addressing comments from stevvooe
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
This commit is contained in:
Mike Brown
@@ -122,8 +122,7 @@ func (imh *manifestHandler) GetManifest(w http.ResponseWriter, r *http.Request)
|
||||
|
||||
if imh.Tag != "" {
|
||||
tags := imh.Repository.Tags(imh)
|
||||
var desc distribution.Descriptor
|
||||
desc, err = tags.Get(imh, imh.Tag)
|
||||
desc, err := tags.Get(imh, imh.Tag)
|
||||
if err != nil {
|
||||
if _, ok := err.(distribution.ErrTagUnknown); ok {
|
||||
imh.Errors = append(imh.Errors, v2.ErrorCodeManifestUnknown.WithDetail(err))
|
||||
@@ -144,8 +143,7 @@ func (imh *manifestHandler) GetManifest(w http.ResponseWriter, r *http.Request)
|
||||
if imh.Tag != "" {
|
||||
options = append(options, distribution.WithTag(imh.Tag))
|
||||
}
|
||||
var manifest distribution.Manifest
|
||||
manifest, err = manifests.Get(imh, imh.Digest, options...)
|
||||
manifest, err := manifests.Get(imh, imh.Digest, options...)
|
||||
if err != nil {
|
||||
if _, ok := err.(distribution.ErrManifestUnknownRevision); ok {
|
||||
imh.Errors = append(imh.Errors, v2.ErrorCodeManifestUnknown.WithDetail(err))
|
||||
@@ -266,7 +264,7 @@ func (imh *manifestHandler) convertSchema2Manifest(schema2Manifest *schema2.Dese
|
||||
|
||||
builder := schema1.NewConfigManifestBuilder(imh.Repository.Blobs(imh), imh.Context.App.trustKey, ref, configJSON)
|
||||
for _, d := range schema2Manifest.Layers {
|
||||
if err = builder.AppendReference(d); err != nil {
|
||||
if err := builder.AppendReference(d); err != nil {
|
||||
imh.Errors = append(imh.Errors, v2.ErrorCodeManifestInvalid.WithDetail(err))
|
||||
return nil, err
|
||||
}
|
||||
@@ -339,7 +337,7 @@ func (imh *manifestHandler) PutManifest(w http.ResponseWriter, r *http.Request)
|
||||
options = append(options, distribution.WithTag(imh.Tag))
|
||||
}
|
||||
|
||||
if err = imh.applyResourcePolicy(manifest); err != nil {
|
||||
if err := imh.applyResourcePolicy(manifest); err != nil {
|
||||
imh.Errors = append(imh.Errors, err)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -3,7 +3,6 @@ package storage
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"net/url"
|
||||
|
||||
"github.com/docker/distribution"
|
||||
"github.com/docker/distribution/context"
|
||||
@@ -80,23 +79,6 @@ func (ms *ocischemaManifestHandler) verifyManifest(ctx context.Context, mnfst oc
|
||||
var err error
|
||||
|
||||
switch descriptor.MediaType {
|
||||
// TODO: mikebrow/steveoe verify we should treat oci nondistributable like foreign layers?
|
||||
case v1.MediaTypeImageLayerNonDistributable, v1.MediaTypeImageLayerNonDistributableGzip:
|
||||
// Clients download this layer from an external URL, so do not check for
|
||||
// its presence.
|
||||
if len(descriptor.URLs) == 0 {
|
||||
err = errMissingURL
|
||||
}
|
||||
allow := ms.manifestURLs.allow
|
||||
deny := ms.manifestURLs.deny
|
||||
for _, u := range descriptor.URLs {
|
||||
var pu *url.URL
|
||||
pu, err = url.Parse(u)
|
||||
if err != nil || (pu.Scheme != "http" && pu.Scheme != "https") || pu.Fragment != "" || (allow != nil && !allow.MatchString(u)) || (deny != nil && deny.MatchString(u)) {
|
||||
err = errInvalidURL
|
||||
break
|
||||
}
|
||||
}
|
||||
case v1.MediaTypeImageManifest:
|
||||
var exists bool
|
||||
exists, err = manifestService.Exists(ctx, descriptor.Digest)
|
||||
|
||||
@@ -53,12 +53,6 @@ func TestVerifyOCIManifestNonDistributableLayer(t *testing.T) {
|
||||
|
||||
cases := []testcase{
|
||||
{
|
||||
nonDistributableLayer,
|
||||
nil,
|
||||
errMissingURL,
|
||||
},
|
||||
{
|
||||
// regular layers may have foreign urls (non-Distributable Layers)
|
||||
layer,
|
||||
[]string{"http://foo/bar"},
|
||||
nil,
|
||||
@@ -66,37 +60,37 @@ func TestVerifyOCIManifestNonDistributableLayer(t *testing.T) {
|
||||
{
|
||||
nonDistributableLayer,
|
||||
[]string{"file:///local/file"},
|
||||
errInvalidURL,
|
||||
nil,
|
||||
},
|
||||
{
|
||||
nonDistributableLayer,
|
||||
[]string{"http://foo/bar#baz"},
|
||||
errInvalidURL,
|
||||
nil,
|
||||
},
|
||||
{
|
||||
nonDistributableLayer,
|
||||
[]string{""},
|
||||
errInvalidURL,
|
||||
nil,
|
||||
},
|
||||
{
|
||||
nonDistributableLayer,
|
||||
[]string{"https://foo/bar", ""},
|
||||
errInvalidURL,
|
||||
nil,
|
||||
},
|
||||
{
|
||||
nonDistributableLayer,
|
||||
[]string{"", "https://foo/bar"},
|
||||
errInvalidURL,
|
||||
nil,
|
||||
},
|
||||
{
|
||||
nonDistributableLayer,
|
||||
[]string{"http://nope/bar"},
|
||||
errInvalidURL,
|
||||
nil,
|
||||
},
|
||||
{
|
||||
nonDistributableLayer,
|
||||
[]string{"http://foo/nope"},
|
||||
errInvalidURL,
|
||||
nil,
|
||||
},
|
||||
{
|
||||
nonDistributableLayer,
|
||||
|
||||
Reference in New Issue
Block a user