Have the V2 registry endpoints raise Unauthorized with the proper header when anonymous access is disabled

Before this change, we'd raise a generic 401, which was breaking containerd and cri-o. Fixes https://jira.coreos.com/browse/QUAY-1332
2019-02-15 15:29:57 -05:00 · 2019-02-15 15:29:57 -05:00 · 7690d5d495
commit 7690d5d495
parent c4f7b28dc6
4 changed files with 19 additions and 5 deletions
--- a/endpoints/v2/init.py
+++ b/endpoints/v2/init.py
@ -107,6 +107,9 @@ def _require_repo_permission(permission_class, scopes=None, allow_public=False):
          raise Unsupported(detail=msg)

        if repository_ref.is_public:
+          if not features.ANONYMOUS_ACCESS:
+            raise Unauthorized(repository=repository, scopes=scopes)
+
          return func(namespace_name, repo_name, *args, **kwargs)

      raise Unauthorized(repository=repository, scopes=scopes)