registry/errors: Parse http forbidden as denied

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com> (cherry picked from commit 5f1df02) Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
distribution · May 11, 2023 · 483ad69 · 483ad69
1 parent 320d6a1
commit 483ad69
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 0 deletions.
diff --git a/registry/client/errors.go b/registry/client/errors.go
@@ -55,6 +55,8 @@ func parseHTTPErrorResponse(statusCode int, r io.Reader) error {
  switch statusCode {
  case http.StatusUnauthorized:
  return errcode.ErrorCodeUnauthorized.WithMessage(detailsErr.Details)
+ case http.StatusForbidden:
+ return errcode.ErrorCodeDenied.WithMessage(detailsErr.Details)
  case http.StatusTooManyRequests:
  return errcode.ErrorCodeTooManyRequests.WithMessage(detailsErr.Details)
  default:

diff --git a/registry/client/errors_test.go b/registry/client/errors_test.go
@@ -102,3 +102,18 @@ func TestHandleErrorResponseUnexpectedStatusCode501(t *testing.T) {
  t.Errorf("Expected \"%s\", got: \"%s\"", expectedMsg, err.Error())
  }
 }
+
+func TestHandleErrorResponseInsufficientPrivileges403(t *testing.T) {
+ json := `{"details":"requesting higher privileges than access token allows"}`
+ response := &http.Response{
+ Status: "403 Forbidden",
+ StatusCode: 403,
+ Body: nopCloser{bytes.NewBufferString(json)},
+ }
+ err := HandleErrorResponse(response)
+
+ expectedMsg := "denied: requesting higher privileges than access token allows"
+ if !strings.Contains(err.Error(), expectedMsg) {
+ t.Errorf("Expected \"%s\", got: \"%s\"", expectedMsg, err.Error())
+ }
+}