From 4d15bf071c8f5355bafe7148f78e9973c0ce2fc5 Mon Sep 17 00:00:00 2001 From: Michal Minar Date: Thu, 18 Feb 2016 19:37:03 +0100 Subject: [PATCH] Defined ErrAccessDenied error Middleware code may perform additional checks on blobs written. Allow it to return access denied errors that will result in 403 Forbidden. Signed-off-by: Michal Minar --- errors.go | 4 ++++ registry/handlers/blobupload.go | 2 ++ registry/handlers/images.go | 4 ++++ 3 files changed, 10 insertions(+) diff --git a/errors.go b/errors.go index 77bd096ec..c20f28113 100644 --- a/errors.go +++ b/errors.go @@ -8,6 +8,10 @@ import ( "github.com/docker/distribution/digest" ) +// ErrAccessDenied is returned when an access to a requested resource is +// denied. +var ErrAccessDenied = errors.New("access denied") + // ErrManifestNotModified is returned when a conditional manifest GetByTag // returns nil due to the client indicating it has the latest version var ErrManifestNotModified = errors.New("manifest not modified") diff --git a/registry/handlers/blobupload.go b/registry/handlers/blobupload.go index e2c34d83f..bfeddb03e 100644 --- a/registry/handlers/blobupload.go +++ b/registry/handlers/blobupload.go @@ -253,6 +253,8 @@ func (buh *blobUploadHandler) PutBlobUploadComplete(w http.ResponseWriter, r *ht buh.Errors = append(buh.Errors, v2.ErrorCodeDigestInvalid.WithDetail(err)) default: switch err { + case distribution.ErrAccessDenied: + buh.Errors = append(buh.Errors, errcode.ErrorCodeDenied) case distribution.ErrUnsupported: buh.Errors = append(buh.Errors, errcode.ErrorCodeUnsupported) case distribution.ErrBlobInvalidLength, distribution.ErrBlobDigestUnsupported: diff --git a/registry/handlers/images.go b/registry/handlers/images.go index f5c9eada2..8ef7197a3 100644 --- a/registry/handlers/images.go +++ b/registry/handlers/images.go @@ -253,6 +253,10 @@ func (imh *imageManifestHandler) PutImageManifest(w http.ResponseWriter, r *http imh.Errors = append(imh.Errors, errcode.ErrorCodeUnsupported) return } + if err == distribution.ErrAccessDenied { + imh.Errors = append(imh.Errors, errcode.ErrorCodeDenied) + return + } switch err := err.(type) { case distribution.ErrManifestVerification: for _, verificationError := range err {