	DownloadManager *xfer.LayerDownloadManager
-	// Schema2Types is the valid schema2 configuration types allowed
-	// by the pull operation.
+	// Schema2Types is an optional list of valid schema2 configuration types
+	// allowed by the pull operation. If omitted, the default list of accepted
+	// types is used.
 	Schema2Types []string
 	// Platform is the requested platform of the image being pulled
 	Platform *specs.Platform
--- a/distribution/pull_v2.go
+++ b/distribution/pull_v2.go
@ -397,19 +397,8 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named, platform
 	}

 	if m, ok := manifest.(*schema2.DeserializedManifest); ok {
-		var allowedMediatype bool
-		for _, t := range p.config.Schema2Types {
-			if m.Manifest.Config.MediaType == t {
-				allowedMediatype = true
-				break
-			}
-		}
-		if !allowedMediatype {
-			configClass := mediaTypeClasses[m.Manifest.Config.MediaType]
-			if configClass == "" {
-				configClass = "unknown"
-			}
-			return false, invalidManifestClassError{m.Manifest.Config.MediaType, configClass}
+		if err := p.validateMediaType(m.Manifest.Config.MediaType); err != nil {
+			return false, err
 		}
 	}

@ -486,6 +475,28 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named, platform
 	return true, nil
 }

+// validateMediaType validates if the given mediaType is accepted by the puller's
+// configuration.
+func (p *v2Puller) validateMediaType(mediaType string) error {
+	var allowedMediaTypes []string
+	if len(p.config.Schema2Types) > 0 {
+		allowedMediaTypes = p.config.Schema2Types
+	} else {
+		allowedMediaTypes = defaultImageTypes
+	}
+	for _, t := range allowedMediaTypes {
+		if mediaType == t {
+			return nil
+		}
+	}
+
+	configClass := mediaTypeClasses[mediaType]
+	if configClass == "" {
+		configClass = "unknown"
+	}
+	return invalidManifestClassError{mediaType, configClass}
+}
+
 func (p *v2Puller) pullSchema1(ctx context.Context, ref reference.Reference, unverifiedManifest *schema1.SignedManifest, platform *specs.Platform) (id digest.Digest, manifestDigest digest.Digest, err error) {
 	if platform != nil {
 		// Early bath if the requested OS doesn't match that of the configuration.
--- a/distribution/pull_v2_test.go
+++ b/distribution/pull_v2_test.go
@ -356,7 +356,6 @@ func testNewPuller(t *testing.T, rawurl string) *v2Puller {
 				RegistryToken: secretRegistryToken,
 			},
 		},
-		Schema2Types: ImageTypes,
 	}

 	puller, err := newPuller(endpoint, repoInfo, imagePullConfig, nil)
--- a/distribution/registry.go
+++ b/distribution/registry.go
@ -19,35 +19,36 @@ import (
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 )

-// ImageTypes represents the schema2 config types for images
-var ImageTypes = []string{
-	schema2.MediaTypeImageConfig,
-	ocispec.MediaTypeImageConfig,
-	// Handle unexpected values from https://github.com/docker/distribution/issues/1621
-	// (see also https://github.com/docker/docker/issues/22378,
-	// https://github.com/docker/docker/issues/30083)
-	"application/octet-stream",
-	"application/json",
-	"text/html",
-	// Treat defaulted values as images, newer types cannot be implied
-	"",
-}
+var (
+	// defaultImageTypes represents the schema2 config types for images
+	defaultImageTypes = []string{
+		schema2.MediaTypeImageConfig,
+		ocispec.MediaTypeImageConfig,
+		// Handle unexpected values from https://github.com/docker/distribution/issues/1621
+		// (see also https://github.com/docker/docker/issues/22378,
+		// https://github.com/docker/docker/issues/30083)
+		"application/octet-stream",
+		"application/json",
+		"text/html",
+		// Treat defaulted values as images, newer types cannot be implied
+		"",
+	}

-// PluginTypes represents the schema2 config types for plugins
-var PluginTypes = []string{
-	schema2.MediaTypePluginConfig,
-}
+	// pluginTypes represents the schema2 config types for plugins
+	pluginTypes = []string{
+		schema2.MediaTypePluginConfig,
+	}

-var mediaTypeClasses map[string]string
+	mediaTypeClasses map[string]string
+)

 func init() {
-	// initialize media type classes with all know types for
-	// plugin
+	// initialize media type classes with all know types for images and plugins.
 	mediaTypeClasses = map[string]string{}
-	for _, t := range ImageTypes {
+	for _, t := range defaultImageTypes {
 		mediaTypeClasses[t] = "image"
 	}
-	for _, t := range PluginTypes {
+	for _, t := range pluginTypes {
 		mediaTypeClasses[t] = "plugin"
 	}
 }
--- a/distribution/registry_unit_test.go
+++ b/distribution/registry_unit_test.go
@ -67,7 +67,6 @@ func testTokenPassThru(t *testing.T, ts *httptest.Server) {
 				RegistryToken: secretRegistryToken,
 			},
 		},
-		Schema2Types: ImageTypes,
 	}
 	puller, err := newPuller(endpoint, repoInfo, imagePullConfig, nil)
 	if err != nil {