Properly handle container registry redirects to fix metadata stored on a S3 backend

The previous behavior would include the Authorization header, which would make fetching an S3 blob fail quietly. Closes #22403 Update sh-fix-container-registry-s3-redirects.yml
author: Stan Hu <stanhu@gmail.com> 2017-05-17 08:51:56 +0300
committer: Stan Hu <stanhu@gmail.com> 2017-05-17 17:04:34 +0300
commit: 831d6f5f777370e4ad424211df24e2f5bd380445 (patch)
tree: dcce3f530fb243875c5091c10e15dc77568b5ebc /lib/container_registry
parent: 39baadbd017a1e36cf95b0ad1a503015bd5e562f (diff)
1 files changed, 10 insertions, 4 deletions
diff --git a/lib/container_registry/client.rb b/lib/container_registry/client.rb
index 7f5f6d9ddb6..c7263f302ab 100644
--- a/lib/container_registry/client.rb
+++ b/lib/container_registry/client.rb
@@ -75,10 +75,7 @@ module ContainerRegistry
     def redirect_response(location)
       return unless location
 
-      # We explicitly remove authorization token
-      faraday_blob.get(location) do |req|
-        req['Authorization'] = ''
-      end
+      faraday_redirect.get(location)
     end
 
     def faraday
@@ -93,5 +90,14 @@ module ContainerRegistry
         initialize_connection(conn, @options)
       end
     end
+
+    # Create a new request to make sure the Authorization header is not inserted
+    # via the Faraday middleware
+    def faraday_redirect
+      @faraday_redirect ||= Faraday.new(@base_uri) do |conn|
+        conn.request :json
+        conn.adapter :net_http
+      end
+    end
   end
 end
author	Stan Hu <stanhu@gmail.com>	2017-05-17 08:51:56 +0300
committer	Stan Hu <stanhu@gmail.com>	2017-05-17 17:04:34 +0300
commit	831d6f5f777370e4ad424211df24e2f5bd380445 (patch)
tree	dcce3f530fb243875c5091c10e15dc77568b5ebc /lib/container_registry
parent	39baadbd017a1e36cf95b0ad1a503015bd5e562f (diff)