From 89facafb80a63d33090eca79d859dedcffa1717d Mon Sep 17 00:00:00 2001 From: Christy Norman Date: Tue, 24 Apr 2018 17:01:57 -0500 Subject: [PATCH 1/2] specify specific permissions When creating manifest lists, don't use "*" as the permission when creating the token handler. This causes problems with gitlab's repos. Fixes https://github.com/docker/cli/issues/1010 Signed-off-by: Christy Norman Upstream-commit: c26e2264fb474f0662051ab563b3560d0b02b018 Component: cli --- components/cli/cli/registry/client/endpoint.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/cli/cli/registry/client/endpoint.go b/components/cli/cli/registry/client/endpoint.go index a2d9c3359d..5af00ca70d 100644 --- a/components/cli/cli/registry/client/endpoint.go +++ b/components/cli/cli/registry/client/endpoint.go @@ -102,7 +102,7 @@ func getHTTPTransport(authConfig authtypes.AuthConfig, endpoint registry.APIEndp modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, passThruTokenHandler)) } else { creds := registry.NewStaticCredentialStore(&authConfig) - tokenHandler := auth.NewTokenHandler(authTransport, creds, repoName, "*") + tokenHandler := auth.NewTokenHandler(authTransport, creds, repoName, "push", "pull") basicHandler := auth.NewBasicHandler(creds) modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, tokenHandler, basicHandler)) } From 240bba4fdb19649b4c82ac18f6e2ba0fb282a426 Mon Sep 17 00:00:00 2001 From: Daniel Hiltgen Date: Fri, 27 Apr 2018 12:11:42 -0700 Subject: [PATCH 2/2] Export pull as a public function It will be helpful to expose the pull implementation which supports pulling private images for other CLI commands that rely on helper images. Signed-off-by: Daniel Hiltgen Upstream-commit: 812f1136850f6c18bbe3f1b2a960a8ff8a8413f3 Component: cli --- components/cli/cli/command/image/pull.go | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/components/cli/cli/command/image/pull.go b/components/cli/cli/command/image/pull.go index 60db336e4d..84bf804165 100644 --- a/components/cli/cli/command/image/pull.go +++ b/components/cli/cli/command/image/pull.go @@ -13,7 +13,8 @@ import ( "golang.org/x/net/context" ) -type pullOptions struct { +// PullOptions defines what and how to pull +type PullOptions struct { remote string all bool platform string @@ -22,7 +23,7 @@ type pullOptions struct { // NewPullCommand creates a new `docker pull` command func NewPullCommand(dockerCli command.Cli) *cobra.Command { - var opts pullOptions + var opts PullOptions cmd := &cobra.Command{ Use: "pull [OPTIONS] NAME[:TAG|@DIGEST]", @@ -30,7 +31,7 @@ func NewPullCommand(dockerCli command.Cli) *cobra.Command { Args: cli.ExactArgs(1), RunE: func(cmd *cobra.Command, args []string) error { opts.remote = args[0] - return runPull(dockerCli, opts) + return RunPull(dockerCli, opts) }, } @@ -44,7 +45,8 @@ func NewPullCommand(dockerCli command.Cli) *cobra.Command { return cmd } -func runPull(cli command.Cli, opts pullOptions) error { +// RunPull performs a pull against the engine based on the specified options +func RunPull(cli command.Cli, opts PullOptions) error { distributionRef, err := reference.ParseNormalizedNamed(opts.remote) switch { case err != nil: