github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-16 04:17:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(storage): handle dedupe disabled in GetAllDedupeReposCandidates() (#2533)

Browse Source 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
This commit is contained in:
peusebiu
2024-07-09 15:33:11 +03:00
committed by GitHub
parent aaee0220e4
commit 1c2736d970
3 changed files with 21 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/api/config/config.go
+4
View File
@@ -340,6 +340,10 @@ func (c *Config) IsLdapAuthEnabled() bool {
return false return false
} }
func (c *Config) IsAuthzEnabled() bool {
return c.HTTP.AccessControl != nil
}
func (c *Config) IsMTLSAuthEnabled() bool { func (c *Config) IsMTLSAuthEnabled() bool {
if c.HTTP.TLS != nil && if c.HTTP.TLS != nil &&
c.HTTP.TLS.Key != "" && c.HTTP.TLS.Key != "" &&
pkg/api/routes.go
+13 -9
View File
@@ -879,13 +879,11 @@ func canMount(userAc *reqCtx.UserAccessControl, imgStore storageTypes.ImageStore
) (bool, error) { ) (bool, error) {
canMount := true canMount := true
// authz enabled
if userAc != nil { if userAc != nil {
canMount = false canMount = false
repos, err := imgStore.GetAllDedupeReposCandidates(digest) repos, err := imgStore.GetAllDedupeReposCandidates(digest)
if err != nil { if err != nil {
// first write
return false, err return false, err
} }
@@ -943,9 +941,12 @@ func (rh *RouteHandler) CheckBlob(response http.ResponseWriter, request *http.Re
return return
} }
userCanMount, err := canMount(userAc, imgStore, digest) userCanMount := true
if err != nil { if rh.c.Config.IsAuthzEnabled() {
rh.c.Log.Error().Err(err).Msg("unexpected error") userCanMount, err = canMount(userAc, imgStore, digest)
if err != nil {
rh.c.Log.Error().Err(err).Msg("unexpected error")
}
} }
var blen int64 var blen int64
@@ -963,7 +964,7 @@ func (rh *RouteHandler) CheckBlob(response http.ResponseWriter, request *http.Re
if err != nil { if err != nil {
details := zerr.GetDetails(err) details := zerr.GetDetails(err)
if errors.Is(err, zerr.ErrBadBlobDigest) { //nolint:gocritic // errorslint conflicts with gocritic:IfElseChain if errors.Is(err, zerr.ErrBadBlobDigest) { //nolint:gocritic,dupl // errorslint conflicts with gocritic:IfElseChain
details["digest"] = digest.String() details["digest"] = digest.String()
e := apiErr.NewError(apiErr.DIGEST_INVALID).AddDetail(details) e := apiErr.NewError(apiErr.DIGEST_INVALID).AddDetail(details)
zcommon.WriteJSON(response, http.StatusBadRequest, apiErr.NewErrorList(e)) zcommon.WriteJSON(response, http.StatusBadRequest, apiErr.NewErrorList(e))
@@ -1254,9 +1255,12 @@ func (rh *RouteHandler) CreateBlobUpload(response http.ResponseWriter, request *
return return
} }
userCanMount, err := canMount(userAc, imgStore, mountDigest) userCanMount := true
if err != nil { if rh.c.Config.IsAuthzEnabled() {
rh.c.Log.Error().Err(err).Msg("unexpected error") userCanMount, err = canMount(userAc, imgStore, mountDigest)
if err != nil {
rh.c.Log.Error().Err(err).Msg("unexpected error")
}
} }
// zot does not support cross mounting directly and do a workaround creating using hard link. // zot does not support cross mounting directly and do a workaround creating using hard link.
pkg/storage/imagestore/imagestore.go
+4
View File
@@ -1121,6 +1121,10 @@ func (is *ImageStore) GetAllDedupeReposCandidates(digest godigest.Digest) ([]str
return nil, err return nil, err
} }
if is.cache == nil {
return nil, nil
}
is.RLock(&lockLatency) is.RLock(&lockLatency)
defer is.RUnlock(&lockLatency) defer is.RUnlock(&lockLatency)