Essentially, this just attempts a docker_client.inspect_image (which downloads just the manifest, not the whole image) on deis pull and that raises an error if it's a private registry and the user didn't add the correct credentials to the app.
I think in the default hephy install, with the on-cluster deis-registry, you can still "steal" other users' source build images by doing deis pull 127.0.0.1:5555/hephy/some-app:git-$githash. But for that to work, you'd need to somehow guess the app name and the correct git hash - I don't think that's very likely. Plus, that stops working if you use a password-protected off-cluster registry for hephy.
resolves https://github.com/teamhephy/workflow/issues/78
Essentially, this just attempts a
docker_client.inspect_image
(which downloads just the manifest, not the whole image) ondeis pull
and that raises an error if it's a private registry and the user didn't add the correct credentials to the app.I think in the default hephy install, with the on-cluster
deis-registry
, you can still "steal" other users' source build images by doingdeis pull 127.0.0.1:5555/hephy/some-app:git-$githash
. But for that to work, you'd need to somehow guess the app name and the correct git hash - I don't think that's very likely. Plus, that stops working if you use a password-protected off-cluster registry for hephy.