This repository was archived by the owner on Mar 16, 2024. It is now read-only.
Prevent Acorn from assuming Docker Hub for auto-upgrade apps with no specified registry (#1427) #1823
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
g-linville
requested review from
StrongMonkey,
iwilltry42,
njhale,
thedadams and
tylerslaton
thedadams
reviewed
Jun 23, 2023
cjellick
reviewed
Jun 23, 2023
Signed-off-by: Grant Linville <grant@acorn.io>
Signed-off-by: Grant Linville <grant@acorn.io>
Signed-off-by: Grant Linville <grant@acorn.io>
Signed-off-by: Grant Linville <grant@acorn.io>
Signed-off-by: Grant Linville <grant@acorn.io>
Signed-off-by: Grant Linville <grant@acorn.io>
g-linville
force-pushed
the
autoupgrade-better-error
branch
from
c8ddc80 to
c67f3bd
Compare
cjellick
approved these changes
Jun 26, 2023
thedadams
approved these changes
Jun 26, 2023
cloudnautique
pushed a commit
to cloudnautique/runtime
that referenced
this pull request
Sep 28, 2023
…specified registry (acorn-io#1427) (acorn-io#1823) Signed-off-by: Grant Linville <grant@acorn.io>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
for #1427
This change ensures that apps with auto-upgrade enabled will never implicitly pull images from Docker Hub.
This is important in order to avoid dependency confusion. Since auto-upgrade apps, unlike normal apps, will give priority to remote images when resolving, it would be possible for an attacker to create a public image that matches the name of a private, local-only image, and Acorn would pick it up and auto-upgrade to that. This PR prevents that from being possible.
Unfortunately, there were three separate areas where I had to implement this logic:
I wrote tests (two unit, one integration) to check for this logic in all three places.
Currently, prior to this PR, it is possible for auto-upgrade apps to implicitly use Docker Hub as long as they aren't using a tag pattern (e.g.
acorn run -n nginx grantlinville/nginx:latestworks and uses my image from Docker Hub). This will no longer work as soon as this is merged. For running apps that are like this, they will continue to run, but there will be an error in their status until their image is updated usingacorn update(or until a local image that matches the auto-upgrade is built).Checklist
This is a title (#1216). Here's an example