[image-builder] Support whitelisted registries in GP layer build

gitpod-io · Jul 29, 2021 · 0eecc83 · 0eecc83
1 parent 479abb7
commit 0eecc83
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/components/image-builder-mk3/pkg/auth/auth.go b/components/image-builder-mk3/pkg/auth/auth.go
@@ -115,6 +115,15 @@ func (a AllowedAuthFor) Elevate(ref string) AllowedAuthFor {
 	return AllowedAuthFor{a.All, append(a.Explicit, reference.Domain(pref))}
 }
 
+// ExplicitlyAll produces an AllowedAuthFor that allows authentication for all
+// registries, yet carries the original Explicit list which affects GetAuthForImageBuild
+func (a AllowedAuthFor) ExplicitlyAll() AllowedAuthFor {
+	return AllowedAuthFor{
+		All:      true,
+		Explicit: a.Explicit,
+	}
+}
+
 // Resolver resolves an auth request determining which authentication is actually allowed
 type Resolver struct {
 	BaseImageRepository      string

diff --git a/components/image-builder-mk3/pkg/orchestrator/orchestrator.go b/components/image-builder-mk3/pkg/orchestrator/orchestrator.go
@@ -383,7 +383,7 @@ func (o *Orchestrator) Build(req *protocol.BuildRequest, resp protocol.ImageBuil
 	if err != nil {
 		return
 	}
-	gplayerAuth, err := o.getAuthFor(auth.AllowedAuthForAll, wsrefstr, baseref)
+	gplayerAuth, err := o.getAuthFor(reqauth.ExplicitlyAll(), wsrefstr, baseref)
 	if err != nil {
 		return
 	}