From a68cf50377fc3f2c36b30a4b73db2b88d435fec9 Mon Sep 17 00:00:00 2001 From: Christian Weichel Date: Thu, 29 Jul 2021 14:42:49 +0000 Subject: [PATCH] [image-builder] Support whitelisted registries in GP layer build --- components/image-builder-mk3/pkg/auth/auth.go | 9 +++++++++ .../image-builder-mk3/pkg/orchestrator/orchestrator.go | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/components/image-builder-mk3/pkg/auth/auth.go b/components/image-builder-mk3/pkg/auth/auth.go index 6be3db5cd64fab..c8239325873fc1 100644 --- a/components/image-builder-mk3/pkg/auth/auth.go +++ b/components/image-builder-mk3/pkg/auth/auth.go @@ -115,6 +115,15 @@ func (a AllowedAuthFor) Elevate(ref string) AllowedAuthFor { return AllowedAuthFor{a.All, append(a.Explicit, reference.Domain(pref))} } +// ExplicitlyAll produces an AllowedAuthFor that allows authentication for all +// registries, yet carries the original Explicit list which affects GetAuthForImageBuild +func (a AllowedAuthFor) ExplicitlyAll() AllowedAuthFor { + return AllowedAuthFor{ + All: true, + Explicit: a.Explicit, + } +} + // Resolver resolves an auth request determining which authentication is actually allowed type Resolver struct { BaseImageRepository string diff --git a/components/image-builder-mk3/pkg/orchestrator/orchestrator.go b/components/image-builder-mk3/pkg/orchestrator/orchestrator.go index fdbc532c4cf647..8fcb5ecad8089a 100644 --- a/components/image-builder-mk3/pkg/orchestrator/orchestrator.go +++ b/components/image-builder-mk3/pkg/orchestrator/orchestrator.go @@ -383,7 +383,7 @@ func (o *Orchestrator) Build(req *protocol.BuildRequest, resp protocol.ImageBuil if err != nil { return } - gplayerAuth, err := o.getAuthFor(auth.AllowedAuthForAll, wsrefstr, baseref) + gplayerAuth, err := o.getAuthFor(reqauth.ExplicitlyAll(), wsrefstr, baseref) if err != nil { return }