No-op during Read if credentials are invalid (#194)

The `Image` resource already ignores errors during read but the `Index` resource was requiring the inspect call to always succeed. This will often fail due to https://github.com/pulumi/pulumi/issues/4981 (note however in this case credentials are stored with the resource instead of the provider). This changes our logic to instead emit a warning if the credentials are invalid. Fixes https://github.com/pulumi/pulumi-docker-build/issues/121.
2024-08-13 12:54:14 -07:00
parent 0ba90b8cde
commit 81a7aa4ec4
15 changed files with 435 additions and 390 deletions
--- a/provider/internal/index.go
+++ b/provider/internal/index.go
@@ -16,6 +16,7 @@ package internal

 import (
 	"context"
+	"errors"
 	"fmt"
 	"reflect"
 	"strings"
@@ -23,6 +24,8 @@ import (
 	// For examples/docs.
 	_ "embed"

+	"github.com/regclient/regclient/types/errs"
+
 	provider "github.com/pulumi/pulumi-go-provider"
 	"github.com/pulumi/pulumi-go-provider/infer"
 	"github.com/pulumi/pulumi/sdk/v3/go/common/resource"
@@ -194,12 +197,12 @@ func (i *Index) Read(
 	provider.GetLogger(ctx).Debug("reading index with tag " + input.Tag)

 	digest, err := cli.ManifestInspect(ctx, input.Tag)
-	if err != nil && strings.Contains(err.Error(), "No such manifest:") && input.isPushed() {
+	if errors.Is(err, errs.ErrNotFound) {
 		// A remote tag was expected but isn't there -- delete the resource.
-		return "", input, state, err
+		return "", input, state, nil
 	}
-	if err != nil && strings.Contains(err.Error(), "No such manifest:") && !input.isPushed() {
-		// Nothing was pushed, so just use the tag without digest..
+	if errors.Is(err, errs.ErrHTTPUnauthorized) {
+		provider.GetLogger(ctx).Warning("invalid credentials, skipping")
 		return name, input, state, nil
 	}
 	if err != nil {