Use docker client without auth if dockerCfg is not set (#8273)

Signed-off-by: Yuriy Losev <yuriy.losev@flant.com>
deckhouse · Apr 26, 2024 · e0a9d40 · e0a9d40
1 parent 2769a3e
commit e0a9d40
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 16 deletions.
diff --git a/deckhouse-controller/pkg/controller/module-controllers/utils/utils.go b/deckhouse-controller/pkg/controller/module-controllers/utils/utils.go
@@ -25,13 +25,10 @@ const (
 	SyncedPollPeriod = 100 * time.Millisecond
 )
 
-// GenerateRegistryOptions feteches settings from ModuleSource and generate registry options from them
+// GenerateRegistryOptions fetches settings from ModuleSource and generate registry options from them
 func GenerateRegistryOptions(ms *v1alpha1.ModuleSource) []cr.Option {
-	opts := make([]cr.Option, 0)
-	if ms.Spec.Registry.DockerCFG != "" {
-		opts = append(opts, cr.WithAuth(ms.Spec.Registry.DockerCFG))
-	} else {
-		opts = append(opts, cr.WithDisabledAuth())
+	opts := []cr.Option{
+		cr.WithAuth(ms.Spec.Registry.DockerCFG),
 	}
 
 	if ms.Spec.Registry.CA != "" {

diff --git a/go_lib/dependency/cr/cr.go b/go_lib/dependency/cr/cr.go
@@ -261,17 +261,14 @@ func WithInsecureSchema(insecure bool) Option {
 	}
 }
 
-// WithDisabledAuth don't use authConfig
-func WithDisabledAuth() Option {
-	return func(options *registryOptions) {
-		options.withoutAuth = true
-	}
-}
-
 // WithAuth use docker config base64 as authConfig
+// if dockerCfg is empty - will use client without auth
 func WithAuth(dockerCfg string) Option {
 	return func(options *registryOptions) {
 		options.dockerCfg = dockerCfg
+		if dockerCfg == "" {
+			options.withoutAuth = true
+		}
 	}
 }
 

diff --git a/modules/002-deckhouse/hooks/check_deckhouse_release.go b/modules/002-deckhouse/hooks/check_deckhouse_release.go
@@ -577,8 +577,16 @@ func NewDeckhouseReleaseChecker(input *go_hook.HookInput, dc dependency.Containe
 	repo := input.Values.Get("global.modulesImages.registry.base").String() // host/ns/repo
 	dockerCfg := input.Values.Get("global.modulesImages.registry.dockercfg").String()
 	clusterUUID := input.Values.Get("global.discovery.clusterUUID").String()
+
+	opts := []cr.Option{
+		cr.WithCA(getCA(input)),
+		cr.WithInsecureSchema(isHTTP(input)),
+		cr.WithUserAgent(clusterUUID),
+		cr.WithAuth(dockerCfg),
+	}
+
 	// registry.deckhouse.io/deckhouse/ce/release-channel:$release-channel
-	regCli, err := dc.GetRegistryClient(path.Join(repo, "release-channel"), cr.WithAuth(dockerCfg), cr.WithCA(getCA(input)), cr.WithInsecureSchema(isHTTP(input)), cr.WithUserAgent(clusterUUID))
+	regCli, err := dc.GetRegistryClient(path.Join(repo, "release-channel"), opts...)
 	if err != nil {
 		return nil, err
 	}

diff --git a/modules/002-deckhouse/hooks/update_deckhouse_image.go b/modules/002-deckhouse/hooks/update_deckhouse_image.go
@@ -394,7 +394,13 @@ func tagUpdate(input *go_hook.HookInput, dc dependency.Container, deckhousePods
 
 	dockerCfg := input.Values.Get("global.modulesImages.registry.dockercfg").String()
 
-	regClient, err := dc.GetRegistryClient(repo, cr.WithCA(getCA(input)), cr.WithInsecureSchema(isHTTP(input)), cr.WithAuth(dockerCfg))
+	opts := []cr.Option{
+		cr.WithCA(getCA(input)),
+		cr.WithInsecureSchema(isHTTP(input)),
+		cr.WithAuth(dockerCfg),
+	}
+
+	regClient, err := dc.GetRegistryClient(repo, opts...)
 	if err != nil {
 		input.LogEntry.Errorf("Registry (%s) client init failed: %s", repo, err)
 		return nil

diff --git a/modules/500-okmeter/hooks/update_agent_image.go b/modules/500-okmeter/hooks/update_agent_image.go
@@ -46,7 +46,7 @@ func checkRelease(input *go_hook.HookInput, dc dependency.Container) error {
 	if tag == "" {
 		tag = "latest"
 	}
-	regCli, err := dc.GetRegistryClient(repo, cr.WithDisabledAuth())
+	regCli, err := dc.GetRegistryClient(repo, cr.WithAuth(""))
 	if err != nil {
 		return err
 	}