Defined ErrAccessDenied error

Middleware code may perform additional checks on blobs written. Allow it
to return access denied errors that will result in 403 Forbidden.

Signed-off-by: Michal Minar <miminar@redhat.com>
This commit is contained in:
Michal Minar 2016-02-18 19:37:03 +01:00
parent 464d03cdd6
commit 776e01f8bc
2 changed files with 6 additions and 0 deletions

View file

@ -253,6 +253,8 @@ func (buh *blobUploadHandler) PutBlobUploadComplete(w http.ResponseWriter, r *ht
buh.Errors = append(buh.Errors, v2.ErrorCodeDigestInvalid.WithDetail(err)) buh.Errors = append(buh.Errors, v2.ErrorCodeDigestInvalid.WithDetail(err))
default: default:
switch err { switch err {
case distribution.ErrAccessDenied:
buh.Errors = append(buh.Errors, errcode.ErrorCodeDenied)
case distribution.ErrUnsupported: case distribution.ErrUnsupported:
buh.Errors = append(buh.Errors, errcode.ErrorCodeUnsupported) buh.Errors = append(buh.Errors, errcode.ErrorCodeUnsupported)
case distribution.ErrBlobInvalidLength, distribution.ErrBlobDigestUnsupported: case distribution.ErrBlobInvalidLength, distribution.ErrBlobDigestUnsupported:

View file

@ -253,6 +253,10 @@ func (imh *imageManifestHandler) PutImageManifest(w http.ResponseWriter, r *http
imh.Errors = append(imh.Errors, errcode.ErrorCodeUnsupported) imh.Errors = append(imh.Errors, errcode.ErrorCodeUnsupported)
return return
} }
if err == distribution.ErrAccessDenied {
imh.Errors = append(imh.Errors, errcode.ErrorCodeDenied)
return
}
switch err := err.(type) { switch err := err.(type) {
case distribution.ErrManifestVerification: case distribution.ErrManifestVerification:
for _, verificationError := range err { for _, verificationError := range err {