Merge pull request #20241 from aaronlehmann/fallback-on-no-auth-credentials

Fall back to V1 when there are no basic auth credentials

distribution/pull_v2.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
+	"net/url"
 	"os"
 	"runtime"
 
@@ -17,6 +18,7 @@ import (
 	"github.com/docker/distribution/manifest/schema2"
 	"github.com/docker/distribution/registry/api/errcode"
 	"github.com/docker/distribution/registry/client"
+	"github.com/docker/distribution/registry/client/auth"
 	"github.com/docker/distribution/registry/client/transport"
 	"github.com/docker/docker/distribution/metadata"
 	"github.com/docker/docker/distribution/xfer"
@@ -710,6 +712,10 @@ func allowV1Fallback(err error) error {
 		if registry.ShouldV2Fallback(v) {
 			return fallbackError{err: err, confirmedV2: false}
 		}
+	case *url.Error:
+		if v.Err == auth.ErrNoBasicAuthCredentials {
+			return fallbackError{err: err, confirmedV2: false}
+		}
 	}
 
 	return err

hack/vendor.sh

@@ -48,7 +48,7 @@ clone git github.com/boltdb/bolt v1.1.0
 clone git github.com/miekg/dns 75e6e86cc601825c5dbcd4e0c209eab180997cd7
 
 # get graph and distribution packages
-clone git github.com/docker/distribution 77534e734063a203981df7024fe8ca9228b86930
+clone git github.com/docker/distribution 7b66c50bb7e0e4b3b83f8fd134a9f6ea4be08b57
 clone git github.com/vbatts/tar-split v0.9.11
 
 # get desired notary commit, might also need to be updated in Dockerfile

vendor/src/github.com/docker/distribution/context/doc.go

@@ -1,6 +1,6 @@
 // Package context provides several utilities for working with
 // golang.org/x/net/context in http requests. Primarily, the focus is on
-// logging relevent request information but this package is not limited to
+// logging relevant request information but this package is not limited to
 // that purpose.
 //
 // The easiest way to get started is to get the background context:

vendor/src/github.com/docker/distribution/context/trace.go

@@ -10,7 +10,7 @@ import (
 // WithTrace allocates a traced timing span in a new context. This allows a
 // caller to track the time between calling WithTrace and the returned done
 // function. When the done function is called, a log message is emitted with a
-// "trace.duration" field, corresponding to the elapased time and a
+// "trace.duration" field, corresponding to the elapsed time and a
 // "trace.func" field, corresponding to the function that called WithTrace.
 //
 // The logging keys "trace.id" and "trace.parent.id" are provided to implement

vendor/src/github.com/docker/distribution/digest/set.go

@@ -22,7 +22,7 @@ var (
 // may be easily referenced by easily  referenced by a string
 // representation of the digest as well as short representation.
 // The uniqueness of the short representation is based on other
-// digests in the set. If digests are ommited from this set,
+// digests in the set. If digests are omitted from this set,
 // collisions in a larger set may not be detected, therefore it
 // is important to always do short representation lookups on
 // the complete set of digests. To mitigate collisions, an

vendor/src/github.com/docker/distribution/manifest/schema1/manifest.go

@@ -102,7 +102,7 @@ type SignedManifest struct {
 	Canonical []byte `json:"-"`
 
 	// all contains the byte representation of the Manifest including signatures
-	// and is retuend by Payload()
+	// and is returned by Payload()
 	all []byte
 }
 

vendor/src/github.com/docker/distribution/reference/regexp.go

@@ -49,7 +49,7 @@ var (
 
 	// NameRegexp is the format for the name component of references. The
 	// regexp has capturing groups for the hostname and name part omitting
-	// the seperating forward slash from either.
+	// the separating forward slash from either.
 	NameRegexp = expression(
 		optional(hostnameRegexp, literal(`/`)),
 		nameComponentRegexp,

vendor/src/github.com/docker/distribution/registry/api/v2/descriptors.go

@@ -271,7 +271,7 @@ type MethodDescriptor struct {
 // RequestDescriptor per API use case.
 type RequestDescriptor struct {
 	// Name provides a short identifier for the request, usable as a title or
-	// to provide quick context for the particalar request.
+	// to provide quick context for the particular request.
 	Name string
 
 	// Description should cover the requests purpose, covering any details for
@@ -303,14 +303,14 @@ type RequestDescriptor struct {
 // ResponseDescriptor describes the components of an API response.
 type ResponseDescriptor struct {
 	// Name provides a short identifier for the response, usable as a title or
-	// to provide quick context for the particalar response.
+	// to provide quick context for the particular response.
 	Name string
 
 	// Description should provide a brief overview of the role of the
 	// response.
 	Description string
 
-	// StatusCode specifies the status recieved by this particular response.
+	// StatusCode specifies the status received by this particular response.
 	StatusCode int
 
 	// Headers covers any headers that may be returned from the response.

vendor/src/github.com/docker/distribution/registry/api/v2/errors.go

@@ -84,7 +84,7 @@ var (
 	})
 
 	// ErrorCodeManifestUnverified is returned when the manifest fails
-	// signature verfication.
+	// signature verification.
 	ErrorCodeManifestUnverified = errcode.Register(errGroup, errcode.ErrorDescriptor{
 		Value:   "MANIFEST_UNVERIFIED",
 		Message: "manifest failed signature verification",

vendor/src/github.com/docker/distribution/registry/client/auth/session.go

@@ -15,6 +15,10 @@ import (
 	"github.com/docker/distribution/registry/client/transport"
 )
 
+// ErrNoBasicAuthCredentials is returned if a request can't be authorized with
+// basic auth due to lack of credentials.
+var ErrNoBasicAuthCredentials = errors.New("no basic auth credentials")
+
 // AuthenticationHandler is an interface for authorizing a request from
 // params from a "WWW-Authenicate" header for a single scheme.
 type AuthenticationHandler interface {
@@ -322,5 +326,5 @@ func (bh *basicHandler) AuthorizeRequest(req *http.Request, params map[string]st
 			return nil
 		}
 	}
-	return errors.New("no basic auth credentials")
+	return ErrNoBasicAuthCredentials
 }