cli/trust: remove special handling for "plugin" Class

This code depended on the registry Service interface, which has been removed,
so needed to be refactored. Digging further into the reason this code existed,
it looked like the Class=plugin was previously required on Docker Hub to handle
plugins, but this requirement is no longer there, so we can remove this special
handling.

This patch removes the special handling to both remove the use of the registry.Service
interface, as well as removing complexity that is no longer needed.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2023-03-15 16:21:02 +01:00
parent 14482589df
commit 0ba820ed0b
No known key found for this signature in database
GPG Key ID: 76698F39D527CE8C
12 changed files with 15 additions and 47 deletions

View File

@ -227,7 +227,7 @@ func createContainer(ctx context.Context, dockerCli command.Cli, containerConfig
if taggedRef, ok := namedRef.(reference.NamedTagged); ok && !opts.untrusted { if taggedRef, ok := namedRef.(reference.NamedTagged); ok && !opts.untrusted {
var err error var err error
trustedRef, err = image.TrustedReference(ctx, dockerCli, taggedRef, nil) trustedRef, err = image.TrustedReference(ctx, dockerCli, taggedRef)
if err != nil { if err != nil {
return nil, err return nil, err
} }

View File

@ -279,7 +279,7 @@ func runBuild(dockerCli command.Cli, options buildOptions) error {
var resolvedTags []*resolvedTag var resolvedTags []*resolvedTag
if !options.untrusted { if !options.untrusted {
translator := func(ctx context.Context, ref reference.NamedTagged) (reference.Canonical, error) { translator := func(ctx context.Context, ref reference.NamedTagged) (reference.Canonical, error) {
return TrustedReference(ctx, dockerCli, ref, nil) return TrustedReference(ctx, dockerCli, ref)
} }
// if there is a tar wrapper, the dockerfile needs to be replaced inside it // if there is a tar wrapper, the dockerfile needs to be replaced inside it
if buildCtx != nil { if buildCtx != nil {

View File

@ -69,7 +69,7 @@ func RunPull(cli command.Cli, opts PullOptions) error {
} }
ctx := context.Background() ctx := context.Background()
imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, AuthResolver(cli), distributionRef.String()) imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, AuthResolver(cli), distributionRef.String())
if err != nil { if err != nil {
return err return err
} }

View File

@ -186,7 +186,7 @@ func trustedPull(ctx context.Context, cli command.Cli, imgRefAndAuth trust.Image
if err != nil { if err != nil {
return err return err
} }
updatedImgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, AuthResolver(cli), trustedRef.String()) updatedImgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, AuthResolver(cli), trustedRef.String())
if err != nil { if err != nil {
return err return err
} }
@ -289,8 +289,8 @@ func imagePullPrivileged(ctx context.Context, cli command.Cli, imgRefAndAuth tru
} }
// TrustedReference returns the canonical trusted reference for an image reference // TrustedReference returns the canonical trusted reference for an image reference
func TrustedReference(ctx context.Context, cli command.Cli, ref reference.NamedTagged, rs registry.Service) (reference.Canonical, error) { func TrustedReference(ctx context.Context, cli command.Cli, ref reference.NamedTagged) (reference.Canonical, error) {
imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, rs, AuthResolver(cli), ref.String()) imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, AuthResolver(cli), ref.String())
if err != nil { if err != nil {
return nil, err return nil, err
} }

View File

@ -54,26 +54,6 @@ func newInstallCommand(dockerCli command.Cli) *cobra.Command {
return cmd return cmd
} }
type pluginRegistryService struct {
registry.Service
}
func (s pluginRegistryService) ResolveRepository(name reference.Named) (*registry.RepositoryInfo, error) {
repoInfo, err := s.Service.ResolveRepository(name)
if repoInfo != nil {
repoInfo.Class = "plugin"
}
return repoInfo, err
}
func newRegistryService() (registry.Service, error) {
svc, err := registry.NewService(registry.ServiceOptions{})
if err != nil {
return nil, err
}
return pluginRegistryService{Service: svc}, nil
}
func buildPullConfig(ctx context.Context, dockerCli command.Cli, opts pluginOptions, cmdName string) (types.PluginInstallOptions, error) { func buildPullConfig(ctx context.Context, dockerCli command.Cli, opts pluginOptions, cmdName string) (types.PluginInstallOptions, error) {
// Names with both tag and digest will be treated by the daemon // Names with both tag and digest will be treated by the daemon
// as a pull by digest with a local name for the tag // as a pull by digest with a local name for the tag
@ -98,12 +78,7 @@ func buildPullConfig(ctx context.Context, dockerCli command.Cli, opts pluginOpti
return types.PluginInstallOptions{}, errors.Errorf("invalid name: %s", ref.String()) return types.PluginInstallOptions{}, errors.Errorf("invalid name: %s", ref.String())
} }
ctx := context.Background() trusted, err := image.TrustedReference(context.Background(), dockerCli, nt)
svc, err := newRegistryService()
if err != nil {
return types.PluginInstallOptions{}, err
}
trusted, err := image.TrustedReference(ctx, dockerCli, nt, svc)
if err != nil { if err != nil {
return types.PluginInstallOptions{}, err return types.PluginInstallOptions{}, err
} }

View File

@ -68,7 +68,6 @@ func runPush(dockerCli command.Cli, opts pushOptions) error {
defer responseBody.Close() defer responseBody.Close()
if !opts.untrusted { if !opts.untrusted {
repoInfo.Class = "plugin"
return image.PushTrustedReference(dockerCli, repoInfo, named, authConfig, responseBody) return image.PushTrustedReference(dockerCli, repoInfo, named, authConfig, responseBody)
} }

View File

@ -53,7 +53,7 @@ type trustKey struct {
// This information is to be pretty printed or serialized into a machine-readable format. // This information is to be pretty printed or serialized into a machine-readable format.
func lookupTrustInfo(cli command.Cli, remote string) ([]trustTagRow, []client.RoleWithSignatures, []data.Role, error) { func lookupTrustInfo(cli command.Cli, remote string) ([]trustTagRow, []client.RoleWithSignatures, []data.Role, error) {
ctx := context.Background() ctx := context.Background()
imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, image.AuthResolver(cli), remote) imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, image.AuthResolver(cli), remote)
if err != nil { if err != nil {
return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, err return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, err
} }

View File

@ -36,7 +36,7 @@ func newRevokeCommand(dockerCli command.Cli) *cobra.Command {
func revokeTrust(cli command.Cli, remote string, options revokeOptions) error { func revokeTrust(cli command.Cli, remote string, options revokeOptions) error {
ctx := context.Background() ctx := context.Background()
imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, image.AuthResolver(cli), remote) imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, image.AuthResolver(cli), remote)
if err != nil { if err != nil {
return err return err
} }

View File

@ -43,7 +43,7 @@ func newSignCommand(dockerCli command.Cli) *cobra.Command {
func runSignImage(cli command.Cli, options signOptions) error { func runSignImage(cli command.Cli, options signOptions) error {
imageName := options.imageName imageName := options.imageName
ctx := context.Background() ctx := context.Background()
imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, image.AuthResolver(cli), imageName) imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, image.AuthResolver(cli), imageName)
if err != nil { if err != nil {
return err return err
} }

View File

@ -81,7 +81,7 @@ func addSigner(cli command.Cli, options signerAddOptions) error {
func addSignerToRepo(cli command.Cli, signerName string, repoName string, signerPubKeys []data.PublicKey) error { func addSignerToRepo(cli command.Cli, signerName string, repoName string, signerPubKeys []data.PublicKey) error {
ctx := context.Background() ctx := context.Background()
imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, image.AuthResolver(cli), repoName) imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, image.AuthResolver(cli), repoName)
if err != nil { if err != nil {
return err return err
} }

View File

@ -80,7 +80,7 @@ func isLastSignerForReleases(roleWithSig data.Role, allRoles []client.RoleWithSi
// The signer not being removed doesn't necessarily raise an error e.g. user choosing "No" when prompted for confirmation. // The signer not being removed doesn't necessarily raise an error e.g. user choosing "No" when prompted for confirmation.
func removeSingleSigner(cli command.Cli, repoName, signerName string, forceYes bool) (bool, error) { func removeSingleSigner(cli command.Cli, repoName, signerName string, forceYes bool) (bool, error) {
ctx := context.Background() ctx := context.Background()
imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, image.AuthResolver(cli), repoName) imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, image.AuthResolver(cli), repoName)
if err != nil { if err != nil {
return false, err return false, err
} }

View File

@ -160,7 +160,7 @@ func GetNotaryRepository(in io.Reader, out io.Writer, userAgent string, repoInfo
scope := auth.RepositoryScope{ scope := auth.RepositoryScope{
Repository: repoInfo.Name.Name(), Repository: repoInfo.Name.Name(),
Actions: actions, Actions: actions,
Class: repoInfo.Class, Class: repoInfo.Class, // TODO(thaJeztah): Class is no longer needed for plugins and can likely be removed; see https://github.com/docker/cli/pull/4114#discussion_r1145430825
} }
creds := simpleCredentialStore{auth: *authConfig} creds := simpleCredentialStore{auth: *authConfig}
tokenHandlerOptions := auth.TokenHandlerOptions{ tokenHandlerOptions := auth.TokenHandlerOptions{
@ -301,7 +301,7 @@ type ImageRefAndAuth struct {
// GetImageReferencesAndAuth retrieves the necessary reference and auth information for an image name // GetImageReferencesAndAuth retrieves the necessary reference and auth information for an image name
// as an ImageRefAndAuth struct // as an ImageRefAndAuth struct
func GetImageReferencesAndAuth(ctx context.Context, rs registry.Service, func GetImageReferencesAndAuth(ctx context.Context,
authResolver func(ctx context.Context, index *registrytypes.IndexInfo) types.AuthConfig, authResolver func(ctx context.Context, index *registrytypes.IndexInfo) types.AuthConfig,
imgName string, imgName string,
) (ImageRefAndAuth, error) { ) (ImageRefAndAuth, error) {
@ -311,13 +311,7 @@ func GetImageReferencesAndAuth(ctx context.Context, rs registry.Service,
} }
// Resolve the Repository name from fqn to RepositoryInfo // Resolve the Repository name from fqn to RepositoryInfo
var repoInfo *registry.RepositoryInfo repoInfo, err := registry.ParseRepositoryInfo(ref)
if rs != nil {
repoInfo, err = rs.ResolveRepository(ref)
} else {
repoInfo, err = registry.ParseRepositoryInfo(ref)
}
if err != nil { if err != nil {
return ImageRefAndAuth{}, err return ImageRefAndAuth{}, err
} }