registry: parse INDEXSERVERADDRESS into a URL for easier check in isSecure

Signed-off-by: Tibor Vass <teabee89@gmail.com>
This commit is contained in:
Tibor Vass 2014-11-13 06:56:36 -08:00
parent 8b0e8b6621
commit 8065dad50b
4 changed files with 18 additions and 9 deletions

View file

@ -7,6 +7,7 @@ import (
"fmt"
"io/ioutil"
"net/http"
"net/url"
"os"
"path"
"strings"
@ -27,8 +28,17 @@ const (
var (
ErrConfigFileMissing = errors.New("The Auth config file is missing")
IndexServerURL *url.URL
)
func init() {
url, err := url.Parse(INDEXSERVER)
if err != nil {
panic(err)
}
IndexServerURL = url
}
type AuthConfig struct {
Username string `json:"username,omitempty"`
Password string `json:"password,omitempty"`

View file

@ -34,21 +34,18 @@ func scanForApiVersion(hostname string) (string, APIVersion) {
}
func NewEndpoint(hostname string, insecureRegistries []string) (*Endpoint, error) {
endpoint, err := newEndpoint(hostname)
endpoint, err := newEndpoint(hostname, insecureRegistries)
if err != nil {
return nil, err
}
secure := isSecure(endpoint.URL.Host, insecureRegistries)
endpoint.secure = secure
// Try HTTPS ping to registry
endpoint.URL.Scheme = "https"
if _, err := endpoint.Ping(); err != nil {
//TODO: triggering highland build can be done there without "failing"
if secure {
if endpoint.secure {
// If registry is secure and HTTPS failed, show user the error and tell them about `--insecure-registry`
// in case that's what they need. DO NOT accept unknown CA certificates, and DO NOT fallback to HTTP.
return nil, fmt.Errorf("Invalid registry endpoint %s: %v. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry %s` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/%s/ca.crt", endpoint, err, endpoint.URL.Host, endpoint.URL.Host)
@ -67,9 +64,9 @@ func NewEndpoint(hostname string, insecureRegistries []string) (*Endpoint, error
return endpoint, nil
}
func newEndpoint(hostname string) (*Endpoint, error) {
func newEndpoint(hostname string, insecureRegistries []string) (*Endpoint, error) {
var (
endpoint = Endpoint{secure: true}
endpoint = Endpoint{}
trimmedHostname string
err error
)
@ -81,6 +78,7 @@ func newEndpoint(hostname string) (*Endpoint, error) {
if err != nil {
return nil, err
}
endpoint.secure = isSecure(endpoint.URL.Host, insecureRegistries)
return &endpoint, nil
}
@ -154,7 +152,7 @@ func (e Endpoint) Ping() (RegistryInfo, error) {
// isSecure returns false if the provided hostname is part of the list of insecure registries.
// Insecure registries accept HTTP and/or accept HTTPS with certificates from unknown CAs.
func isSecure(hostname string, insecureRegistries []string) bool {
if hostname == IndexServerAddress() {
if hostname == IndexServerURL.Host {
return true
}

View file

@ -12,7 +12,7 @@ func TestEndpointParse(t *testing.T) {
{"0.0.0.0:5000", "https://0.0.0.0:5000/v1/"},
}
for _, td := range testData {
e, err := newEndpoint(td.str)
e, err := newEndpoint(td.str, insecureRegistries)
if err != nil {
t.Errorf("%q: %s", td.str, err)
}

View file

@ -323,6 +323,7 @@ func TestIsSecure(t *testing.T) {
insecureRegistries []string
expected bool
}{
{IndexServerURL.Host, nil, true},
{"example.com", []string{}, true},
{"example.com", []string{"example.com"}, false},
{"localhost", []string{"localhost:5000"}, false},