fix(storage): handle dedupe disabled in GetAllDedupeReposCandidates() (#2533)

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2024-12-16 21:56:37 -05:00 · 2024-07-09 15:33:11 +03:00 · 2024-07-09 15:33:11 +03:00 · 1c2736d970
commit 1c2736d970
parent aaee0220e4
3 changed files with 21 additions and 9 deletions
--- a/pkg/api/config/config.go
+++ b/pkg/api/config/config.go
@ -340,6 +340,10 @@ func (c *Config) IsLdapAuthEnabled() bool {
 	return false
 }

+func (c *Config) IsAuthzEnabled() bool {
+	return c.HTTP.AccessControl != nil
+}
+
 func (c *Config) IsMTLSAuthEnabled() bool {
 	if c.HTTP.TLS != nil &&
 		c.HTTP.TLS.Key != "" &&
--- a/pkg/api/routes.go
+++ b/pkg/api/routes.go
@ -879,13 +879,11 @@ func canMount(userAc *reqCtx.UserAccessControl, imgStore storageTypes.ImageStore
 ) (bool, error) {
 	canMount := true

-	// authz enabled
 	if userAc != nil {
 		canMount = false

 		repos, err := imgStore.GetAllDedupeReposCandidates(digest)
 		if err != nil {
-			// first write
 			return false, err
 		}

@ -943,9 +941,12 @@ func (rh *RouteHandler) CheckBlob(response http.ResponseWriter, request *http.Re
 		return
 	}

-	userCanMount, err := canMount(userAc, imgStore, digest)
-	if err != nil {
-		rh.c.Log.Error().Err(err).Msg("unexpected error")
+	userCanMount := true
+	if rh.c.Config.IsAuthzEnabled() {
+		userCanMount, err = canMount(userAc, imgStore, digest)
+		if err != nil {
+			rh.c.Log.Error().Err(err).Msg("unexpected error")
+		}
 	}

 	var blen int64
@ -963,7 +964,7 @@ func (rh *RouteHandler) CheckBlob(response http.ResponseWriter, request *http.Re

 	if err != nil {
 		details := zerr.GetDetails(err)
-		if errors.Is(err, zerr.ErrBadBlobDigest) { //nolint:gocritic // errorslint conflicts with gocritic:IfElseChain
+		if errors.Is(err, zerr.ErrBadBlobDigest) { //nolint:gocritic,dupl // errorslint conflicts with gocritic:IfElseChain
 			details["digest"] = digest.String()
 			e := apiErr.NewError(apiErr.DIGEST_INVALID).AddDetail(details)
 			zcommon.WriteJSON(response, http.StatusBadRequest, apiErr.NewErrorList(e))
@ -1254,9 +1255,12 @@ func (rh *RouteHandler) CreateBlobUpload(response http.ResponseWriter, request *
 			return
 		}

-		userCanMount, err := canMount(userAc, imgStore, mountDigest)
-		if err != nil {
-			rh.c.Log.Error().Err(err).Msg("unexpected error")
+		userCanMount := true
+		if rh.c.Config.IsAuthzEnabled() {
+			userCanMount, err = canMount(userAc, imgStore, mountDigest)
+			if err != nil {
+				rh.c.Log.Error().Err(err).Msg("unexpected error")
+			}
 		}

 		// zot does not support cross mounting directly and do a workaround creating using hard link.
--- a/pkg/storage/imagestore/imagestore.go
+++ b/pkg/storage/imagestore/imagestore.go
@ -1121,6 +1121,10 @@ func (is *ImageStore) GetAllDedupeReposCandidates(digest godigest.Digest) ([]str
 		return nil, err
 	}

+	if is.cache == nil {
+		return nil, nil
+	}
+
 	is.RLock(&lockLatency)
 	defer is.RUnlock(&lockLatency)