fix(trust): default to docker.io creds if appropriate

containrrr · Jan 22, 2023 · 6d575be · 6d575be
1 parent 31c5434
commit 6d575be
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 26 deletions.
diff --git a/pkg/registry/manifest/manifest.go b/pkg/registry/manifest/manifest.go
@@ -6,6 +6,7 @@ import (
 	url2 "net/url"
 	"strings"
 
+	"github.com/containrrr/watchtower/pkg/registry"
 	"github.com/containrrr/watchtower/pkg/types"
 	ref "github.com/docker/distribution/reference"
 	"github.com/sirupsen/logrus"
@@ -17,20 +18,14 @@ func BuildManifestURL(container types.Container) (string, error) {
 	if err != nil {
 		return "", err
 	}
-
-	if _, isDigested := normalizedRef.(ref.Digested); isDigested {
-		return "", errors.New("attempted manifest check on pinned image")
+	if _, isTagged := normalizedRef.(ref.NamedTagged); !isTagged {
+		return "", errors.New("Parsed container image ref has no tag: " + normalizedRef.String())
 	}
+	normalizedTaggedRef, _ := normalizedRef.(ref.NamedTagged)
 
-	host := ref.Domain(normalizedRef)
-	img := ref.Path(normalizedRef)
-	var tag string
-
-	if r, ok := normalizedRef.(ref.Tagged); ok {
-		tag = r.Tag()
-	} else {
-		return "", errors.New("parsed image reference is not tagged")
-	}
+	host, _ := registry.GetRegistryAddress(normalizedTaggedRef.Name())
+	img := ref.Path(normalizedTaggedRef)
+	tag := normalizedTaggedRef.Tag()
 
 	logrus.WithFields(logrus.Fields{
 		"image":      img,

diff --git a/pkg/registry/manifest/manifest_test.go b/pkg/registry/manifest/manifest_test.go
@@ -28,15 +28,15 @@ var _ = Describe("the manifest module", func() {
 		})
 		It("should assume dockerhub for non-qualified images", func() {
 			imageRef := "containrrr/watchtower:latest"
-			expected := "https://docker.io/v2/containrrr/watchtower/manifests/latest"
+			expected := "https://index.docker.io/v2/containrrr/watchtower/manifests/latest"
 
 			URL, err := buildMockContainerManifestURL(imageRef)
 			Expect(err).NotTo(HaveOccurred())
 			Expect(URL).To(Equal(expected))
 		})
 		It("should assume latest for images that lack an explicit tag", func() {
 			imageRef := "containrrr/watchtower"
-			expected := "https://docker.io/v2/containrrr/watchtower/manifests/latest"
+			expected := "https://index.docker.io/v2/containrrr/watchtower/manifests/latest"
 
 			URL, err := buildMockContainerManifestURL(imageRef)
 			Expect(err).NotTo(HaveOccurred())

diff --git a/pkg/registry/registry.go b/pkg/registry/registry.go
@@ -11,6 +11,7 @@ import (
 // references not specifying a registry, or references using the legacy domain
 const (
 	DefaultRegistryDomain       = "docker.io"
+	DefaultRegistryHost         = "index.docker.io"
 	LegacyDefaultRegistryDomain = "index.docker.io"
 )
 

diff --git a/pkg/registry/trust.go b/pkg/registry/trust.go
@@ -76,20 +76,18 @@ func EncodedConfigAuth(imageRef string) (string, error) {
 }
 
 // GetRegistryAddress extracts the server part from a container image ref,
-// returning docker.io for single-part image names without an explicit domain
+// returning index.docker.io for image names without an explicit registry
 func GetRegistryAddress(imageRef string) (string, error) {
-	parsedRef, err := ref.Parse(imageRef)
+	namedRef, err := ref.ParseNormalizedNamed(imageRef)
 	if err != nil {
 		return "", err
 	}
 
-	var registry string
-	if namedRef, ok := parsedRef.(ref.Named); ok && len(ref.Domain(namedRef)) > 0 {
-		registry = ref.Domain(namedRef)
-	} else {
-		registry = DefaultRegistryDomain
+	address := ref.Domain(namedRef)
+	if address == DefaultRegistryDomain {
+		address = DefaultRegistryHost
 	}
-	return registry, nil
+	return address, nil
 }
 
 // CredentialsStore returns a new credentials store based

diff --git a/pkg/registry/trust_test.go b/pkg/registry/trust_test.go
@@ -52,11 +52,15 @@ var _ = Describe("Registry credential helpers", func() {
 			_, err := GetRegistryAddress("")
 			Expect(err).To(HaveOccurred())
 		})
-		It("should return docker.io if passed a single-part image name with no explicit domain", func() {
-			Expect(GetRegistryAddress("containrrr")).To(Equal(DefaultRegistryDomain))
+		It("should return index.docker.io if passed a single-part image name with no explicit domain", func() {
+			Expect(GetRegistryAddress("containrrr")).To(Equal(DefaultRegistryHost))
 		})
-		It("should return the organization part if passed a multi-part image name with no explicit domain", func() {
-			Expect(GetRegistryAddress("containrrr/config")).To(Equal("containrrr"))
+		It("should return index.docker.io if passed a multi-part image name with no explicit domain", func() {
+			Expect(GetRegistryAddress("containrrr/watchtower")).To(Equal(DefaultRegistryHost))
+		})
+		It("should return the host if passed an image name containing a local host", func() {
+			Expect(GetRegistryAddress("henk:80/containrrr/watchtower")).To(Equal("henk:80"))
+			Expect(GetRegistryAddress("localhost/containrrr/watchtower")).To(Equal("localhost"))
 		})
 		It("should return the server name if passed a fully qualified image name", func() {
 			Expect(GetRegistryAddress("github.com/containrrr/config")).To(Equal("github.com"))