diff options
| author | Sebastiaan van Stijn <thaJeztah@users.noreply.github.com> | 2023-05-11 17:38:17 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-05-11 17:38:17 +0200 |
| commit | f0791afadeb095d911aa35c1fca8fbbbb2ace0a4 (patch) | |
| tree | d9b96cc32a477804332abea2bd0406f412ac8cd4 | |
| parent | d922f94d9395f9554570c2d45b7f94ddb327be23 (diff) | |
| parent | 3309e45ca19641101dc1a19c4429e96664c97e6c (diff) | |
| download | docker-f0791afadeb095d911aa35c1fca8fbbbb2ace0a4.tar.gz | |
Merge pull request #45517 from vvoland/c8d-authconfig-default
c8d: Better handling of partially filled `AuthConfig`
| -rw-r--r-- | daemon/containerd/resolver.go | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/daemon/containerd/resolver.go b/daemon/containerd/resolver.go index 07c9ed9f0c..5b2d1dff4c 100644 --- a/daemon/containerd/resolver.go +++ b/daemon/containerd/resolver.go @@ -24,7 +24,15 @@ func (i *ImageService) newResolverFromAuthConfig(authConfig *registrytypes.AuthC }), tracker } -func hostsWrapper(hostsFn docker.RegistryHosts, authConfig *registrytypes.AuthConfig, regService RegistryConfigProvider) docker.RegistryHosts { +func hostsWrapper(hostsFn docker.RegistryHosts, optAuthConfig *registrytypes.AuthConfig, regService RegistryConfigProvider) docker.RegistryHosts { + var authorizer docker.Authorizer + if optAuthConfig != nil { + auth := *optAuthConfig + if auth != (registrytypes.AuthConfig{}) { + authorizer = docker.NewDockerAuthorizer(authorizationCredsFromAuthConfig(auth)) + } + } + return func(n string) ([]docker.RegistryHost, error) { hosts, err := hostsFn(n) if err != nil { @@ -33,12 +41,7 @@ func hostsWrapper(hostsFn docker.RegistryHosts, authConfig *registrytypes.AuthCo for i := range hosts { if hosts[i].Authorizer == nil { - var opts []docker.AuthorizerOpt - if authConfig != nil { - opts = append(opts, authorizationCredsFromAuthConfig(*authConfig)) - } - hosts[i].Authorizer = docker.NewDockerAuthorizer(opts...) - + hosts[i].Authorizer = authorizer isInsecure := regService.IsInsecureRegistry(hosts[i].Host) if hosts[i].Client.Transport != nil && isInsecure { hosts[i].Client.Transport = httpFallback{super: hosts[i].Client.Transport} @@ -51,13 +54,16 @@ func hostsWrapper(hostsFn docker.RegistryHosts, authConfig *registrytypes.AuthCo func authorizationCredsFromAuthConfig(authConfig registrytypes.AuthConfig) docker.AuthorizerOpt { cfgHost := registry.ConvertToHostname(authConfig.ServerAddress) - if cfgHost == registry.IndexHostname { + if cfgHost == "" || cfgHost == registry.IndexHostname { cfgHost = registry.DefaultRegistryHost } return docker.WithAuthCreds(func(host string) (string, string, error) { if cfgHost != host { - logrus.WithField("host", host).WithField("cfgHost", cfgHost).Warn("Host doesn't match") + logrus.WithFields(logrus.Fields{ + "host": host, + "cfgHost": cfgHost, + }).Warn("Host doesn't match") return "", "", nil } if authConfig.IdentityToken != "" { |