Prevent use community registry w/o packages

Signed-off-by: Paolo Di Tommaso <[email protected]>
seqeralabs · Apr 29, 2024 · 24a409d · 24a409d
1 parent 2cd00be
commit 24a409d
Showing 1 changed file with 16 additions and 2 deletions.
diff --git a/src/main/groovy/io/seqera/wave/controller/ContainerController.groovy b/src/main/groovy/io/seqera/wave/controller/ContainerController.groovy
@@ -210,8 +210,6 @@ class ContainerController {
             throw new BadRequestException("Attribute `spackFile` is deprecated - use `packages` instead")
         if( !v2 && req.packages )
             throw new BadRequestException("Attribute `packages` is not allowed")
-        if( !v2 && req.containerFile && req.freeze && (!req.buildRepository || req.buildRepository==buildConfig.defaultPublicRepository) )
-            throw new BadRequestException("Attribute `buildRepository` must be specified when using freeze mode")
         if( !v2 && req.nameStrategy )
             throw new BadRequestException("Attribute `nameStrategy` is not allowed by legacy container endpoint")
 
@@ -221,6 +219,10 @@ class ContainerController {
             req = req.copyWith(containerFile: generated.bytes.encodeBase64().toString())
         }
 
+        // prevent the use of dockerfile file without providing
+        if( req.containerFile && req.freeze && !isCustomRepo0(req.buildRepository))
+            throw new BadRequestException("Attribute `buildRepository` must be specified when using freeze mode")
+
         final ip = addressResolver.resolve(httpRequest)
         final data = makeRequestData(req, identity, ip)
         final token = tokenService.computeToken(data)
@@ -236,6 +238,18 @@ class ContainerController {
         return HttpResponse.ok(resp)
     }
 
+    protected boolean isCustomRepo0(String repo) {
+        if( !repo )
+            return false
+        if( buildConfig.defaultPublicRepository && repo.startsWith(buildConfig.defaultPublicRepository) )
+            return false
+        if( buildConfig.defaultBuildRepository && repo.startsWith(buildConfig.defaultBuildRepository) )
+            return false
+        if( buildConfig.defaultCacheRepository && repo.startsWith(buildConfig.defaultCacheRepository) )
+            return false
+        return true
+    }
+
     protected void storeContainerRequest0(SubmitContainerTokenRequest req, ContainerRequestData data, TokenData token, String target, String ip) {
         try {
             final recrd = new WaveContainerRecord(req, data, target, ip, token.expiration)