diff --git a/internal/fakes/fake_access_checker.go b/internal/fakes/fake_access_checker.go index 9912df97dc..c4d731774f 100644 --- a/internal/fakes/fake_access_checker.go +++ b/internal/fakes/fake_access_checker.go @@ -8,7 +8,10 @@ func NewFakeAccessChecker() *FakeAccessChecker { return &FakeAccessChecker{} } -func (f *FakeAccessChecker) Check(repo string) bool { +func (f *FakeAccessChecker) Check(repo string, publish bool) bool { + if !publish { + return true + } for _, toFail := range f.RegistriesToFail { if toFail == repo { return false diff --git a/pkg/client/client.go b/pkg/client/client.go index d034851fc6..d46ccb2d2b 100644 --- a/pkg/client/client.go +++ b/pkg/client/client.go @@ -84,7 +84,7 @@ type BuildpackDownloader interface { // AccessChecker is an interface for checking remote images for read access type AccessChecker interface { - Check(repo string) bool + Check(repo string, publish bool) bool } // Client is an orchestration object, it contains all parameters needed to diff --git a/pkg/client/common.go b/pkg/client/common.go index d3c67d882b..ff824c5d3e 100644 --- a/pkg/client/common.go +++ b/pkg/client/common.go @@ -44,6 +44,7 @@ func (c *Client) resolveRunImage(runImage, imgRegistry, bldrRegistry string, run runImageMetadata.Image, runImageMetadata.Mirrors, additionalMirrors[runImageMetadata.Image], + publish, accessChecker, ) @@ -108,8 +109,8 @@ func contains(slc []string, v string) bool { return false } -func getBestRunMirror(registry string, runImage string, mirrors []string, preferredMirrors []string, accessChecker AccessChecker) string { - runImageList := filterImageList(append(append(append([]string{}, preferredMirrors...), runImage), mirrors...), accessChecker) +func getBestRunMirror(registry string, runImage string, mirrors []string, preferredMirrors []string, publish bool, accessChecker AccessChecker) string { + runImageList := filterImageList(append(append(append([]string{}, preferredMirrors...), runImage), mirrors...), publish, accessChecker) for _, img := range runImageList { ref, err := name.ParseReference(img, name.WeakValidation) if err != nil { @@ -127,11 +128,11 @@ func getBestRunMirror(registry string, runImage string, mirrors []string, prefer return runImage } -func filterImageList(imageList []string, accessChecker AccessChecker) []string { +func filterImageList(imageList []string, publish bool, accessChecker AccessChecker) []string { var accessibleImages []string for i, img := range imageList { - if accessChecker.Check(img) { + if accessChecker.Check(img, publish) { accessibleImages = append(accessibleImages, imageList[i]) } } diff --git a/pkg/client/common_test.go b/pkg/client/common_test.go index 76138b5678..e610020760 100644 --- a/pkg/client/common_test.go +++ b/pkg/client/common_test.go @@ -131,9 +131,30 @@ func testCommon(t *testing.T, when spec.G, it spec.S) { accessChecker.RegistriesToFail = nil }) - it("selects the first accessible run-image", func() { - runImageName := subject.resolveRunImage("", gcrRegistry, defaultRegistry, stackInfo.RunImage, nil, true, accessChecker) - assert.Equal(runImageName, defaultMirror) + when("publish is true", func() { + it("selects the first accessible run-image", func() { + runImageName := subject.resolveRunImage("", gcrRegistry, defaultRegistry, stackInfo.RunImage, nil, true, accessChecker) + assert.Equal(runImageName, defaultMirror) + }) + }) + + when("publish is false", func() { + it.Before(func() { + stackInfo = builder.StackMetadata{ + RunImage: builder.RunImageMetadata{ + Image: "stack/run-image", + }, + } + accessChecker.RegistriesToFail = []string{ + stackInfo.RunImage.Image, + } + }) + + it("selects the given run-image", func() { + // issue: https://github.com/buildpacks/pack/issues/2078 + runImageName := subject.resolveRunImage("", "", "", stackInfo.RunImage, nil, false, accessChecker) + assert.Equal(runImageName, "stack/run-image") + }) }) }) }) diff --git a/pkg/image/access_checker.go b/pkg/image/access_checker.go index bc9ae55cd0..50401a104f 100644 --- a/pkg/image/access_checker.go +++ b/pkg/image/access_checker.go @@ -25,7 +25,12 @@ func NewAccessChecker(logger logging.Logger, keychain authn.Keychain) *Checker { return checker } -func (c *Checker) Check(repo string) bool { +func (c *Checker) Check(repo string, publish bool) bool { + if !publish { + // nop checker, we are running against the daemon + return true + } + img, err := remote.NewImage(repo, c.keychain) if err != nil { return false diff --git a/pkg/image/access_checker_test.go b/pkg/image/access_checker_test.go index 9b1bf3ebd6..567f4eb41f 100644 --- a/pkg/image/access_checker_test.go +++ b/pkg/image/access_checker_test.go @@ -19,16 +19,31 @@ func TestChecker(t *testing.T) { func testChecker(t *testing.T, when spec.G, it spec.S) { when("#Check", func() { - it("fails when checking dummy image", func() { - buf := &bytes.Buffer{} + when("publish is false", func() { + // issue: https://github.com/buildpacks/pack/issues/2078 + it("returns true", func() { + buf := &bytes.Buffer{} - keychain, err := auth.DefaultKeychain("pack.test/dummy") - h.AssertNil(t, err) + keychain, err := auth.DefaultKeychain("pack-test/dummy") + h.AssertNil(t, err) - ic := image.NewAccessChecker(logging.NewSimpleLogger(buf), keychain) + ic := image.NewAccessChecker(logging.NewSimpleLogger(buf), keychain) + h.AssertTrue(t, ic.Check("pack.test/dummy", false)) + }) + }) + + when("publish is true", func() { + it("fails when checking dummy image", func() { + buf := &bytes.Buffer{} + + keychain, err := auth.DefaultKeychain("pack.test/dummy") + h.AssertNil(t, err) + + ic := image.NewAccessChecker(logging.NewSimpleLogger(buf), keychain) - h.AssertFalse(t, ic.Check("pack.test/dummy")) - h.AssertContains(t, buf.String(), "DEBUG: CheckReadAccess failed for the run image pack.test/dummy") + h.AssertFalse(t, ic.Check("pack.test/dummy", true)) + h.AssertContains(t, buf.String(), "DEBUG: CheckReadAccess failed for the run image pack.test/dummy") + }) }) }) }