alexvanin/distribution
1
0
Fork 0
forked from TrueCloudLab/distribution
Code Pull requests Activity

registry: refactor registry.IsSecure calls into registry.NewEndpoint

Browse source 
Signed-off-by: Tibor Vass <teabee89@gmail.com>

Conflicts:
	registry/endpoint.go
	registry/endpoint_test.go
	registry/registry_test.go
This commit is contained in:
Tibor Vass 2014-11-11 17:37:44 -05:00
parent 96272e1c9a
commit 44d97c1fd0
4 changed files with 82 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
docs/endpoint.go
View file

@ -33,21 +33,15 @@ func scanForApiVersion(hostname string) (string, APIVersion) {
return hostname, DefaultAPIVersion return hostname, DefaultAPIVersion
} }
func NewEndpoint(hostname string, secure bool) (*Endpoint, error) { func NewEndpoint(hostname string, insecureRegistries []string) (*Endpoint, error) {
var ( endpoint, err := newEndpoint(hostname)
endpoint = Endpoint{secure: secure}
trimmedHostname string
err error
)
if !strings.HasPrefix(hostname, "http") {
hostname = "https://" + hostname
}
trimmedHostname, endpoint.Version = scanForApiVersion(hostname)
endpoint.URL, err = url.Parse(trimmedHostname)
if err != nil { if err != nil {
return nil, err return nil, err
} }
secure := isSecure(endpoint.URL.Host, insecureRegistries)
endpoint.secure = secure
// Try HTTPS ping to registry // Try HTTPS ping to registry
endpoint.URL.Scheme = "https" endpoint.URL.Scheme = "https"
if _, err := endpoint.Ping(); err != nil { if _, err := endpoint.Ping(); err != nil {
@ -65,12 +59,28 @@ func NewEndpoint(hostname string, secure bool) (*Endpoint, error) {
endpoint.URL.Scheme = "http" endpoint.URL.Scheme = "http"
_, err2 := endpoint.Ping() _, err2 := endpoint.Ping()
if err2 == nil { if err2 == nil {
return &endpoint, nil return endpoint, nil
} }
return nil, fmt.Errorf("Invalid registry endpoint %q. HTTPS attempt: %v. HTTP attempt: %v", endpoint, err, err2) return nil, fmt.Errorf("Invalid registry endpoint %q. HTTPS attempt: %v. HTTP attempt: %v", endpoint, err, err2)
} }
return endpoint, nil
}
func newEndpoint(hostname string) (*Endpoint, error) {
var (
endpoint = Endpoint{secure: true}
trimmedHostname string
err error
)
if !strings.HasPrefix(hostname, "http") {
hostname = "https://" + hostname
}
trimmedHostname, endpoint.Version = scanForApiVersion(hostname)
endpoint.URL, err = url.Parse(trimmedHostname)
if err != nil {
return nil, err
}
return &endpoint, nil return &endpoint, nil
} }
@ -141,9 +151,9 @@ func (e Endpoint) Ping() (RegistryInfo, error) {
return info, nil return info, nil
} }
// IsSecure returns false if the provided hostname is part of the list of insecure registries. // isSecure returns false if the provided hostname is part of the list of insecure registries.
// Insecure registries accept HTTP and/or accept HTTPS with certificates from unknown CAs. // Insecure registries accept HTTP and/or accept HTTPS with certificates from unknown CAs.
func IsSecure(hostname string, insecureRegistries []string) bool { func isSecure(hostname string, insecureRegistries []string) bool {
if hostname == IndexServerAddress() { if hostname == IndexServerAddress() {
return true return true
} }

27
docs/endpoint_test.go Normal file
View file

@ -0,0 +1,27 @@
package registry
import "testing"
func TestEndpointParse(t *testing.T) {
testData := []struct {
str string
expected string
}{
{IndexServerAddress(), IndexServerAddress()},
{"http://0.0.0.0:5000", "http://0.0.0.0:5000/v1/"},
{"0.0.0.0:5000", "https://0.0.0.0:5000/v1/"},
}
for _, td := range testData {
e, err := newEndpoint(td.str)
if err != nil {
t.Errorf("%q: %s", td.str, err)
}
if e == nil {
t.Logf("something's fishy, endpoint for %q is nil", td.str)
continue
}
if e.String() != td.expected {
t.Errorf("expected %q, got %q", td.expected, e.String())
}
}
}

29
docs/registry_test.go
View file

@ -316,3 +316,32 @@ func TestAddRequiredHeadersToRedirectedRequests(t *testing.T) {
} }
} }
} }
func TestIsSecure(t *testing.T) {
tests := []struct {
addr string
insecureRegistries []string
expected bool
}{
{"example.com", []string{}, true},
{"example.com", []string{"example.com"}, false},
{"localhost", []string{"localhost:5000"}, false},
{"localhost:5000", []string{"localhost:5000"}, false},
{"localhost", []string{"example.com"}, false},
{"127.0.0.1:5000", []string{"127.0.0.1:5000"}, false},
{"localhost", []string{}, false},
{"localhost:5000", []string{}, false},
{"127.0.0.1", []string{}, false},
{"localhost", []string{"example.com"}, false},
{"127.0.0.1", []string{"example.com"}, false},
{"example.com", []string{}, true},
{"example.com", []string{"example.com"}, false},
{"127.0.0.1", []string{"example.com"}, false},
{"127.0.0.1:5000", []string{"example.com"}, false},
}
for _, tt := range tests {
if sec := isSecure(tt.addr, tt.insecureRegistries); sec != tt.expected {
t.Errorf("isSecure failed for %q %v, expected %v got %v", tt.addr, tt.insecureRegistries, tt.expected, sec)
}
}
}

6
docs/service.go
View file

@ -40,7 +40,7 @@ func (s *Service) Auth(job *engine.Job) engine.Status {
job.GetenvJson("authConfig", authConfig) job.GetenvJson("authConfig", authConfig)
if addr := authConfig.ServerAddress; addr != "" && addr != IndexServerAddress() { if addr := authConfig.ServerAddress; addr != "" && addr != IndexServerAddress() {
endpoint, err := NewEndpoint(addr, IsSecure(addr, s.insecureRegistries)) endpoint, err := NewEndpoint(addr, s.insecureRegistries)
if err != nil { if err != nil {
return job.Error(err) return job.Error(err)
} }
@ -92,9 +92,7 @@ func (s *Service) Search(job *engine.Job) engine.Status {
return job.Error(err) return job.Error(err)
} }
secure := IsSecure(hostname, s.insecureRegistries) endpoint, err := NewEndpoint(hostname, s.insecureRegistries)
endpoint, err := NewEndpoint(hostname, secure)
if err != nil { if err != nil {
return job.Error(err) return job.Error(err)
} }