From 6d575be37bf15f006fffa73770e5add7bc210d15 Mon Sep 17 00:00:00 2001 From: Reinier van der Leer Date: Fri, 20 Jan 2023 15:29:24 +0100 Subject: [PATCH] fix(trust): default to docker.io creds if appropriate --- pkg/registry/manifest/manifest.go | 19 +++++++------------ pkg/registry/manifest/manifest_test.go | 4 ++-- pkg/registry/registry.go | 1 + pkg/registry/trust.go | 14 ++++++-------- pkg/registry/trust_test.go | 12 ++++++++---- 5 files changed, 24 insertions(+), 26 deletions(-) diff --git a/pkg/registry/manifest/manifest.go b/pkg/registry/manifest/manifest.go index 825ee4355..30846c6ae 100644 --- a/pkg/registry/manifest/manifest.go +++ b/pkg/registry/manifest/manifest.go @@ -6,6 +6,7 @@ import ( url2 "net/url" "strings" + "github.com/containrrr/watchtower/pkg/registry" "github.com/containrrr/watchtower/pkg/types" ref "github.com/docker/distribution/reference" "github.com/sirupsen/logrus" @@ -17,20 +18,14 @@ func BuildManifestURL(container types.Container) (string, error) { if err != nil { return "", err } - - if _, isDigested := normalizedRef.(ref.Digested); isDigested { - return "", errors.New("attempted manifest check on pinned image") + if _, isTagged := normalizedRef.(ref.NamedTagged); !isTagged { + return "", errors.New("Parsed container image ref has no tag: " + normalizedRef.String()) } + normalizedTaggedRef, _ := normalizedRef.(ref.NamedTagged) - host := ref.Domain(normalizedRef) - img := ref.Path(normalizedRef) - var tag string - - if r, ok := normalizedRef.(ref.Tagged); ok { - tag = r.Tag() - } else { - return "", errors.New("parsed image reference is not tagged") - } + host, _ := registry.GetRegistryAddress(normalizedTaggedRef.Name()) + img := ref.Path(normalizedTaggedRef) + tag := normalizedTaggedRef.Tag() logrus.WithFields(logrus.Fields{ "image": img, diff --git a/pkg/registry/manifest/manifest_test.go b/pkg/registry/manifest/manifest_test.go index cf2bb0893..677c6791b 100644 --- a/pkg/registry/manifest/manifest_test.go +++ b/pkg/registry/manifest/manifest_test.go @@ -28,7 +28,7 @@ var _ = Describe("the manifest module", func() { }) It("should assume dockerhub for non-qualified images", func() { imageRef := "containrrr/watchtower:latest" - expected := "https://docker.io/v2/containrrr/watchtower/manifests/latest" + expected := "https://index.docker.io/v2/containrrr/watchtower/manifests/latest" URL, err := buildMockContainerManifestURL(imageRef) Expect(err).NotTo(HaveOccurred()) @@ -36,7 +36,7 @@ var _ = Describe("the manifest module", func() { }) It("should assume latest for images that lack an explicit tag", func() { imageRef := "containrrr/watchtower" - expected := "https://docker.io/v2/containrrr/watchtower/manifests/latest" + expected := "https://index.docker.io/v2/containrrr/watchtower/manifests/latest" URL, err := buildMockContainerManifestURL(imageRef) Expect(err).NotTo(HaveOccurred()) diff --git a/pkg/registry/registry.go b/pkg/registry/registry.go index 908b56ee1..ef1686e3f 100644 --- a/pkg/registry/registry.go +++ b/pkg/registry/registry.go @@ -11,6 +11,7 @@ import ( // references not specifying a registry, or references using the legacy domain const ( DefaultRegistryDomain = "docker.io" + DefaultRegistryHost = "index.docker.io" LegacyDefaultRegistryDomain = "index.docker.io" ) diff --git a/pkg/registry/trust.go b/pkg/registry/trust.go index fe50eecfd..04bdfa7a3 100644 --- a/pkg/registry/trust.go +++ b/pkg/registry/trust.go @@ -76,20 +76,18 @@ func EncodedConfigAuth(imageRef string) (string, error) { } // GetRegistryAddress extracts the server part from a container image ref, -// returning docker.io for single-part image names without an explicit domain +// returning index.docker.io for image names without an explicit registry func GetRegistryAddress(imageRef string) (string, error) { - parsedRef, err := ref.Parse(imageRef) + namedRef, err := ref.ParseNormalizedNamed(imageRef) if err != nil { return "", err } - var registry string - if namedRef, ok := parsedRef.(ref.Named); ok && len(ref.Domain(namedRef)) > 0 { - registry = ref.Domain(namedRef) - } else { - registry = DefaultRegistryDomain + address := ref.Domain(namedRef) + if address == DefaultRegistryDomain { + address = DefaultRegistryHost } - return registry, nil + return address, nil } // CredentialsStore returns a new credentials store based diff --git a/pkg/registry/trust_test.go b/pkg/registry/trust_test.go index d065b7b18..7a9ca6eb1 100644 --- a/pkg/registry/trust_test.go +++ b/pkg/registry/trust_test.go @@ -52,11 +52,15 @@ var _ = Describe("Registry credential helpers", func() { _, err := GetRegistryAddress("") Expect(err).To(HaveOccurred()) }) - It("should return docker.io if passed a single-part image name with no explicit domain", func() { - Expect(GetRegistryAddress("containrrr")).To(Equal(DefaultRegistryDomain)) + It("should return index.docker.io if passed a single-part image name with no explicit domain", func() { + Expect(GetRegistryAddress("containrrr")).To(Equal(DefaultRegistryHost)) }) - It("should return the organization part if passed a multi-part image name with no explicit domain", func() { - Expect(GetRegistryAddress("containrrr/config")).To(Equal("containrrr")) + It("should return index.docker.io if passed a multi-part image name with no explicit domain", func() { + Expect(GetRegistryAddress("containrrr/watchtower")).To(Equal(DefaultRegistryHost)) + }) + It("should return the host if passed an image name containing a local host", func() { + Expect(GetRegistryAddress("henk:80/containrrr/watchtower")).To(Equal("henk:80")) + Expect(GetRegistryAddress("localhost/containrrr/watchtower")).To(Equal("localhost")) }) It("should return the server name if passed a fully qualified image name", func() { Expect(GetRegistryAddress("github.com/containrrr/config")).To(Equal("github.com"))