From 0ba820ed0b4a448ad6de2590c75686dd66274a4c Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Wed, 15 Mar 2023 16:21:02 +0100
Subject: [PATCH] cli/trust: remove special handling for "plugin" Class

This code depended on the registry Service interface, which has been removed,
so needed to be refactored. Digging further into the reason this code existed,
it looked like the Class=plugin was previously required on Docker Hub to handle
plugins, but this requirement is no longer there, so we can remove this special
handling.

This patch removes the special handling to both remove the use of the registry.Service
interface, as well as removing complexity that is no longer needed.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 cli/command/container/create.go    |  2 +-
 cli/command/image/build.go         |  2 +-
 cli/command/image/pull.go          |  2 +-
 cli/command/image/trust.go         |  6 +++---
 cli/command/plugin/install.go      | 27 +--------------------------
 cli/command/plugin/push.go         |  1 -
 cli/command/trust/common.go        |  2 +-
 cli/command/trust/revoke.go        |  2 +-
 cli/command/trust/sign.go          |  2 +-
 cli/command/trust/signer_add.go    |  2 +-
 cli/command/trust/signer_remove.go |  2 +-
 cli/trust/trust.go                 | 12 +++---------
 12 files changed, 15 insertions(+), 47 deletions(-)

diff --git a/cli/command/container/create.go b/cli/command/container/create.go
index c5aa71ae291a..119a846089d5 100644
--- a/cli/command/container/create.go
+++ b/cli/command/container/create.go
@@ -227,7 +227,7 @@ func createContainer(ctx context.Context, dockerCli command.Cli, containerConfig
 
 		if taggedRef, ok := namedRef.(reference.NamedTagged); ok && !opts.untrusted {
 			var err error
-			trustedRef, err = image.TrustedReference(ctx, dockerCli, taggedRef, nil)
+			trustedRef, err = image.TrustedReference(ctx, dockerCli, taggedRef)
 			if err != nil {
 				return nil, err
 			}
diff --git a/cli/command/image/build.go b/cli/command/image/build.go
index 771f61ec66f0..7012f60867bc 100644
--- a/cli/command/image/build.go
+++ b/cli/command/image/build.go
@@ -279,7 +279,7 @@ func runBuild(dockerCli command.Cli, options buildOptions) error {
 	var resolvedTags []*resolvedTag
 	if !options.untrusted {
 		translator := func(ctx context.Context, ref reference.NamedTagged) (reference.Canonical, error) {
-			return TrustedReference(ctx, dockerCli, ref, nil)
+			return TrustedReference(ctx, dockerCli, ref)
 		}
 		// if there is a tar wrapper, the dockerfile needs to be replaced inside it
 		if buildCtx != nil {
diff --git a/cli/command/image/pull.go b/cli/command/image/pull.go
index 1494c1d64cf5..bfb682f5d190 100644
--- a/cli/command/image/pull.go
+++ b/cli/command/image/pull.go
@@ -69,7 +69,7 @@ func RunPull(cli command.Cli, opts PullOptions) error {
 	}
 
 	ctx := context.Background()
-	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, AuthResolver(cli), distributionRef.String())
+	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, AuthResolver(cli), distributionRef.String())
 	if err != nil {
 		return err
 	}
diff --git a/cli/command/image/trust.go b/cli/command/image/trust.go
index fad29def4c02..91e0b674778f 100644
--- a/cli/command/image/trust.go
+++ b/cli/command/image/trust.go
@@ -186,7 +186,7 @@ func trustedPull(ctx context.Context, cli command.Cli, imgRefAndAuth trust.Image
 		if err != nil {
 			return err
 		}
-		updatedImgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, AuthResolver(cli), trustedRef.String())
+		updatedImgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, AuthResolver(cli), trustedRef.String())
 		if err != nil {
 			return err
 		}
@@ -289,8 +289,8 @@ func imagePullPrivileged(ctx context.Context, cli command.Cli, imgRefAndAuth tru
 }
 
 // TrustedReference returns the canonical trusted reference for an image reference
-func TrustedReference(ctx context.Context, cli command.Cli, ref reference.NamedTagged, rs registry.Service) (reference.Canonical, error) {
-	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, rs, AuthResolver(cli), ref.String())
+func TrustedReference(ctx context.Context, cli command.Cli, ref reference.NamedTagged) (reference.Canonical, error) {
+	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, AuthResolver(cli), ref.String())
 	if err != nil {
 		return nil, err
 	}
diff --git a/cli/command/plugin/install.go b/cli/command/plugin/install.go
index 9a9e443b40b0..d178f19cfeca 100644
--- a/cli/command/plugin/install.go
+++ b/cli/command/plugin/install.go
@@ -54,26 +54,6 @@ func newInstallCommand(dockerCli command.Cli) *cobra.Command {
 	return cmd
 }
 
-type pluginRegistryService struct {
-	registry.Service
-}
-
-func (s pluginRegistryService) ResolveRepository(name reference.Named) (*registry.RepositoryInfo, error) {
-	repoInfo, err := s.Service.ResolveRepository(name)
-	if repoInfo != nil {
-		repoInfo.Class = "plugin"
-	}
-	return repoInfo, err
-}
-
-func newRegistryService() (registry.Service, error) {
-	svc, err := registry.NewService(registry.ServiceOptions{})
-	if err != nil {
-		return nil, err
-	}
-	return pluginRegistryService{Service: svc}, nil
-}
-
 func buildPullConfig(ctx context.Context, dockerCli command.Cli, opts pluginOptions, cmdName string) (types.PluginInstallOptions, error) {
 	// Names with both tag and digest will be treated by the daemon
 	// as a pull by digest with a local name for the tag
@@ -98,12 +78,7 @@ func buildPullConfig(ctx context.Context, dockerCli command.Cli, opts pluginOpti
 			return types.PluginInstallOptions{}, errors.Errorf("invalid name: %s", ref.String())
 		}
 
-		ctx := context.Background()
-		svc, err := newRegistryService()
-		if err != nil {
-			return types.PluginInstallOptions{}, err
-		}
-		trusted, err := image.TrustedReference(ctx, dockerCli, nt, svc)
+		trusted, err := image.TrustedReference(context.Background(), dockerCli, nt)
 		if err != nil {
 			return types.PluginInstallOptions{}, err
 		}
diff --git a/cli/command/plugin/push.go b/cli/command/plugin/push.go
index 7df5a89de677..8b9dc09ca446 100644
--- a/cli/command/plugin/push.go
+++ b/cli/command/plugin/push.go
@@ -68,7 +68,6 @@ func runPush(dockerCli command.Cli, opts pushOptions) error {
 	defer responseBody.Close()
 
 	if !opts.untrusted {
-		repoInfo.Class = "plugin"
 		return image.PushTrustedReference(dockerCli, repoInfo, named, authConfig, responseBody)
 	}
 
diff --git a/cli/command/trust/common.go b/cli/command/trust/common.go
index d2ad89ac2f2e..a62852297bc2 100644
--- a/cli/command/trust/common.go
+++ b/cli/command/trust/common.go
@@ -53,7 +53,7 @@ type trustKey struct {
 // This information is to be pretty printed or serialized into a machine-readable format.
 func lookupTrustInfo(cli command.Cli, remote string) ([]trustTagRow, []client.RoleWithSignatures, []data.Role, error) {
 	ctx := context.Background()
-	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, image.AuthResolver(cli), remote)
+	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, image.AuthResolver(cli), remote)
 	if err != nil {
 		return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, err
 	}
diff --git a/cli/command/trust/revoke.go b/cli/command/trust/revoke.go
index 31437b03f1c8..df2a22aa4dbd 100644
--- a/cli/command/trust/revoke.go
+++ b/cli/command/trust/revoke.go
@@ -36,7 +36,7 @@ func newRevokeCommand(dockerCli command.Cli) *cobra.Command {
 
 func revokeTrust(cli command.Cli, remote string, options revokeOptions) error {
 	ctx := context.Background()
-	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, image.AuthResolver(cli), remote)
+	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, image.AuthResolver(cli), remote)
 	if err != nil {
 		return err
 	}
diff --git a/cli/command/trust/sign.go b/cli/command/trust/sign.go
index a34b5fc755e4..e5d7f6b7cda4 100644
--- a/cli/command/trust/sign.go
+++ b/cli/command/trust/sign.go
@@ -43,7 +43,7 @@ func newSignCommand(dockerCli command.Cli) *cobra.Command {
 func runSignImage(cli command.Cli, options signOptions) error {
 	imageName := options.imageName
 	ctx := context.Background()
-	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, image.AuthResolver(cli), imageName)
+	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, image.AuthResolver(cli), imageName)
 	if err != nil {
 		return err
 	}
diff --git a/cli/command/trust/signer_add.go b/cli/command/trust/signer_add.go
index 53c5c67cd433..ec4b61a4a234 100644
--- a/cli/command/trust/signer_add.go
+++ b/cli/command/trust/signer_add.go
@@ -81,7 +81,7 @@ func addSigner(cli command.Cli, options signerAddOptions) error {
 
 func addSignerToRepo(cli command.Cli, signerName string, repoName string, signerPubKeys []data.PublicKey) error {
 	ctx := context.Background()
-	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, image.AuthResolver(cli), repoName)
+	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, image.AuthResolver(cli), repoName)
 	if err != nil {
 		return err
 	}
diff --git a/cli/command/trust/signer_remove.go b/cli/command/trust/signer_remove.go
index f92750c35357..300a8c23c386 100644
--- a/cli/command/trust/signer_remove.go
+++ b/cli/command/trust/signer_remove.go
@@ -80,7 +80,7 @@ func isLastSignerForReleases(roleWithSig data.Role, allRoles []client.RoleWithSi
 // The signer not being removed doesn't necessarily raise an error e.g. user choosing "No" when prompted for confirmation.
 func removeSingleSigner(cli command.Cli, repoName, signerName string, forceYes bool) (bool, error) {
 	ctx := context.Background()
-	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, nil, image.AuthResolver(cli), repoName)
+	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, image.AuthResolver(cli), repoName)
 	if err != nil {
 		return false, err
 	}
diff --git a/cli/trust/trust.go b/cli/trust/trust.go
index 457f799fda3f..654cddea892e 100644
--- a/cli/trust/trust.go
+++ b/cli/trust/trust.go
@@ -160,7 +160,7 @@ func GetNotaryRepository(in io.Reader, out io.Writer, userAgent string, repoInfo
 	scope := auth.RepositoryScope{
 		Repository: repoInfo.Name.Name(),
 		Actions:    actions,
-		Class:      repoInfo.Class,
+		Class:      repoInfo.Class, // TODO(thaJeztah): Class is no longer needed for plugins and can likely be removed; see https://github.com/docker/cli/pull/4114#discussion_r1145430825
 	}
 	creds := simpleCredentialStore{auth: *authConfig}
 	tokenHandlerOptions := auth.TokenHandlerOptions{
@@ -301,7 +301,7 @@ type ImageRefAndAuth struct {
 
 // GetImageReferencesAndAuth retrieves the necessary reference and auth information for an image name
 // as an ImageRefAndAuth struct
-func GetImageReferencesAndAuth(ctx context.Context, rs registry.Service,
+func GetImageReferencesAndAuth(ctx context.Context,
 	authResolver func(ctx context.Context, index *registrytypes.IndexInfo) types.AuthConfig,
 	imgName string,
 ) (ImageRefAndAuth, error) {
@@ -311,13 +311,7 @@ func GetImageReferencesAndAuth(ctx context.Context, rs registry.Service,
 	}
 
 	// Resolve the Repository name from fqn to RepositoryInfo
-	var repoInfo *registry.RepositoryInfo
-	if rs != nil {
-		repoInfo, err = rs.ResolveRepository(ref)
-	} else {
-		repoInfo, err = registry.ParseRepositoryInfo(ref)
-	}
-
+	repoInfo, err := registry.ParseRepositoryInfo(ref)
 	if err != nil {
 		return ImageRefAndAuth{}, err
 	}