From 6d6c70a98b7fbceb262c0720d448b0981e06109e Mon Sep 17 00:00:00 2001
From: Matt Hook <hookenz@gmail.com>
Date: Thu, 16 Jun 2022 09:53:58 +1200
Subject: [PATCH] fix(swarm): don't stomp on the x-registry-auth header EE-3308
 (#7080)

* don't stomp on the x-registry-auth header

* del header if empty json provided for registry auth
---
 api/http/proxy/factory/docker/registry.go  |  2 +-
 api/http/proxy/factory/docker/transport.go | 15 ++++++++++++++-
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/api/http/proxy/factory/docker/registry.go b/api/http/proxy/factory/docker/registry.go
index 7992634f7..352c5a459 100644
--- a/api/http/proxy/factory/docker/registry.go
+++ b/api/http/proxy/factory/docker/registry.go
@@ -23,7 +23,7 @@ type (
 	}
 
 	portainerRegistryAuthenticationHeader struct {
-		RegistryId portainer.RegistryID `json:"registryId"`
+		RegistryId *portainer.RegistryID `json:"registryId"`
 	}
 )
 
diff --git a/api/http/proxy/factory/docker/transport.go b/api/http/proxy/factory/docker/transport.go
index 0c13cc783..c04bb8a4e 100644
--- a/api/http/proxy/factory/docker/transport.go
+++ b/api/http/proxy/factory/docker/transport.go
@@ -446,7 +446,20 @@ func (transport *Transport) decorateRegistryAuthenticationHeader(request *http.R
 			return err
 		}
 
-		authenticationHeader, err := createRegistryAuthenticationHeader(transport.dataStore, originalHeaderData.RegistryId, accessContext)
+		// delete header and exist function without error if Front End
+		// passes empty json. This is to restore original behavior which
+		// never originally passed this header
+		if string(decodedHeaderData) == "{}" {
+			request.Header.Del("X-Registry-Auth")
+			return nil
+		}
+
+		// only set X-Registry-Auth if registryId is defined
+		if originalHeaderData.RegistryId == nil {
+			return nil
+		}
+
+		authenticationHeader, err := createRegistryAuthenticationHeader(transport.dataStore, *originalHeaderData.RegistryId, accessContext)
 		if err != nil {
 			return err
 		}