snapshotter: don't touch original nydusd auth if no auth in labels #212

changweige · 2021-11-18T11:30:36Z

Nydusd must pull data from registry with auth if the repo is private.
Snapshotter only fetches auth from labels and if no auth in the labels,
it will use empty string to replace the original auth.

This causes nydusd lossing auth to access registry.

Signed-off-by: Changwei Ge [email protected]

bergwolf · 2021-11-19T08:32:39Z

contrib/nydus-snapshotter/pkg/auth/keychain.go

-		Password: labels[label.ImagePullSecret],
+func FromLabels(labels map[string]string) *PassKeyChain {
+	u, found := labels[label.ImagePullUsername]
+	if !found {


should check for empty username/password as well.

Sure. It now also checks if the values are void string.

Nydusd must pull data from registry with auth if the repo is private. Snapshotter only fetches auth from labels and if no auth in the labels, it will use empty string to replace the original auth. This causes nydusd lossing auth to access registry. Signed-off-by: Changwei Ge <[email protected]>

bergwolf reviewed Nov 19, 2021

View reviewed changes

bergwolf approved these changes Nov 22, 2021

View reviewed changes

bergwolf merged commit 3b35329 into dragonflyoss:master Nov 22, 2021

changweige deleted the g-not-touch-auth branch November 26, 2021 05:59

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

snapshotter: don't touch original nydusd auth if no auth in labels #212

snapshotter: don't touch original nydusd auth if no auth in labels #212

changweige commented Nov 18, 2021

bergwolf Nov 19, 2021

changweige Nov 22, 2021

snapshotter: don't touch original nydusd auth if no auth in labels #212

snapshotter: don't touch original nydusd auth if no auth in labels #212

Conversation

changweige commented Nov 18, 2021

bergwolf Nov 19, 2021

Choose a reason for hiding this comment

changweige Nov 22, 2021

Choose a reason for hiding this comment