File: registry_errors.go

package info (click to toggle)
docker.io 28.5.2%2Bdfsg1-1
  • links: PTS, VCS
  • area: main
  • in suites: experimental
  • size: 69,048 kB
  • sloc: sh: 5,867; makefile: 863; ansic: 184; python: 162; asm: 159
file content (94 lines) | stat: -rw-r--r-- 2,912 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
package containerd

import (
	"context"
	"encoding/json"
	"errors"
	"fmt"
	"net/http"

	"github.com/containerd/containerd/v2/core/remotes/docker"
	remoteerrors "github.com/containerd/containerd/v2/core/remotes/errors"
	cerrdefs "github.com/containerd/errdefs"
	"github.com/containerd/log"
)

func translateRegistryError(ctx context.Context, err error) error {
	// Check for registry specific error
	var derrs docker.Errors
	if !errors.As(err, &derrs) {
		var remoteErr remoteerrors.ErrUnexpectedStatus
		if errors.As(err, &remoteErr) {
			if jerr := json.Unmarshal(remoteErr.Body, &derrs); jerr != nil {
				log.G(ctx).WithError(derrs).Debug("unable to unmarshal registry error")
				return fmt.Errorf("%w: %w", cerrdefs.ErrUnknown, err)
			}
			if len(derrs) == 0 {
				if remoteErr.StatusCode == http.StatusUnauthorized || remoteErr.StatusCode == http.StatusForbidden {
					// Some registries or token servers may use an old deprecated error format
					// which only has a "details" field and not the OCI defined "errors" array.
					var tokenErr struct {
						Details string `json:"details"`
					}
					if jerr := json.Unmarshal(remoteErr.Body, &tokenErr); jerr == nil && tokenErr.Details != "" {
						if remoteErr.StatusCode == http.StatusUnauthorized {
							return cerrdefs.ErrUnauthenticated.WithMessage(fmt.Sprintf("%s - %s", docker.ErrorCodeUnauthorized.Message(), tokenErr.Details))
						}
						return cerrdefs.ErrPermissionDenied.WithMessage(fmt.Sprintf("%s - %s", docker.ErrorCodeDenied.Message(), tokenErr.Details))
					}
				}
			}
		} else {
			var derr docker.Error
			if errors.As(err, &derr) {
				derrs = append(derrs, derr)
			} else {
				return err
			}
		}
	}
	var errs []error
	for _, err := range derrs {
		var derr docker.Error
		if errors.As(err, &derr) {
			var message string

			if derr.Message != "" {
				message = derr.Message
			} else {
				message = derr.Code.Message()
			}

			if detail, ok := derr.Detail.(string); ok {
				message = fmt.Sprintf("%s - %s", message, detail)
			}

			switch derr.Code {
			case docker.ErrorCodeUnsupported:
				err = cerrdefs.ErrNotImplemented.WithMessage(message)
			case docker.ErrorCodeUnauthorized:
				err = cerrdefs.ErrUnauthenticated.WithMessage(message)
			case docker.ErrorCodeDenied:
				err = cerrdefs.ErrPermissionDenied.WithMessage(message)
			case docker.ErrorCodeUnavailable:
				err = cerrdefs.ErrUnavailable.WithMessage(message)
			case docker.ErrorCodeTooManyRequests:
				err = cerrdefs.ErrResourceExhausted.WithMessage(message)
			default:
				err = cerrdefs.ErrUnknown.WithMessage(message)
			}
		} else {
			errs = append(errs, cerrdefs.ErrUnknown.WithMessage(err.Error()))
		}
		errs = append(errs, err)
	}
	switch len(errs) {
	case 0:
		err = cerrdefs.ErrUnknown.WithMessage(err.Error())
	case 1:
		err = errs[0]
	default:
		err = errors.Join(errs...)
	}
	return fmt.Errorf("error from registry: %w", err)
}