Defined ErrAccessDenied error
Middleware code may perform additional checks on blobs written. Allow it to return access denied errors that will result in 403 Forbidden. Signed-off-by: Michal Minar <miminar@redhat.com>
This commit is contained in:
parent
6344c99848
commit
4d15bf071c
3 changed files with 10 additions and 0 deletions
|
@ -8,6 +8,10 @@ import (
|
||||||
"github.com/docker/distribution/digest"
|
"github.com/docker/distribution/digest"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// ErrAccessDenied is returned when an access to a requested resource is
|
||||||
|
// denied.
|
||||||
|
var ErrAccessDenied = errors.New("access denied")
|
||||||
|
|
||||||
// ErrManifestNotModified is returned when a conditional manifest GetByTag
|
// ErrManifestNotModified is returned when a conditional manifest GetByTag
|
||||||
// returns nil due to the client indicating it has the latest version
|
// returns nil due to the client indicating it has the latest version
|
||||||
var ErrManifestNotModified = errors.New("manifest not modified")
|
var ErrManifestNotModified = errors.New("manifest not modified")
|
||||||
|
|
|
@ -253,6 +253,8 @@ func (buh *blobUploadHandler) PutBlobUploadComplete(w http.ResponseWriter, r *ht
|
||||||
buh.Errors = append(buh.Errors, v2.ErrorCodeDigestInvalid.WithDetail(err))
|
buh.Errors = append(buh.Errors, v2.ErrorCodeDigestInvalid.WithDetail(err))
|
||||||
default:
|
default:
|
||||||
switch err {
|
switch err {
|
||||||
|
case distribution.ErrAccessDenied:
|
||||||
|
buh.Errors = append(buh.Errors, errcode.ErrorCodeDenied)
|
||||||
case distribution.ErrUnsupported:
|
case distribution.ErrUnsupported:
|
||||||
buh.Errors = append(buh.Errors, errcode.ErrorCodeUnsupported)
|
buh.Errors = append(buh.Errors, errcode.ErrorCodeUnsupported)
|
||||||
case distribution.ErrBlobInvalidLength, distribution.ErrBlobDigestUnsupported:
|
case distribution.ErrBlobInvalidLength, distribution.ErrBlobDigestUnsupported:
|
||||||
|
|
|
@ -253,6 +253,10 @@ func (imh *imageManifestHandler) PutImageManifest(w http.ResponseWriter, r *http
|
||||||
imh.Errors = append(imh.Errors, errcode.ErrorCodeUnsupported)
|
imh.Errors = append(imh.Errors, errcode.ErrorCodeUnsupported)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
if err == distribution.ErrAccessDenied {
|
||||||
|
imh.Errors = append(imh.Errors, errcode.ErrorCodeDenied)
|
||||||
|
return
|
||||||
|
}
|
||||||
switch err := err.(type) {
|
switch err := err.(type) {
|
||||||
case distribution.ErrManifestVerification:
|
case distribution.ErrManifestVerification:
|
||||||
for _, verificationError := range err {
|
for _, verificationError := range err {
|
||||||
|
|
Loading…
Reference in a new issue