aboutsummaryrefslogtreecommitdiff
path: root/pkg/autoupdate/autoupdate.go
diff options
context:
space:
mode:
authorValentin Rothberg <vrothberg@redhat.com>2022-09-26 13:00:17 +0200
committerValentin Rothberg <vrothberg@redhat.com>2022-09-26 17:07:05 +0200
commit7bc36602f6c407cffdc799ca1b2fc7c00bc4f93b (patch)
tree6149fd0c1e3a8fed2aaa07c82cbe1331e1085408 /pkg/autoupdate/autoupdate.go
parent17f3756884f2f65a1da753e5b58895dc0b9145e8 (diff)
downloadpodman-7bc36602f6c407cffdc799ca1b2fc7c00bc4f93b.tar.gz
podman-7bc36602f6c407cffdc799ca1b2fc7c00bc4f93b.tar.bz2
podman-7bc36602f6c407cffdc799ca1b2fc7c00bc4f93b.zip
auto-update: validate container image
Auto updates using the "registry" policy require container to be created with a fully-qualified image reference. Short names are not supported due the ambiguity of their source registry. Initially, container creation errored out for non FQN images but it seems that Podman has regressed. Fixes: #15879 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Diffstat (limited to 'pkg/autoupdate/autoupdate.go')
-rw-r--r--pkg/autoupdate/autoupdate.go41
1 files changed, 3 insertions, 38 deletions
diff --git a/pkg/autoupdate/autoupdate.go b/pkg/autoupdate/autoupdate.go
index 9cf77d135..a0ed8ccba 100644
--- a/pkg/autoupdate/autoupdate.go
+++ b/pkg/autoupdate/autoupdate.go
@@ -9,8 +9,6 @@ import (
"github.com/containers/common/libimage"
"github.com/containers/common/pkg/config"
"github.com/containers/image/v5/docker"
- "github.com/containers/image/v5/docker/reference"
- "github.com/containers/image/v5/transports/alltransports"
"github.com/containers/podman/v4/libpod"
"github.com/containers/podman/v4/libpod/define"
"github.com/containers/podman/v4/libpod/events"
@@ -21,14 +19,6 @@ import (
"github.com/sirupsen/logrus"
)
-// Label denotes the container/pod label key to specify auto-update policies in
-// container labels.
-const Label = "io.containers.autoupdate"
-
-// Label denotes the container label key to specify authfile in
-// container labels.
-const AuthfileLabel = "io.containers.autoupdate.authfile"
-
// Policy represents an auto-update policy.
type Policy string
@@ -102,32 +92,7 @@ func LookupPolicy(s string) (Policy, error) {
return "", fmt.Errorf("invalid auto-update policy %q: valid policies are %+q", s, keys)
}
-// ValidateImageReference checks if the specified imageName is a fully-qualified
-// image reference to the docker transport (without digest). Such a reference
-// includes a domain, name and tag (e.g., quay.io/podman/stable:latest). The
-// reference may also be prefixed with "docker://" explicitly indicating that
-// it's a reference to the docker transport.
-func ValidateImageReference(imageName string) error {
- // Make sure the input image is a docker.
- imageRef, err := alltransports.ParseImageName(imageName)
- if err == nil && imageRef.Transport().Name() != docker.Transport.Name() {
- return fmt.Errorf("auto updates require the docker image transport but image is of transport %q", imageRef.Transport().Name())
- } else if err != nil {
- repo, err := reference.Parse(imageName)
- if err != nil {
- return fmt.Errorf("enforcing fully-qualified docker transport reference for auto updates: %w", err)
- }
- if _, ok := repo.(reference.NamedTagged); !ok {
- return fmt.Errorf("auto updates require fully-qualified image references (no tag): %q", imageName)
- }
- if _, ok := repo.(reference.Digested); ok {
- return fmt.Errorf("auto updates require fully-qualified image references without digest: %q", imageName)
- }
- }
- return nil
-}
-
-// AutoUpdate looks up containers with a specified auto-update policy and acts
+/// AutoUpdate looks up containers with a specified auto-update policy and acts
// accordingly.
//
// If the policy is set to PolicyRegistryImage, it checks if the image
@@ -418,7 +383,7 @@ func (u *updater) assembleTasks(ctx context.Context) []error {
// Check the container's auto-update policy which is configured
// as a label.
labels := ctr.Labels()
- value, exists := labels[Label]
+ value, exists := labels[define.AutoUpdateLabel]
if !exists {
continue
}
@@ -454,7 +419,7 @@ func (u *updater) assembleTasks(ctx context.Context) []error {
}
t := task{
- authfile: labels[AuthfileLabel],
+ authfile: labels[define.AutoUpdateAuthfileLabel],
auto: u,
container: ctr,
policy: policy,