From 3330f98762c809ef788be88bd15744834cff2535 Mon Sep 17 00:00:00 2001
From: Matej Vasek <mvasek@redhat.com>
Date: Mon, 31 May 2021 14:45:10 +0200
Subject: Better error handing for images/create compat api

If server cannot resolve short name due to enforcing policy send
non-2xx status code.

[NO TESTS NEEDED]

Signed-off-by: Matej Vasek <mvasek@redhat.com>
---
 pkg/api/handlers/compat/images.go | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'pkg')

diff --git a/pkg/api/handlers/compat/images.go b/pkg/api/handlers/compat/images.go
index 3f4320efa..fb97d1989 100644
--- a/pkg/api/handlers/compat/images.go
+++ b/pkg/api/handlers/compat/images.go
@@ -13,6 +13,7 @@ import (
 	"github.com/containers/common/libimage"
 	"github.com/containers/common/pkg/config"
 	"github.com/containers/image/v5/manifest"
+	"github.com/containers/image/v5/pkg/shortnames"
 	"github.com/containers/image/v5/types"
 	"github.com/containers/podman/v3/libpod"
 	"github.com/containers/podman/v3/pkg/api/handlers"
@@ -231,6 +232,14 @@ func CreateImageFromImage(w http.ResponseWriter, r *http.Request) {
 
 	fromImage := mergeNameAndTagOrDigest(query.FromImage, query.Tag)
 
+	// without this early check this function would return 200 but reported error via body stream soon after
+	// it's better to let caller know early via HTTP status code that request cannot be processed
+	_, err := shortnames.Resolve(runtime.SystemContext(), fromImage)
+	if err != nil {
+		utils.Error(w, "Something went wrong.", http.StatusBadRequest, errors.Wrap(err, "failed to resolve image name"))
+		return
+	}
+
 	authConf, authfile, key, err := auth.GetCredentials(r)
 	if err != nil {
 		utils.Error(w, "failed to retrieve repository credentials", http.StatusBadRequest, errors.Wrapf(err, "failed to parse %q header for %s", key, r.URL.String()))
-- 
cgit v1.2.3-54-g00ecf