cli/command/image: pushTrustedReference: internalize constructing indexInfo
All information needed can be deducted from the image reference, which
is used to create a indexInfo, repoInfo, and to resolve auth-config.
In some situations this may result in resolving the auth-config twice
after it already was resolved to an encoded auth-config.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9a6313ed3b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
@@ -17,11 +17,9 @@ import (
|
||||
"github.com/docker/cli/cli/streams"
|
||||
"github.com/docker/cli/cli/trust"
|
||||
"github.com/docker/cli/internal/jsonstream"
|
||||
"github.com/docker/cli/internal/registry"
|
||||
"github.com/docker/cli/internal/tui"
|
||||
"github.com/docker/docker/api/types/auxprogress"
|
||||
"github.com/docker/docker/api/types/image"
|
||||
registrytypes "github.com/docker/docker/api/types/registry"
|
||||
"github.com/morikuni/aec"
|
||||
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
|
||||
"github.com/pkg/errors"
|
||||
@@ -114,12 +112,8 @@ To push the complete multi-platform image, remove the --platform flag.
|
||||
}
|
||||
}
|
||||
|
||||
// Resolve the Repository name from fqn to RepositoryInfo
|
||||
indexInfo := registry.NewIndexInfo(ref)
|
||||
|
||||
// Resolve the Auth config relevant for this server
|
||||
authConfig := command.ResolveAuthConfig(dockerCli.ConfigFile(), indexInfo)
|
||||
encodedAuth, err := registrytypes.EncodeAuthConfig(authConfig)
|
||||
encodedAuth, err := command.RetrieveAuthTokenFromImage(dockerCli.ConfigFile(), ref.String())
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -142,7 +136,7 @@ To push the complete multi-platform image, remove the --platform flag.
|
||||
}()
|
||||
|
||||
if !opts.untrusted {
|
||||
return pushTrustedReference(ctx, dockerCli, indexInfo, ref, authConfig, responseBody)
|
||||
return pushTrustedReference(ctx, dockerCli, ref, responseBody)
|
||||
}
|
||||
|
||||
if opts.quiet {
|
||||
|
||||
@@ -12,6 +12,7 @@ import (
|
||||
"github.com/docker/cli/cli/streams"
|
||||
"github.com/docker/cli/cli/trust"
|
||||
"github.com/docker/cli/internal/jsonstream"
|
||||
"github.com/docker/cli/internal/registry"
|
||||
"github.com/docker/docker/api/types/image"
|
||||
registrytypes "github.com/docker/docker/api/types/registry"
|
||||
"github.com/opencontainers/go-digest"
|
||||
@@ -42,12 +43,18 @@ func newNotaryClient(cli command.Streams, imgRefAndAuth trust.ImageRefAndAuth) (
|
||||
}
|
||||
|
||||
// pushTrustedReference pushes a canonical reference to the trust server.
|
||||
func pushTrustedReference(ctx context.Context, ioStreams command.Streams, indexInfo *registrytypes.IndexInfo, ref reference.Named, authConfig registrytypes.AuthConfig, in io.Reader) error {
|
||||
func pushTrustedReference(ctx context.Context, dockerCLI command.Cli, ref reference.Named, responseBody io.Reader) error {
|
||||
// Resolve the Repository name from fqn to RepositoryInfo, and create an
|
||||
// IndexInfo. Docker Content Trust uses the IndexInfo.Official field to
|
||||
// select the right domain for Docker Hub's Notary server;
|
||||
// https://github.com/docker/cli/blob/v28.4.0/cli/trust/trust.go#L65-L79
|
||||
indexInfo := registry.NewIndexInfo(ref)
|
||||
repoInfo := &trust.RepositoryInfo{
|
||||
Name: reference.TrimNamed(ref),
|
||||
Index: indexInfo,
|
||||
}
|
||||
return trust.PushTrustedReference(ctx, ioStreams, repoInfo, ref, authConfig, in, command.UserAgent())
|
||||
authConfig := command.ResolveAuthConfig(dockerCLI.ConfigFile(), indexInfo)
|
||||
return trust.PushTrustedReference(ctx, dockerCLI, repoInfo, ref, authConfig, responseBody, command.UserAgent())
|
||||
}
|
||||
|
||||
// trustedPull handles content trust pulling of an image
|
||||
|
||||
+4
-1
@@ -342,7 +342,10 @@ func GetImageReferencesAndAuth(ctx context.Context,
|
||||
return ImageRefAndAuth{}, err
|
||||
}
|
||||
|
||||
// Resolve the Repository name from fqn to RepositoryInfo
|
||||
// Resolve the Repository name from fqn to RepositoryInfo, and create an
|
||||
// IndexInfo. Docker Content Trust uses the IndexInfo.Official field to
|
||||
// select the right domain for Docker Hub's Notary server;
|
||||
// https://github.com/docker/cli/blob/v28.4.0/cli/trust/trust.go#L65-L79
|
||||
indexInfo := registry.NewIndexInfo(ref)
|
||||
authConfig := authResolver(ctx, indexInfo)
|
||||
return ImageRefAndAuth{
|
||||
|
||||
Reference in New Issue
Block a user