diff options
| author | Paweł Gronowski <pawel.gronowski@docker.com> | 2023-05-11 14:12:49 +0200 |
|---|---|---|
| committer | Paweł Gronowski <pawel.gronowski@docker.com> | 2023-05-11 14:32:46 +0200 |
| commit | 3309e45ca19641101dc1a19c4429e96664c97e6c (patch) | |
| tree | a5929b0cdbd783cd4fb346cc0196a28d5bbb6094 | |
| parent | 2ad499f93e4b5117246ceffb8deb2bd6d9966fd2 (diff) | |
| download | docker-3309e45ca19641101dc1a19c4429e96664c97e6c.tar.gz | |
c8d: Don't create authorizer for empty AuthConfig
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
| -rw-r--r-- | daemon/containerd/resolver.go | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/daemon/containerd/resolver.go b/daemon/containerd/resolver.go index 9dcfb2a97c..5b2d1dff4c 100644 --- a/daemon/containerd/resolver.go +++ b/daemon/containerd/resolver.go @@ -24,7 +24,15 @@ func (i *ImageService) newResolverFromAuthConfig(authConfig *registrytypes.AuthC }), tracker } -func hostsWrapper(hostsFn docker.RegistryHosts, authConfig *registrytypes.AuthConfig, regService RegistryConfigProvider) docker.RegistryHosts { +func hostsWrapper(hostsFn docker.RegistryHosts, optAuthConfig *registrytypes.AuthConfig, regService RegistryConfigProvider) docker.RegistryHosts { + var authorizer docker.Authorizer + if optAuthConfig != nil { + auth := *optAuthConfig + if auth != (registrytypes.AuthConfig{}) { + authorizer = docker.NewDockerAuthorizer(authorizationCredsFromAuthConfig(auth)) + } + } + return func(n string) ([]docker.RegistryHost, error) { hosts, err := hostsFn(n) if err != nil { @@ -33,12 +41,7 @@ func hostsWrapper(hostsFn docker.RegistryHosts, authConfig *registrytypes.AuthCo for i := range hosts { if hosts[i].Authorizer == nil { - var opts []docker.AuthorizerOpt - if authConfig != nil { - opts = append(opts, authorizationCredsFromAuthConfig(*authConfig)) - } - hosts[i].Authorizer = docker.NewDockerAuthorizer(opts...) - + hosts[i].Authorizer = authorizer isInsecure := regService.IsInsecureRegistry(hosts[i].Host) if hosts[i].Client.Transport != nil && isInsecure { hosts[i].Client.Transport = httpFallback{super: hosts[i].Client.Transport} @@ -57,7 +60,10 @@ func authorizationCredsFromAuthConfig(authConfig registrytypes.AuthConfig) docke return docker.WithAuthCreds(func(host string) (string, string, error) { if cfgHost != host { - logrus.WithField("host", host).WithField("cfgHost", cfgHost).Warn("Host doesn't match") + logrus.WithFields(logrus.Fields{ + "host": host, + "cfgHost": cfgHost, + }).Warn("Host doesn't match") return "", "", nil } if authConfig.IdentityToken != "" { |