github
/
portainer
mirror of https://github.com/portainer/portainer
1
0
Fork 0
Code Issues Releases Wiki Activity

fix(docker/service): send registry id on update EE-2061 (#6606)

pull/6649/head
sunportainer 2022-03-10 13:35:11 +08:00 committed by GitHub
parent 0f3c7b1424
commit 20405e9803
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
api/http/proxy/factory/docker/transport.go
View File

@ -272,6 +272,7 @@ func (transport *Transport) proxyServiceRequest(request *http.Request) (*http.Re
if match, _ := path.Match("/services/*/*", requestPath); match { if match, _ := path.Match("/services/*/*", requestPath); match {
// Handle /services/{id}/{action} requests // Handle /services/{id}/{action} requests
serviceID := path.Base(path.Dir(requestPath)) serviceID := path.Base(path.Dir(requestPath))
transport.decorateRegistryAuthenticationHeader(request)
return transport.restrictedResourceOperation(request, serviceID, serviceID, portainer.ServiceResourceControl, false) return transport.restrictedResourceOperation(request, serviceID, serviceID, portainer.ServiceResourceControl, false)
} else if match, _ := path.Match("/services/*", requestPath); match { } else if match, _ := path.Match("/services/*", requestPath); match {
// Handle /services/{id} requests // Handle /services/{id} requests
@ -396,9 +397,14 @@ func (transport *Transport) proxyImageRequest(request *http.Request) (*http.Resp
} }
func (transport *Transport) replaceRegistryAuthenticationHeader(request *http.Request) (*http.Response, error) { func (transport *Transport) replaceRegistryAuthenticationHeader(request *http.Request) (*http.Response, error) {
transport.decorateRegistryAuthenticationHeader(request)
return transport.decorateGenericResourceCreationOperation(request, serviceObjectIdentifier, portainer.ServiceResourceControl)
}
func (transport *Transport) decorateRegistryAuthenticationHeader(request *http.Request) error {
accessContext, err := transport.createRegistryAccessContext(request) accessContext, err := transport.createRegistryAccessContext(request)
if err != nil { if err != nil {
return nil, err return err
} }
originalHeader := request.Header.Get("X-Registry-Auth") originalHeader := request.Header.Get("X-Registry-Auth")
@ -407,23 +413,23 @@ func (transport *Transport) replaceRegistryAuthenticationHeader(request *http.Re
decodedHeaderData, err := base64.StdEncoding.DecodeString(originalHeader) decodedHeaderData, err := base64.StdEncoding.DecodeString(originalHeader)
if err != nil { if err != nil {
return nil, err return err
} }
var originalHeaderData portainerRegistryAuthenticationHeader var originalHeaderData portainerRegistryAuthenticationHeader
err = json.Unmarshal(decodedHeaderData, &originalHeaderData) err = json.Unmarshal(decodedHeaderData, &originalHeaderData)
if err != nil { if err != nil {
return nil, err return err
} }
authenticationHeader, err := createRegistryAuthenticationHeader(transport.dataStore, originalHeaderData.RegistryId, accessContext) authenticationHeader, err := createRegistryAuthenticationHeader(transport.dataStore, originalHeaderData.RegistryId, accessContext)
if err != nil { if err != nil {
return nil, err return err
} }
headerData, err := json.Marshal(authenticationHeader) headerData, err := json.Marshal(authenticationHeader)
if err != nil { if err != nil {
return nil, err return err
} }
header := base64.StdEncoding.EncodeToString(headerData) header := base64.StdEncoding.EncodeToString(headerData)
@ -431,7 +437,7 @@ func (transport *Transport) replaceRegistryAuthenticationHeader(request *http.Re
request.Header.Set("X-Registry-Auth", header) request.Header.Set("X-Registry-Auth", header)
} }
return transport.decorateGenericResourceCreationOperation(request, serviceObjectIdentifier, portainer.ServiceResourceControl) return nil
} }
func (transport *Transport) restrictedResourceOperation(request *http.Request, resourceID string, dockerResourceID string, resourceType portainer.ResourceControlType, volumeBrowseRestrictionCheck bool) (*http.Response, error) { func (transport *Transport) restrictedResourceOperation(request *http.Request, resourceID string, dockerResourceID string, resourceType portainer.ResourceControlType, volumeBrowseRestrictionCheck bool) (*http.Response, error) {
@ -492,7 +498,6 @@ func (transport *Transport) restrictedResourceOperation(request *http.Request, r
return utils.WriteAccessDeniedResponse() return utils.WriteAccessDeniedResponse()
} }
} }
return transport.executeDockerRequest(request) return transport.executeDockerRequest(request)
} }

1
app/docker/rest/service.js
View File

@ -28,6 +28,7 @@ angular.module('portainer.docker').factory('Service', [
method: 'POST', method: 'POST',
params: { id: '@id', action: 'update', version: '@version', rollback: '@rollback' }, params: { id: '@id', action: 'update', version: '@version', rollback: '@rollback' },
headers: { headers: {
'X-Registry-Auth': (config) => btoa(JSON.stringify({ registryId: config.data.registryId })),
version: '1.29', version: '1.29',
}, },
}, },

1
app/docker/views/services/edit/serviceController.js
View File

@ -420,6 +420,7 @@ angular.module('portainer.docker').controller('ServiceController', [
if ($scope.hasChanges(service, ['Image'])) { if ($scope.hasChanges(service, ['Image'])) {
const image = ImageHelper.createImageConfigForContainer($scope.formValues.RegistryModel); const image = ImageHelper.createImageConfigForContainer($scope.formValues.RegistryModel);
config.TaskTemplate.ContainerSpec.Image = image.fromImage; config.TaskTemplate.ContainerSpec.Image = image.fromImage;
config.registryId = $scope.formValues.RegistryModel.Registry.Id;
} else { } else {
config.TaskTemplate.ContainerSpec.Image = service.Image; config.TaskTemplate.ContainerSpec.Image = service.Image;
} }