Merge pull request #2035 from runcom/fix-foreign-urls-check

registry/handles/app: always append default urls regexps
This commit is contained in:
Derek McGowan 2016-12-06 10:21:14 -08:00 committed by GitHub
commit 67095fbce3
3 changed files with 16 additions and 9 deletions

View file

@ -188,8 +188,11 @@ type Configuration struct {
// Validation configures validation options for the registry.
Validation struct {
// Enabled enables the other options in this section.
// Enabled enables the other options in this section. This field is
// deprecated in favor of Disabled.
Enabled bool `yaml:"enabled,omitempty"`
// Disabled disables the other options in this section.
Disabled bool `yaml:"disabled,omitempty"`
// Manifests configures manifest validation.
Manifests struct {
// URLs configures validation for URLs in pushed manifests.

View file

@ -251,7 +251,6 @@ information about each option that appears later in this page.
schema1:
signingkeyfile: /etc/registry/key.json
validation:
enabled: true
manifests:
urls:
allow:
@ -1871,7 +1870,6 @@ defines such a feature with configurable behavior.
## Validation
validation:
enabled: true
manifests:
urls:
allow:
@ -1879,16 +1877,18 @@ defines such a feature with configurable behavior.
deny:
- ^https?://www\.example\.com/
### Enabled
### disabled
Use the `enabled` flag to enable the other options in the `validation`
section. They are disabled by default.
Use the `disabled` flag to disable the other options in the `validation`
section. They are enabled by default.
This option deprecates the `enabled` flag.
### Manifests
### manifests
Use the `manifest` subsection to configure manifest validation.
Use the `manifests` subsection to configure manifests validation. If `disabled` is
`false` the validation allows nothing.
#### URLs
#### urls
The `allow` and `deny` options are both lists of
[regular expressions](https://godoc.org/regexp/syntax) that restrict the URLs in

View file

@ -213,6 +213,10 @@ func NewApp(ctx context.Context, config *configuration.Configuration) *App {
options = append(options, storage.EnableRedirect)
}
if !config.Validation.Enabled {
config.Validation.Enabled = !config.Validation.Disabled
}
// configure validation
if config.Validation.Enabled {
if len(config.Validation.Manifests.URLs.Allow) == 0 && len(config.Validation.Manifests.URLs.Deny) == 0 {