From 24a409dec6b27a629bf941fcd4b40e9903100844 Mon Sep 17 00:00:00 2001 From: Paolo Di Tommaso Date: Tue, 30 Apr 2024 00:09:31 +0200 Subject: [PATCH] Prevent use community registry w/o packages Signed-off-by: Paolo Di Tommaso --- .../wave/controller/ContainerController.groovy | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/src/main/groovy/io/seqera/wave/controller/ContainerController.groovy b/src/main/groovy/io/seqera/wave/controller/ContainerController.groovy index a6983ce65..b8618c146 100644 --- a/src/main/groovy/io/seqera/wave/controller/ContainerController.groovy +++ b/src/main/groovy/io/seqera/wave/controller/ContainerController.groovy @@ -210,8 +210,6 @@ class ContainerController { throw new BadRequestException("Attribute `spackFile` is deprecated - use `packages` instead") if( !v2 && req.packages ) throw new BadRequestException("Attribute `packages` is not allowed") - if( !v2 && req.containerFile && req.freeze && (!req.buildRepository || req.buildRepository==buildConfig.defaultPublicRepository) ) - throw new BadRequestException("Attribute `buildRepository` must be specified when using freeze mode") if( !v2 && req.nameStrategy ) throw new BadRequestException("Attribute `nameStrategy` is not allowed by legacy container endpoint") @@ -221,6 +219,10 @@ class ContainerController { req = req.copyWith(containerFile: generated.bytes.encodeBase64().toString()) } + // prevent the use of dockerfile file without providing + if( req.containerFile && req.freeze && !isCustomRepo0(req.buildRepository)) + throw new BadRequestException("Attribute `buildRepository` must be specified when using freeze mode") + final ip = addressResolver.resolve(httpRequest) final data = makeRequestData(req, identity, ip) final token = tokenService.computeToken(data) @@ -236,6 +238,18 @@ class ContainerController { return HttpResponse.ok(resp) } + protected boolean isCustomRepo0(String repo) { + if( !repo ) + return false + if( buildConfig.defaultPublicRepository && repo.startsWith(buildConfig.defaultPublicRepository) ) + return false + if( buildConfig.defaultBuildRepository && repo.startsWith(buildConfig.defaultBuildRepository) ) + return false + if( buildConfig.defaultCacheRepository && repo.startsWith(buildConfig.defaultCacheRepository) ) + return false + return true + } + protected void storeContainerRequest0(SubmitContainerTokenRequest req, ContainerRequestData data, TokenData token, String target, String ip) { try { final recrd = new WaveContainerRecord(req, data, target, ip, token.expiration)