Merge pull request #90 from duanhongyi/master

fix(controller): check_image_access only when using docker
teamhephy · Jan 23, 2019 · 51b8fe1 · 51b8fe1
2 parents c86f61f + b3a741d
commit 51b8fe1
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/rootfs/api/models/app.py b/rootfs/api/models/app.py
@@ -520,14 +520,15 @@ def deploy(self, release, force_deploy=False, rollback_on_failure=True):  # noqa
         image = settings.SLUGRUNNER_IMAGE if release.build.type == 'buildpack' else release.image
 
         try:
-            # check access to the image, so users can't exploit the k8s image cache
-            # to gain access to other users' images
-            release.check_image_access()
             # create the application config in k8s (secret in this case) for all deploy objects
             self.set_application_config(release)
             # only buildpack apps need access to object storage
+            # only docker apps need check access to the image, so users can't exploit the k8s
+            # image cache to gain access to other users' images
             if release.build.type == 'buildpack':
                 self.create_object_store_secret()
+            else:
+                release.check_image_access()
 
             # gather all proc types to be deployed
             tasks = [