registry: use the privileged client to get signatures

openshift · Sep 15, 2017 · 5606ec5 · 5606ec5
1 parent 3fddedc
commit 5606ec5
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/pkg/dockerregistry/server/auth.go b/pkg/dockerregistry/server/auth.go
@@ -353,6 +353,8 @@ func (ac *AccessController) Authorized(ctx context.Context, accessRecords ...reg
 				if err := verifyImageSignatureAccess(ctx, namespace, name, osClient); err != nil {
 					return nil, ac.wrapErr(ctx, err)
 				}
+			default:
+				return nil, ac.wrapErr(ctx, ErrUnsupportedAction)
 			}
 
 		case "metrics":

diff --git a/pkg/dockerregistry/server/signaturedispatcher.go b/pkg/dockerregistry/server/signaturedispatcher.go
@@ -142,9 +142,9 @@ func (s *signatureHandler) Get(w http.ResponseWriter, req *http.Request) {
 		s.handleError(s.ctx, v2.ErrorCodeNameInvalid.WithDetail("missing image name or image ID"), w)
 		return
 	}
-	client, ok := userClientFrom(s.ctx)
-	if !ok {
-		s.handleError(s.ctx, errcode.ErrorCodeUnknown.WithDetail("unable to get origin client"), w)
+	client, err := RegistryClientFrom(s.ctx).Client()
+	if err != nil {
+		s.handleError(s.ctx, errcode.ErrorCodeUnknown.WithDetail(fmt.Sprintf("unable to get origin client: %v", err)), w)
 		return
 	}