Defined ErrAccessDenied error

Middleware code may perform additional checks on blobs written. Allow it
to return access denied errors that will result in 403 Forbidden.

Signed-off-by: Michal Minar <miminar@redhat.com>
This commit is contained in:
Michal Minar 2016-02-18 19:37:03 +01:00
parent 6344c99848
commit 4d15bf071c
3 changed files with 10 additions and 0 deletions

View file

@ -8,6 +8,10 @@ import (
"github.com/docker/distribution/digest" "github.com/docker/distribution/digest"
) )
// ErrAccessDenied is returned when an access to a requested resource is
// denied.
var ErrAccessDenied = errors.New("access denied")
// ErrManifestNotModified is returned when a conditional manifest GetByTag // ErrManifestNotModified is returned when a conditional manifest GetByTag
// returns nil due to the client indicating it has the latest version // returns nil due to the client indicating it has the latest version
var ErrManifestNotModified = errors.New("manifest not modified") var ErrManifestNotModified = errors.New("manifest not modified")

View file

@ -253,6 +253,8 @@ func (buh *blobUploadHandler) PutBlobUploadComplete(w http.ResponseWriter, r *ht
buh.Errors = append(buh.Errors, v2.ErrorCodeDigestInvalid.WithDetail(err)) buh.Errors = append(buh.Errors, v2.ErrorCodeDigestInvalid.WithDetail(err))
default: default:
switch err { switch err {
case distribution.ErrAccessDenied:
buh.Errors = append(buh.Errors, errcode.ErrorCodeDenied)
case distribution.ErrUnsupported: case distribution.ErrUnsupported:
buh.Errors = append(buh.Errors, errcode.ErrorCodeUnsupported) buh.Errors = append(buh.Errors, errcode.ErrorCodeUnsupported)
case distribution.ErrBlobInvalidLength, distribution.ErrBlobDigestUnsupported: case distribution.ErrBlobInvalidLength, distribution.ErrBlobDigestUnsupported:

View file

@ -253,6 +253,10 @@ func (imh *imageManifestHandler) PutImageManifest(w http.ResponseWriter, r *http
imh.Errors = append(imh.Errors, errcode.ErrorCodeUnsupported) imh.Errors = append(imh.Errors, errcode.ErrorCodeUnsupported)
return return
} }
if err == distribution.ErrAccessDenied {
imh.Errors = append(imh.Errors, errcode.ErrorCodeDenied)
return
}
switch err := err.(type) { switch err := err.(type) {
case distribution.ErrManifestVerification: case distribution.ErrManifestVerification:
for _, verificationError := range err { for _, verificationError := range err {