URL parse auth endpoints to normalize hostname to lowercase.
It is possible for a middlebox to lowercase the URL at somepoint causing a lookup in the auth challenges table to fail. Lowercase hostname before using as keys to challenge map. Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
This commit is contained in:
Richard Scothern
parent
bb4d128523
commit
e09891e2cf
5 changed files with 61 additions and 17 deletions
|
|
@ -22,13 +22,13 @@ import (
|
|||
type proxyingRegistry struct {
|
||||
embedded distribution.Namespace // provides local registry functionality
|
||||
scheduler *scheduler.TTLExpirationScheduler
|
||||
remoteURL string
|
||||
remoteURL url.URL
|
||||
authChallenger authChallenger
|
||||
}
|
||||
|
||||
// NewRegistryPullThroughCache creates a registry acting as a pull through cache
|
||||
func NewRegistryPullThroughCache(ctx context.Context, registry distribution.Namespace, driver driver.StorageDriver, config configuration.Proxy) (distribution.Namespace, error) {
|
||||
_, err := url.Parse(config.RemoteURL)
|
||||
remoteURL, err := url.Parse(config.RemoteURL)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -99,9 +99,9 @@ func NewRegistryPullThroughCache(ctx context.Context, registry distribution.Name
|
|||
return &proxyingRegistry{
|
||||
embedded: registry,
|
||||
scheduler: s,
|
||||
remoteURL: config.RemoteURL,
|
||||
remoteURL: *remoteURL,
|
||||
authChallenger: &remoteAuthChallenger{
|
||||
remoteURL: config.RemoteURL,
|
||||
remoteURL: *remoteURL,
|
||||
cm: auth.NewSimpleChallengeManager(),
|
||||
cs: cs,
|
||||
},
|
||||
|
|
@ -131,7 +131,7 @@ func (pr *proxyingRegistry) Repository(ctx context.Context, name reference.Named
|
|||
return nil, err
|
||||
}
|
||||
|
||||
remoteRepo, err := client.NewRepository(ctx, name, pr.remoteURL, tr)
|
||||
remoteRepo, err := client.NewRepository(ctx, name, pr.remoteURL.String(), tr)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -174,7 +174,7 @@ type authChallenger interface {
|
|||
}
|
||||
|
||||
type remoteAuthChallenger struct {
|
||||
remoteURL string
|
||||
remoteURL url.URL
|
||||
sync.Mutex
|
||||
cm auth.ChallengeManager
|
||||
cs auth.CredentialStore
|
||||
|
|
@ -193,8 +193,9 @@ func (r *remoteAuthChallenger) tryEstablishChallenges(ctx context.Context) error
|
|||
r.Lock()
|
||||
defer r.Unlock()
|
||||
|
||||
remoteURL := r.remoteURL + "/v2/"
|
||||
challenges, err := r.cm.GetChallenges(remoteURL)
|
||||
remoteURL := r.remoteURL
|
||||
remoteURL.Path = "/v2/"
|
||||
challenges, err := r.cm.GetChallenges(r.remoteURL)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -204,7 +205,7 @@ func (r *remoteAuthChallenger) tryEstablishChallenges(ctx context.Context) error
|
|||
}
|
||||
|
||||
// establish challenge type with upstream
|
||||
if err := ping(r.cm, remoteURL, challengeHeader); err != nil {
|
||||
if err := ping(r.cm, remoteURL.String(), challengeHeader); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue