Skip to content

Commit

Permalink
Don't masquerade Docker registry's unauthorized error to ImageNotFound
Browse files Browse the repository at this point in the history 
[#132821551]

Signed-off-by: Claudia Beresford <[email protected]>
  • Loading branch information
@glestaris @Callisto13
glestaris authored and Callisto13 committed Nov 3, 2016
1 parent 0dcb272 commit 3c56466
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 19 deletions.
24 changes: 22 additions & 2 deletions commands/create.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (
"code.cloudfoundry.org/lager"

"code.cloudfoundry.org/commandrunner/linux_command_runner"
"github.com/docker/distribution/registry/api/errcode"
errorspkg "github.com/pkg/errors"
"github.com/urfave/cli"
)
Expand Down Expand Up @@ -144,14 +145,33 @@ func parseIDMappings(args []string) ([]groot.IDMappingSpec, error) {
return mappings, nil
}

func containsDockerError(errorsList errcode.Errors, errCode errcode.ErrorCode) bool {
for _, err := range errorsList {
if e, ok := err.(errcode.Error); ok && e.ErrorCode() == errCode {
return true
}
}

return false
}

func tryHumanizeDockerErrorsList(err errcode.Errors) string {
if containsDockerError(err, errcode.ErrorCodeUnauthorized) {
return "Image does not exist or you do not have permissions to see it."
}

return err.Error()
}

func tryHumanize(err error) string {
switch e := errorspkg.Cause(err).(type) {
case *url.Error:
if _, ok := e.Err.(x509.UnknownAuthorityError); ok {
return "This registry is insecure. To pull images from this registry, please use the --insecure-registry option."
}
case remote.ImageNotFoundErr:
return "Image does not exist or you do not have permissions to see it."

case errcode.Errors:
return tryHumanizeDockerErrorsList(e)
}

return err.Error()
Expand Down
26 changes: 9 additions & 17 deletions fetcher/remote/docker_src.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,24 +30,16 @@ func NewDockerSource(trustedRegistries []string) *DockerSource {
}
}

type ImageNotFoundErr struct {
error
}

func (s *DockerSource) Manifest(logger lager.Logger, imageURL *url.URL) (Manifest, error) {
logger = logger.Session("fetching-image-manifest", lager.Data{"imageURL": imageURL})
logger.Info("start")
defer logger.Info("end")

img, err := s.preSteamedImage(logger, imageURL)
img, err := s.image(logger, imageURL)
if err != nil {
logger.Error("fetching-image-reference-failed", err)

if strings.Contains(err.Error(), "unauthorized: authentication required") {
return Manifest{}, errorspkg.Wrap(ImageNotFoundErr{err}, "fetching image reference")
}

return Manifest{}, errorspkg.Wrap(err, "fetching image reference")
return Manifest{}, errorspkg.Wrap(err, "fetching image reference dfksjghdv")
}

contents, mimeType, err := img.Manifest()
Expand Down Expand Up @@ -115,7 +107,7 @@ func (s *DockerSource) Blob(logger lager.Logger, imageURL *url.URL, digest strin
logger.Info("start")
defer logger.Info("end")

imgSrc, err := s.preSteamedImageSource(logger, imageURL)
imgSrc, err := s.imageSource(logger, imageURL)
if err != nil {
return nil, 0, err
}
Expand Down Expand Up @@ -213,7 +205,7 @@ func (s *DockerSource) parseSchemaV2Manifest(logger lager.Logger, rawManifest []
}

func (s *DockerSource) parseSchemaV2Config(logger lager.Logger, imageURL *url.URL, configDigest string) (specsv1.Image, error) {
imgSrc, err := s.preSteamedImageSource(logger, imageURL)
imgSrc, err := s.imageSource(logger, imageURL)
if err != nil {
return specsv1.Image{}, err
}
Expand Down Expand Up @@ -258,7 +250,7 @@ func (s *DockerSource) parseSchemaV1Config(logger lager.Logger, manifest Manifes
return config, nil
}

func (s *DockerSource) preSteamedReference(logger lager.Logger, imageURL *url.URL) (types.ImageReference, error) {
func (s *DockerSource) reference(logger lager.Logger, imageURL *url.URL) (types.ImageReference, error) {
refString := "/"
if imageURL.Host != "" {
refString += "/" + imageURL.Host
Expand All @@ -274,8 +266,8 @@ func (s *DockerSource) preSteamedReference(logger lager.Logger, imageURL *url.UR
return ref, nil
}

func (s *DockerSource) preSteamedImage(logger lager.Logger, imageURL *url.URL) (types.Image, error) {
ref, err := s.preSteamedReference(logger, imageURL)
func (s *DockerSource) image(logger lager.Logger, imageURL *url.URL) (types.Image, error) {
ref, err := s.reference(logger, imageURL)
if err != nil {
return nil, err
}
Expand All @@ -290,8 +282,8 @@ func (s *DockerSource) preSteamedImage(logger lager.Logger, imageURL *url.URL) (
return img, nil
}

func (s *DockerSource) preSteamedImageSource(logger lager.Logger, imageURL *url.URL) (types.ImageSource, error) {
ref, err := s.preSteamedReference(logger, imageURL)
func (s *DockerSource) imageSource(logger lager.Logger, imageURL *url.URL) (types.ImageSource, error) {
ref, err := s.reference(logger, imageURL)
if err != nil {
return nil, err
}
Expand Down

0 comments on commit 3c56466

Please sign in to comment.