Allow Dependency Proxy to pull images more than one level deep
Problem
If you try to pull an image with the Dependency Proxy that is more than one level deep (more than one /
in the image name), a 404 will occur and the image pull will fail. There is no known workaround.
Solution
The regex used to validate the image name should be updated to allow more than one slash.
Proposed regex:
([\w\.-_]+\/){0,4}[\w\.-_]+
Notes
This can be reproduced by pulling an image with more than one slash in it's name:
→ docker pull gdk.test:3001/asdfasdfasdf/dependency_proxy/containers/mcr.microsoft.com/dotnet/sdk:latest
Error response from daemon: error parsing HTTP 404 response body: unexpected end of JSON input: ""
Then looking in the rails logs we see the route is unmatched:
Started GET "/v2/asdfasdfasdf/dependency_proxy/containers/mcr.microsoft.com/dotnet/sdk/manifests/latest" for 172.16.123.1 at 2021-11-17 07:52:28 -0700
Processing by ApplicationController#route_not_found as JSON
Parameters: {"unmatched_route"=>"v2/asdfasdfasdf/dependency_proxy/containers/mcr.microsoft.com/dotnet/sdk/manifests/latest"}
Redirected to http://gdk.test:3001/users/sign_in
Completed 302 Found in 4ms (ActiveRecord: 0.0ms | Elasticsearch: 0.0ms | Allocations: 2376)
Started GET "/users/sign_in" for 172.16.123.1 at 2021-11-17 07:52:28 -0700
Processing by SessionsController#new as JSON
(0.5ms) SELECT COUNT(*) FROM (SELECT 1 AS one FROM "users" LIMIT 2) subquery_for_count /*application:web,correlation_id:01FMQ651JZKF10DPCYTWK6JVFF,db_config_name:main,line:/app/controllers/sessions_controller.rb:182:in `check_initial_setup'*/
↳ app/controllers/sessions_controller.rb:182:in `check_initial_setup'
Completed 404 Not Found in 9ms (ActiveRecord: 0.5ms | Elasticsearch: 0.0ms | Allocations: 3647)
The route itself matches, but there is a constraint on the image param, evaluating it against a regex, which causes the match to fail.
Edited by Steve Abrams