Prevent asking pull scope for cross-repo mounting (google#604)

Fixes google#600
jonjohnsonjr · Nov 8, 2019 · 79629ba · 79629ba
1 parent 50b26ee
commit 79629ba
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 3 deletions.
diff --git a/pkg/v1/remote/write.go b/pkg/v1/remote/write.go
@@ -412,9 +412,10 @@ func scopesForUploadingImage(ref name.Reference, layers []v1.Layer) []string {
 
 	for _, l := range layers {
 		if ml, ok := l.(*MountableLayer); ok {
-			// we add push scope for ref.Context() after the loop
-			if ml.Reference.Context() != ref.Context() {
-				scopeSet[ml.Reference.Context().Scope(transport.PullScope)] = struct{}{}
+			// we will add push scope for ref.Context() after the loop.
+			// for now we ask pull scope for references of the same registry
+			if ml.Reference.Context() != ref.Context() && ml.Reference.Context().Registry == ref.Context().Registry {
+				scopeSet[ml.Reference.Scope(transport.PullScope)] = struct{}{}
 			}
 		}
 	}

diff --git a/pkg/v1/remote/write_test.go b/pkg/v1/remote/write_test.go
@@ -907,6 +907,11 @@ func TestScopesForUploadingImage(t *testing.T) {
 		t.Fatalf("name.NewTag() = %v", err)
 	}
 
+	sameReference, err := name.NewTag("example.com/sample/sample:previous", name.WeakValidation)
+	if err != nil {
+		t.Fatalf("name.NewTag() = %v", err)
+	}
+
 	anotherRepo1, err := name.NewTag("example.com/sample/another_repo1:latest", name.WeakValidation)
 	if err != nil {
 		t.Fatalf("name.NewTag() = %v", err)
@@ -917,6 +922,11 @@ func TestScopesForUploadingImage(t *testing.T) {
 		t.Fatalf("name.NewTag() = %v", err)
 	}
 
+	repoOnOtherRegistry, err := name.NewTag("other-domain.com/sample/any_repo:latest", name.WeakValidation)
+	if err != nil {
+		t.Fatalf("name.NewTag() = %v", err)
+	}
+
 	img := setupImage(t)
 	layers, err := img.Layers()
 	if err != nil {
@@ -938,6 +948,19 @@ func TestScopesForUploadingImage(t *testing.T) {
 				referenceToUpload.Scope(transport.PushScope),
 			},
 		},
+		{
+			name:      "mountable layers with same reference",
+			reference: referenceToUpload,
+			layers:    []v1.Layer{
+				&MountableLayer{
+					Layer:     dummyLayer,
+					Reference: sameReference,
+				},
+			},
+			expected: []string{
+				referenceToUpload.Scope(transport.PushScope),
+			},
+		},
 		{
 			name:      "mountable layers with single reference with no-duplicate",
 			reference: referenceToUpload,
@@ -1016,6 +1039,19 @@ func TestScopesForUploadingImage(t *testing.T) {
 				anotherRepo2.Scope(transport.PullScope),
 			},
 		},
+		{
+			name:      "cross repository mountable layer",
+			reference: referenceToUpload,
+			layers: []v1.Layer{
+				&MountableLayer{
+					Layer:     dummyLayer,
+					Reference: repoOnOtherRegistry,
+				},
+			},
+			expected: []string{
+				referenceToUpload.Scope(transport.PushScope),
+			},
+		},
 	}
 
 	for _, tc := range testCases {