From e0a9d40038c2bf0602ca88effeeea04ef9f23127 Mon Sep 17 00:00:00 2001
From: Yuriy Losev <yuriy.losev@flant.com>
Date: Fri, 26 Apr 2024 11:23:01 +0400
Subject: [PATCH] Use docker client without auth if dockerCfg is not set
 (#8273)

Signed-off-by: Yuriy Losev <yuriy.losev@flant.com>
---
 .../pkg/controller/module-controllers/utils/utils.go  |  9 +++------
 go_lib/dependency/cr/cr.go                            | 11 ++++-------
 .../002-deckhouse/hooks/check_deckhouse_release.go    | 10 +++++++++-
 modules/002-deckhouse/hooks/update_deckhouse_image.go |  8 +++++++-
 modules/500-okmeter/hooks/update_agent_image.go       |  2 +-
 5 files changed, 24 insertions(+), 16 deletions(-)

diff --git a/deckhouse-controller/pkg/controller/module-controllers/utils/utils.go b/deckhouse-controller/pkg/controller/module-controllers/utils/utils.go
index 2c1588d357..b2b230c82c 100644
--- a/deckhouse-controller/pkg/controller/module-controllers/utils/utils.go
+++ b/deckhouse-controller/pkg/controller/module-controllers/utils/utils.go
@@ -25,13 +25,10 @@ const (
 	SyncedPollPeriod = 100 * time.Millisecond
 )
 
-// GenerateRegistryOptions feteches settings from ModuleSource and generate registry options from them
+// GenerateRegistryOptions fetches settings from ModuleSource and generate registry options from them
 func GenerateRegistryOptions(ms *v1alpha1.ModuleSource) []cr.Option {
-	opts := make([]cr.Option, 0)
-	if ms.Spec.Registry.DockerCFG != "" {
-		opts = append(opts, cr.WithAuth(ms.Spec.Registry.DockerCFG))
-	} else {
-		opts = append(opts, cr.WithDisabledAuth())
+	opts := []cr.Option{
+		cr.WithAuth(ms.Spec.Registry.DockerCFG),
 	}
 
 	if ms.Spec.Registry.CA != "" {
diff --git a/go_lib/dependency/cr/cr.go b/go_lib/dependency/cr/cr.go
index d719d58f2b..c36e791b9c 100644
--- a/go_lib/dependency/cr/cr.go
+++ b/go_lib/dependency/cr/cr.go
@@ -261,17 +261,14 @@ func WithInsecureSchema(insecure bool) Option {
 	}
 }
 
-// WithDisabledAuth don't use authConfig
-func WithDisabledAuth() Option {
-	return func(options *registryOptions) {
-		options.withoutAuth = true
-	}
-}
-
 // WithAuth use docker config base64 as authConfig
+// if dockerCfg is empty - will use client without auth
 func WithAuth(dockerCfg string) Option {
 	return func(options *registryOptions) {
 		options.dockerCfg = dockerCfg
+		if dockerCfg == "" {
+			options.withoutAuth = true
+		}
 	}
 }
 
diff --git a/modules/002-deckhouse/hooks/check_deckhouse_release.go b/modules/002-deckhouse/hooks/check_deckhouse_release.go
index c815bf9c4b..125111f778 100644
--- a/modules/002-deckhouse/hooks/check_deckhouse_release.go
+++ b/modules/002-deckhouse/hooks/check_deckhouse_release.go
@@ -577,8 +577,16 @@ func NewDeckhouseReleaseChecker(input *go_hook.HookInput, dc dependency.Containe
 	repo := input.Values.Get("global.modulesImages.registry.base").String() // host/ns/repo
 	dockerCfg := input.Values.Get("global.modulesImages.registry.dockercfg").String()
 	clusterUUID := input.Values.Get("global.discovery.clusterUUID").String()
+
+	opts := []cr.Option{
+		cr.WithCA(getCA(input)),
+		cr.WithInsecureSchema(isHTTP(input)),
+		cr.WithUserAgent(clusterUUID),
+		cr.WithAuth(dockerCfg),
+	}
+
 	// registry.deckhouse.io/deckhouse/ce/release-channel:$release-channel
-	regCli, err := dc.GetRegistryClient(path.Join(repo, "release-channel"), cr.WithAuth(dockerCfg), cr.WithCA(getCA(input)), cr.WithInsecureSchema(isHTTP(input)), cr.WithUserAgent(clusterUUID))
+	regCli, err := dc.GetRegistryClient(path.Join(repo, "release-channel"), opts...)
 	if err != nil {
 		return nil, err
 	}
diff --git a/modules/002-deckhouse/hooks/update_deckhouse_image.go b/modules/002-deckhouse/hooks/update_deckhouse_image.go
index d8ad64f208..ee5dd6789b 100644
--- a/modules/002-deckhouse/hooks/update_deckhouse_image.go
+++ b/modules/002-deckhouse/hooks/update_deckhouse_image.go
@@ -394,7 +394,13 @@ func tagUpdate(input *go_hook.HookInput, dc dependency.Container, deckhousePods
 
 	dockerCfg := input.Values.Get("global.modulesImages.registry.dockercfg").String()
 
-	regClient, err := dc.GetRegistryClient(repo, cr.WithCA(getCA(input)), cr.WithInsecureSchema(isHTTP(input)), cr.WithAuth(dockerCfg))
+	opts := []cr.Option{
+		cr.WithCA(getCA(input)),
+		cr.WithInsecureSchema(isHTTP(input)),
+		cr.WithAuth(dockerCfg),
+	}
+
+	regClient, err := dc.GetRegistryClient(repo, opts...)
 	if err != nil {
 		input.LogEntry.Errorf("Registry (%s) client init failed: %s", repo, err)
 		return nil
diff --git a/modules/500-okmeter/hooks/update_agent_image.go b/modules/500-okmeter/hooks/update_agent_image.go
index 3a10316df8..1f527c2fa2 100644
--- a/modules/500-okmeter/hooks/update_agent_image.go
+++ b/modules/500-okmeter/hooks/update_agent_image.go
@@ -46,7 +46,7 @@ func checkRelease(input *go_hook.HookInput, dc dependency.Container) error {
 	if tag == "" {
 		tag = "latest"
 	}
-	regCli, err := dc.GetRegistryClient(repo, cr.WithDisabledAuth())
+	regCli, err := dc.GetRegistryClient(repo, cr.WithAuth(""))
 	if err != nil {
 		return err
 	}