don't check image access on ecr or gcr

teamhephy · May 31, 2019 · b4f82aa · b4f82aa
1 parent 6dd5e91
commit b4f82aa
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/rootfs/api/models/app.py b/rootfs/api/models/app.py
@@ -524,10 +524,11 @@ def deploy(self, release, force_deploy=False, rollback_on_failure=True):  # noqa
             self.set_application_config(release)
             # only buildpack apps need access to object storage
             # only docker apps need check access to the image, so users can't exploit the k8s
+            # unless global ecr or gcr registry is in use
             # image cache to gain access to other users' images
             if release.build.type == 'buildpack':
                 self.create_object_store_secret()
-            else:
+            elif settings.REGISTRY_LOCATION !='ecr' and settings.REGISTRY_LOCATION !='gcr':
                 release.check_image_access()
 
             # gather all proc types to be deployed