make sure all different ref formats are supported

pull/716/head
Simon Aronsson 4 years ago
parent ff8cb884a0
commit eb8580f7f2
No known key found for this signature in database
GPG Key ID: 8DA57A5FD341605B

@ -139,10 +139,9 @@ func GetAuthURL(challenge string, img string) (*url.URL, error) {
authURL, _ := url.Parse(fmt.Sprintf("%s", values["realm"])) authURL, _ := url.Parse(fmt.Sprintf("%s", values["realm"]))
q := authURL.Query() q := authURL.Query()
q.Add("service", values["service"]) q.Add("service", values["service"])
scopeImage := strings.TrimPrefix(img, values["service"])
if !strings.Contains(scopeImage, "/") { scopeImage := GetScopeFromImageName(img, values["service"])
scopeImage = "library/" + scopeImage
}
scope := fmt.Sprintf("repository:%s:pull", scopeImage) scope := fmt.Sprintf("repository:%s:pull", scopeImage)
logrus.WithFields(logrus.Fields{"scope": scope, "image": img}).Debug("Setting scope for auth token") logrus.WithFields(logrus.Fields{"scope": scope, "image": img}).Debug("Setting scope for auth token")
q.Add("scope", scope) q.Add("scope", scope)
@ -151,6 +150,30 @@ func GetAuthURL(challenge string, img string) (*url.URL, error) {
return authURL, nil return authURL, nil
} }
func GetScopeFromImageName(img, svc string) string {
parts := strings.Split(img, "/")
scopeImage := ""
if len(parts) > 2 {
if strings.Contains(svc, "docker.io") {
fmt.Printf("Identified dockerhub image")
scopeImage = fmt.Sprintf("%s/%s", parts[1], strings.Join(parts[2:], "/"))
} else {
scopeImage = strings.Join(parts, "/")
}
} else if len(parts) == 2 {
if strings.Contains(parts[0], "docker.io") {
scopeImage = fmt.Sprintf("library/%s", parts[1])
} else {
scopeImage = strings.Replace(img, svc + "/", "", 1)
}
} else if strings.Contains(svc, "docker.io") {
scopeImage = fmt.Sprintf("library/%s", parts[0])
} else {
scopeImage = img
}
return scopeImage
}
// GetChallengeURL creates a URL object based on the image info // GetChallengeURL creates a URL object based on the image info
func GetChallengeURL(img string) (url.URL, error) { func GetChallengeURL(img string) (url.URL, error) {

@ -95,4 +95,26 @@ var _ = Describe("the auth module", func() {
Expect(auth.GetChallengeURL("registry-1.docker.io/containrrr/watchtower:latest")).To(Equal(expected)) Expect(auth.GetChallengeURL("registry-1.docker.io/containrrr/watchtower:latest")).To(Equal(expected))
}) })
}) })
When("getting the auth scope from an image name", func() {
It("should prepend official dockerhub images with \"library/\"", func() {
Expect(auth.GetScopeFromImageName("docker.io/registry", "index.docker.io")).To(Equal("library/registry"))
Expect(auth.GetScopeFromImageName("docker.io/registry", "docker.io")).To(Equal("library/registry"))
Expect(auth.GetScopeFromImageName("registry", "index.docker.io")).To(Equal("library/registry"))
Expect(auth.GetScopeFromImageName("watchtower", "registry-1.docker.io")).To(Equal("library/watchtower"))
})
It("should not include vanity hosts\"", func() {
Expect(auth.GetScopeFromImageName("docker.io/containrrr/watchtower", "index.docker.io")).To(Equal("containrrr/watchtower"))
Expect(auth.GetScopeFromImageName("index.docker.io/containrrr/watchtower", "index.docker.io")).To(Equal("containrrr/watchtower"))
})
It("should not destroy three segment image names\"", func() {
Expect(auth.GetScopeFromImageName("piksel/containrrr/watchtower", "index.docker.io")).To(Equal("containrrr/watchtower"))
Expect(auth.GetScopeFromImageName("piksel/containrrr/watchtower", "ghcr.io")).To(Equal("piksel/containrrr/watchtower"))
})
It("should not add \"library/\" for one segment image names if they're not on dockerhub", func() {
Expect(auth.GetScopeFromImageName("ghcr.io/watchtower", "ghcr.io")).To(Equal("watchtower"))
Expect(auth.GetScopeFromImageName("watchtower", "ghcr.io")).To(Equal("watchtower"))
})
})
}) })

@ -73,13 +73,14 @@ func GetDigest(url string, token string) (string, error) {
} }
client := &http.Client{Transport: tr} client := &http.Client{Transport: tr}
req, _ := http.NewRequest("HEAD", url, nil)
if token != "" { if token != "" {
logrus.WithField("token", token).Trace("Setting request token") logrus.WithField("token", token).Trace("Setting request token")
} else { } else {
return "", errors.New("could not fetch token") return "", errors.New("could not fetch token")
} }
req, _ := http.NewRequest("HEAD", url, nil)
req.Header.Add("Authorization", token) req.Header.Add("Authorization", token)
req.Header.Add("Accept", "application/vnd.docker.distribution.manifest.v2+json") req.Header.Add("Accept", "application/vnd.docker.distribution.manifest.v2+json")
req.Header.Add("Accept", "application/vnd.docker.distribution.manifest.list.v2+json") req.Header.Add("Accept", "application/vnd.docker.distribution.manifest.list.v2+json")
@ -94,7 +95,7 @@ func GetDigest(url string, token string) (string, error) {
defer res.Body.Close() defer res.Body.Close()
if res.StatusCode != 200 { if res.StatusCode != 200 {
return "", fmt.Errorf("registry responded to head request with %d", res.StatusCode) return "", fmt.Errorf("registry responded to head request with %v", res)
} }
return res.Header.Get(ContentDigestHeader), nil return res.Header.Get(ContentDigestHeader), nil
} }

@ -2,6 +2,7 @@ package manifest
import ( import (
"fmt" "fmt"
"github.com/containrrr/watchtower/pkg/registry/auth"
"github.com/containrrr/watchtower/pkg/registry/helpers" "github.com/containrrr/watchtower/pkg/registry/helpers"
"github.com/containrrr/watchtower/pkg/types" "github.com/containrrr/watchtower/pkg/types"
ref "github.com/docker/distribution/reference" ref "github.com/docker/distribution/reference"
@ -31,7 +32,8 @@ func BuildManifestURL(container types.Container) (string, error) {
if err != nil { if err != nil {
return "", err return "", err
} }
img = strings.TrimPrefix(img, fmt.Sprintf("%s/", host)) img = auth.GetScopeFromImageName(img, host)
if !strings.Contains(img, "/") { if !strings.Contains(img, "/") {
img = "library/" + img img = "library/" + img
} }

Loading…
Cancel
Save