mirror of https://github.com/docker/cli.git
cli/trust: remove special handling for "plugin" Class
This code depended on the registry Service interface, which has been removed, so needed to be refactored. Digging further into the reason this code existed, it looked like the Class=plugin was previously required on Docker Hub to handle plugins, but this requirement is no longer there, so we can remove this special handling. This patch removes the special handling to both remove the use of the registry.Service interface, as well as removing complexity that is no longer needed. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
parent
14482589df
commit
0ba820ed0b
|
@ -227,7 +227,7 @@ func createContainer(ctx context.Context, dockerCli command.Cli, containerConfig
|
||||||
|
|
||||||
if taggedRef, ok := namedRef.(reference.NamedTagged); ok && !opts.untrusted {
|
if taggedRef, ok := namedRef.(reference.NamedTagged); ok && !opts.untrusted {
|
||||||
var err error
|
var err error
|
||||||
trustedRef, err = image.TrustedReference(ctx, dockerCli, taggedRef, nil)
|
trustedRef, err = image.TrustedReference(ctx, dockerCli, taggedRef)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -279,7 +279,7 @@ func runBuild(dockerCli command.Cli, options buildOptions) error {
|
||||||
var resolvedTags []*resolvedTag
|
var resolvedTags []*resolvedTag
|
||||||
if !options.untrusted {
|
if !options.untrusted {
|
||||||
translator := func(ctx context.Context, ref reference.NamedTagged) (reference.Canonical, error) {
|
translator := func(ctx context.Context, ref reference.NamedTagged) (reference.Canonical, error) {
|
||||||
return TrustedReference(ctx, dockerCli, ref, nil)
|
return TrustedReference(ctx, dockerCli, ref)
|
||||||
}
|
}
|
||||||
// if there is a tar wrapper, the dockerfile needs to be replaced inside it
|
// if there is a tar wrapper, the dockerfile needs to be replaced inside it
|
||||||
if buildCtx != nil {
|
if buildCtx != nil {
|
||||||
|
|
|
@ -69,7 +69,7 @@ func RunPull(cli command.Cli, opts PullOptions) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, AuthResolver(cli), distributionRef.String())
|
imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, AuthResolver(cli), distributionRef.String())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -186,7 +186,7 @@ func trustedPull(ctx context.Context, cli command.Cli, imgRefAndAuth trust.Image
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
updatedImgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, AuthResolver(cli), trustedRef.String())
|
updatedImgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, AuthResolver(cli), trustedRef.String())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -289,8 +289,8 @@ func imagePullPrivileged(ctx context.Context, cli command.Cli, imgRefAndAuth tru
|
||||||
}
|
}
|
||||||
|
|
||||||
// TrustedReference returns the canonical trusted reference for an image reference
|
// TrustedReference returns the canonical trusted reference for an image reference
|
||||||
func TrustedReference(ctx context.Context, cli command.Cli, ref reference.NamedTagged, rs registry.Service) (reference.Canonical, error) {
|
func TrustedReference(ctx context.Context, cli command.Cli, ref reference.NamedTagged) (reference.Canonical, error) {
|
||||||
imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, rs, AuthResolver(cli), ref.String())
|
imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, AuthResolver(cli), ref.String())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -54,26 +54,6 @@ func newInstallCommand(dockerCli command.Cli) *cobra.Command {
|
||||||
return cmd
|
return cmd
|
||||||
}
|
}
|
||||||
|
|
||||||
type pluginRegistryService struct {
|
|
||||||
registry.Service
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s pluginRegistryService) ResolveRepository(name reference.Named) (*registry.RepositoryInfo, error) {
|
|
||||||
repoInfo, err := s.Service.ResolveRepository(name)
|
|
||||||
if repoInfo != nil {
|
|
||||||
repoInfo.Class = "plugin"
|
|
||||||
}
|
|
||||||
return repoInfo, err
|
|
||||||
}
|
|
||||||
|
|
||||||
func newRegistryService() (registry.Service, error) {
|
|
||||||
svc, err := registry.NewService(registry.ServiceOptions{})
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return pluginRegistryService{Service: svc}, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func buildPullConfig(ctx context.Context, dockerCli command.Cli, opts pluginOptions, cmdName string) (types.PluginInstallOptions, error) {
|
func buildPullConfig(ctx context.Context, dockerCli command.Cli, opts pluginOptions, cmdName string) (types.PluginInstallOptions, error) {
|
||||||
// Names with both tag and digest will be treated by the daemon
|
// Names with both tag and digest will be treated by the daemon
|
||||||
// as a pull by digest with a local name for the tag
|
// as a pull by digest with a local name for the tag
|
||||||
|
@ -98,12 +78,7 @@ func buildPullConfig(ctx context.Context, dockerCli command.Cli, opts pluginOpti
|
||||||
return types.PluginInstallOptions{}, errors.Errorf("invalid name: %s", ref.String())
|
return types.PluginInstallOptions{}, errors.Errorf("invalid name: %s", ref.String())
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx := context.Background()
|
trusted, err := image.TrustedReference(context.Background(), dockerCli, nt)
|
||||||
svc, err := newRegistryService()
|
|
||||||
if err != nil {
|
|
||||||
return types.PluginInstallOptions{}, err
|
|
||||||
}
|
|
||||||
trusted, err := image.TrustedReference(ctx, dockerCli, nt, svc)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return types.PluginInstallOptions{}, err
|
return types.PluginInstallOptions{}, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -68,7 +68,6 @@ func runPush(dockerCli command.Cli, opts pushOptions) error {
|
||||||
defer responseBody.Close()
|
defer responseBody.Close()
|
||||||
|
|
||||||
if !opts.untrusted {
|
if !opts.untrusted {
|
||||||
repoInfo.Class = "plugin"
|
|
||||||
return image.PushTrustedReference(dockerCli, repoInfo, named, authConfig, responseBody)
|
return image.PushTrustedReference(dockerCli, repoInfo, named, authConfig, responseBody)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -53,7 +53,7 @@ type trustKey struct {
|
||||||
// This information is to be pretty printed or serialized into a machine-readable format.
|
// This information is to be pretty printed or serialized into a machine-readable format.
|
||||||
func lookupTrustInfo(cli command.Cli, remote string) ([]trustTagRow, []client.RoleWithSignatures, []data.Role, error) {
|
func lookupTrustInfo(cli command.Cli, remote string) ([]trustTagRow, []client.RoleWithSignatures, []data.Role, error) {
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, image.AuthResolver(cli), remote)
|
imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, image.AuthResolver(cli), remote)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, err
|
return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -36,7 +36,7 @@ func newRevokeCommand(dockerCli command.Cli) *cobra.Command {
|
||||||
|
|
||||||
func revokeTrust(cli command.Cli, remote string, options revokeOptions) error {
|
func revokeTrust(cli command.Cli, remote string, options revokeOptions) error {
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, image.AuthResolver(cli), remote)
|
imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, image.AuthResolver(cli), remote)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -43,7 +43,7 @@ func newSignCommand(dockerCli command.Cli) *cobra.Command {
|
||||||
func runSignImage(cli command.Cli, options signOptions) error {
|
func runSignImage(cli command.Cli, options signOptions) error {
|
||||||
imageName := options.imageName
|
imageName := options.imageName
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, image.AuthResolver(cli), imageName)
|
imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, image.AuthResolver(cli), imageName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -81,7 +81,7 @@ func addSigner(cli command.Cli, options signerAddOptions) error {
|
||||||
|
|
||||||
func addSignerToRepo(cli command.Cli, signerName string, repoName string, signerPubKeys []data.PublicKey) error {
|
func addSignerToRepo(cli command.Cli, signerName string, repoName string, signerPubKeys []data.PublicKey) error {
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, image.AuthResolver(cli), repoName)
|
imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, image.AuthResolver(cli), repoName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -80,7 +80,7 @@ func isLastSignerForReleases(roleWithSig data.Role, allRoles []client.RoleWithSi
|
||||||
// The signer not being removed doesn't necessarily raise an error e.g. user choosing "No" when prompted for confirmation.
|
// The signer not being removed doesn't necessarily raise an error e.g. user choosing "No" when prompted for confirmation.
|
||||||
func removeSingleSigner(cli command.Cli, repoName, signerName string, forceYes bool) (bool, error) {
|
func removeSingleSigner(cli command.Cli, repoName, signerName string, forceYes bool) (bool, error) {
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, image.AuthResolver(cli), repoName)
|
imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, image.AuthResolver(cli), repoName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false, err
|
return false, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -160,7 +160,7 @@ func GetNotaryRepository(in io.Reader, out io.Writer, userAgent string, repoInfo
|
||||||
scope := auth.RepositoryScope{
|
scope := auth.RepositoryScope{
|
||||||
Repository: repoInfo.Name.Name(),
|
Repository: repoInfo.Name.Name(),
|
||||||
Actions: actions,
|
Actions: actions,
|
||||||
Class: repoInfo.Class,
|
Class: repoInfo.Class, // TODO(thaJeztah): Class is no longer needed for plugins and can likely be removed; see https://github.com/docker/cli/pull/4114#discussion_r1145430825
|
||||||
}
|
}
|
||||||
creds := simpleCredentialStore{auth: *authConfig}
|
creds := simpleCredentialStore{auth: *authConfig}
|
||||||
tokenHandlerOptions := auth.TokenHandlerOptions{
|
tokenHandlerOptions := auth.TokenHandlerOptions{
|
||||||
|
@ -301,7 +301,7 @@ type ImageRefAndAuth struct {
|
||||||
|
|
||||||
// GetImageReferencesAndAuth retrieves the necessary reference and auth information for an image name
|
// GetImageReferencesAndAuth retrieves the necessary reference and auth information for an image name
|
||||||
// as an ImageRefAndAuth struct
|
// as an ImageRefAndAuth struct
|
||||||
func GetImageReferencesAndAuth(ctx context.Context, rs registry.Service,
|
func GetImageReferencesAndAuth(ctx context.Context,
|
||||||
authResolver func(ctx context.Context, index *registrytypes.IndexInfo) types.AuthConfig,
|
authResolver func(ctx context.Context, index *registrytypes.IndexInfo) types.AuthConfig,
|
||||||
imgName string,
|
imgName string,
|
||||||
) (ImageRefAndAuth, error) {
|
) (ImageRefAndAuth, error) {
|
||||||
|
@ -311,13 +311,7 @@ func GetImageReferencesAndAuth(ctx context.Context, rs registry.Service,
|
||||||
}
|
}
|
||||||
|
|
||||||
// Resolve the Repository name from fqn to RepositoryInfo
|
// Resolve the Repository name from fqn to RepositoryInfo
|
||||||
var repoInfo *registry.RepositoryInfo
|
repoInfo, err := registry.ParseRepositoryInfo(ref)
|
||||||
if rs != nil {
|
|
||||||
repoInfo, err = rs.ResolveRepository(ref)
|
|
||||||
} else {
|
|
||||||
repoInfo, err = registry.ParseRepositoryInfo(ref)
|
|
||||||
}
|
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return ImageRefAndAuth{}, err
|
return ImageRefAndAuth{}, err
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue